caroline123

Hi Ried,
This is the house computer as opposed to the other/laptop.. Now this has problems..
Here's the Kasperky scan info: and then the deckers/hijackthis info:
thanks!
KASPERSKY ONLINE SCANNER REPORT
Monday, April 09, 2007 3:03:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/04/2007
Kaspersky Anti-Virus database records: 276731


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 39120
Number of viruses found 2
Number of infected objects 6 / 0
Number of suspicious objects 0
Duration of the scan process 01:15:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09200001.VBN Infected: Exploit.HTML.IESlice.d skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AE40000.VBN Infected: IRC-Worm.Win32.Testworm skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CBC0000.VBN Infected: Exploit.HTML.IESlice.d skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D2C0000.VBN Infected: Exploit.HTML.IESlice.d skipped

C:\Documents and Settings\Employee\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Employee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Employee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Employee\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Employee\Local Settings\Temp\Perflib_Perfdata_388.dat Object is locked skipped

C:\Documents and Settings\Employee\Local Settings\Temporary Internet Files\Content.IE5\4567KTYJ\mirclean[1].exe/test.exe Infected: IRC-Worm.Win32.Testworm skipped

C:\Documents and Settings\Employee\Local Settings\Temporary Internet Files\Content.IE5\4567KTYJ\mirclean[1].exe ClickTeam: infected - 1 skipped

C:\Documents and Settings\Employee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Employee\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Employee\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{0920ECEC-A164-4AC3-8C97-9CACE960F731}\RP392\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{5992A394-BEDE-4FBA-A02E-A48C03CBAF08}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Deckard's System Scanner v20070328.36
Run by Employee on 2007-04-08 at 20:25:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-04-09 03:26:06 UTC - RP392 - Deckard's System Scanner Restore Point
92: 2007-04-09 01:15:18 UTC - RP391 - System Checkpoint
91: 2007-04-08 00:38:05 UTC - RP390 - System Checkpoint
90: 2007-04-06 22:17:24 UTC - RP389 - System Checkpoint
89: 2007-04-04 10:02:21 UTC - RP388 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-01-09 11:05:19 UTC - RP300 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-08 20:32:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Employee\Local Settings\Temporary Internet Files\Content.IE5\2FIVNOPV\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RAM Idle Professional] "C:\Program Files\TweakNow PowerPack\RAM_XP.exe"
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://adobe.com (HKCU)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} () - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
O23 - Service: Diskeeper - Executive Software International, Inc. - "C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe"
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: SavRoam - symantec - "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
O23 - Service: Symantec AntiVirus - Symantec Corporation - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys
R1 cdudf_xp - c:\windows\system32\drivers\cdudf_xp.sys
R1 pwd_2k - c:\windows\system32\drivers\pwd_2k.sys
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys
R1 UdfReadr_xp - c:\windows\system32\drivers\udfreadr_xp.sys
R3 EL90X (3Com EtherLink XL 90X Adapter Driver) - c:\windows\system32\drivers\el90xnd5.sys
R3 mmc_2K - c:\windows\system32\drivers\mmc_2k.sys
R3 SiS315 - c:\windows\system32\drivers\sisgrp.sys

S3 dvd_2K - c:\windows\system32\drivers\dvd_2k.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\executive software\diskeeperworkstation\dkservice.exe"
R2 Symantec AntiVirus - "c:\program files\symantec antivirus\rtvscan.exe"
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe"

S3 SavRoam - "c:\program files\symantec antivirus\savroam.exe"


-- Files created between 2007-03-08 and 2007-04-08 -----------------------------

2007-04-08 20:19:47 0 d-------- C:\mIRC
2007-03-24 22:14:31 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-23 15:53:57 0 d-------- C:\quarantine<QUARAN~1>
2007-03-21 13:39:45 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-21 10:37:34 0 d-------- C:\Wormguard<WORMGU~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-04 03:10:48 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1>
2007-03-31 19:08:30 0 d-------- C:\Documents and Settings\Employee\Application Data\AdobeUM
2007-03-31 19:08:26 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-25 15:35:02 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-25 15:34:54 0 d-------- C:\Program Files\Microsoft AntiSpyware<MICROS~4>
2007-03-25 15:34:48 0 d-------- C:\Program Files\TweakNow PowerPack<TWEAKN~1>
2007-03-25 15:34:47 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-16 03:15:47 0 d-------- C:\Program Files\Google
2007-03-08 08:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 12:41:18 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-03-05 12:41:12 0 d-------- C:\Program Files\Common Files\Viewpoint<VIEWPO~1>
2007-02-23 16:38:42 0 d-------- C:\Documents and Settings\Employee\Application Data\Lavasoft
2007-02-23 16:38:29 0 d-------- C:\Program Files\Lavasoft
2007-02-23 16:32:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-23 16:24:27 0 d-------- C:\Program Files\Citrix


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WMPNSCFG"="\"C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe\""
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"RAM Idle Professional"="\"C:\\Program Files\\TweakNow PowerPack\\RAM_XP.exe\""
"SiSPower"="\"Rundll32.exe\" SiSPower.dll,ModeAgent"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{E12C5BEF-57C9-11D3-81C5-84C708FD407A}"="DiamondCS WormGuard Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-08 at 20:33:42 ---------

Thank you