Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page update.exe
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 02-16-2007, 08:32 PM   #1 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
Hi again...
This is the result after the comboscan:



ComboScan v20070212.14 run by max on 2007-02-17 at 12:22:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as max.com) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:23:03, on 17/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\max\Desktop\comboscan.exe
C:\DOCUME~1\max\LOCALS~1\Temp\~ejtnops.tmp\max.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001377 (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - unable to read key
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 3xHybrid (3xHybrid service) - system32\DRIVERS\3xHybrid.sys
0 ACPIEC (Microsoft Embedded Controller Driver) - System32\DRIVERS\ACPIEC.sys
3 AgereSoftModem (Agere Systems Soft Modem) - System32\DRIVERS\AGRSM.sys
3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS
3 ApfiltrService (Alps Pointing-device Filter Driver) - System32\DRIVERS\Apfiltr.sys
3 Arp1394 (1394 ARP Client Protocol) - System32\DRIVERS\arp1394.sys
3 BlueletAudio (Bluetooth Audio Service) - system32\DRIVERS\blueletaudio.sys
3 BT (Bluetooth PAN Network Adapter) - system32\DRIVERS\btnetdrv.sys
3 Btcsrusb (Bluetooth USB For Bluetooth Service) - System32\Drivers\btcusb.sys
3 BTDriver (Bluetooth Virtual Communications Driver) - system32\DRIVERS\btport.sys
3 BTHidEnum (Bluetooth HID Enumerator) - system32\DRIVERS\vbtenum.sys
0 BTHidMgr (Bluetooth HID Manager Service) - System32\Drivers\BTHidMgr.sys
3 BTNetFilter (Bluetooth Network Filter) - \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
3 BTWDNDIS (Bluetooth LAN Access Server) - system32\DRIVERS\btwdndis.sys
3 BTWUSB (WIDCOMM USB Bluetooth Driver) - System32\Drivers\btwusb.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
4 cdawdm - system32\DRIVERS\CDAWDM.sys
3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - System32\Drivers\DKbFltr.sys
0 fcdabus - system32\DRIVERS\fcdabus.sys
3 fsRamDsk (RamDisk Drive Service) - system32\DRIVERS\fsRamDsk.sys
0 FVXSCSI - system32\DRIVERS\fvxscsi.sys
3 gv3 (Intel GV3 Processor Driver) - System32\DRIVERS\gv3.sys
3 HidUsb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
3 ialm - System32\DRIVERS\ialmnt5.sys
1 intelppm (Intel Processor Driver) - System32\DRIVERS\intelppm.sys
2 irda (IrDA Protocol) - System32\DRIVERS\irda.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 MPE (BDA MPE Filter) - system32\DRIVERS\MPE.sys
3 MSIRCOMM (Microsoft IR Communications Driver) - system32\DRIVERS\MSIRCOMM.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\NavEx15.Sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - System32\DRIVERS\nic1394.sys
3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys
3 NPF (WinPcap Packet Driver (NPF)) - system32\drivers\NPF.sys
3 NTIDrvr (Upper Class Filter Driver) - System32\DRIVERS\NTIDrvr.sys
2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - system32\DRIVERS\nwlnkipx.sys
2 NwlnkNb (NWLink NetBIOS) - system32\DRIVERS\nwlnknb.sys
2 NwlnkSpx (NWLink SPX/SPXII Protocol) - system32\DRIVERS\nwlnkspx.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
0 PCIIde - System32\DRIVERS\pciide.sys
0 Pcmcia - System32\DRIVERS\pcmcia.sys
3 pfc (Padus ASPI Shell) - system32\drivers\pfc.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 Rasirda (WAN Miniport (IrDA)) - System32\DRIVERS\rasirda.sys
3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys
3 rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - System32\DRIVERS\R8139n51.SYS
3 SAVRT - \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS
1 SAVRTPEL - \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS
0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - System32\drivers\sfdrv01.sys
0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - System32\drivers\sfhlp02.sys
3 Sfloppy (High-Capacity Floppy Disk Drive) - system32\DRIVERS\sfloppy.sys
0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - System32\drivers\sfsync02.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
3 SMCIRDA (SMC IrCC Miniport Device Driver) - System32\DRIVERS\smcirda.sys
3 SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - system32\DRIVERS\SONYPVU1.SYS
1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0 sptd - System32\Drivers\sptd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070214.003\symidsco.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
1 Tcpip6 (Microsoft IPv6 Protocol Driver) - system32\DRIVERS\tcpip6.sys
3 tunmp (Microsoft Tun Miniport Adapter Driver) - system32\DRIVERS\tunmp.sys
3 usb2vcom (USB to Serial Bridge Controller) - System32\Drivers\usb2vcom.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 VComm (Virtual Serial port driver) - system32\DRIVERS\VComm.sys
3 VcommMgr (Bluetooth VComm Manager Service) - System32\Drivers\VcommMgr.sys
3 w70n51 (Intel(R) PRO/Wireless 7100 Adapter Driver) - System32\DRIVERS\w70n51.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys
3 {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - system32\drivers\ialmsbw.sys
3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - system32\drivers\ialmkchw.sys
3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011) - system32\drivers\wA301a.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 6to4 (IPv6 Helper Service) - %SystemRoot%\system32\svchost.exe -k netsvcs
3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3 ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2 COM+ Messages - "C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001377
2 Fax - %systemroot%\system32\fxssvc.exe
2 Irmon (Infrared Monitor) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
2 navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"
2 NPFMntor (Norton AntiVirus Firewall Monitor Service) - "C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3 SAVScan - "C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe"
2 SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
2 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2 Symantec Core LC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2 UxTuneUp (TuneUp Design Expansion) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - C:\Program Files\Windows Media Player\WMPNetwk.exe
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-17 00:00:02 304 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job<SYMANT~2.JOB>
2007-02-16 20:00:36 544 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - max.job<NORTON~2.JOB>
2007-02-16 18:31:48 386 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB>
2007-02-12 12:00:04 288 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job<NORTON~1.JOB>


-- Files created between 2007-01-17 and 2007-02-17 ------------------------------

2007-02-17 12:22:55 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-17 09:31:31 0 d-------- C:\Program Files\Common Files\{262916F0-0512-1033-0804-03121620002c}<{26291~1>
2007-02-16 08:23:04 0 d-------- C:\Program Files\BillP Studios<BILLPS~1>
2007-02-14 13:32:05 0 d-------- C:\Documents and Settings\Administrator.MADMAX\Application Data\TuneUp Software<TUNEUP~1>
2007-02-14 11:53:45 0 d-------- C:\Documents and Settings\Administrator.MADMAX\Application Data\InterTrust<INTERT~1>
2007-02-14 11:53:44 774144 --a------ C:\Documents and Settings\Administrator.MADMAX\ntuser.dat
2007-02-14 11:03:49 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-08 14:18:27 135168 --a------ C:\WINDOWS\system32\igfxres.dll<Signed: Intel Corporation>
2007-02-08 11:36:44 0 d-------- C:\Program Files\Alien Shooter<ALIENS~1>
2007-02-08 11:36:29 0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1>
2007-02-07 22:10:18 0 d-------- C:\Program Files\BitComet
2007-02-07 15:35:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-02-02 07:27:26 0 d-------- C:\Program Files\ChrisTV
2007-02-02 06:50:32 0 d--hs---- C:\FOUND.004
2007-01-31 07:20:16 0 d--h----- C:\DBBackup
2007-01-30 22:48:30 10 --a------ C:\WINDOWS\smdat32m.sys<Unsigned: n/a>
2007-01-30 22:48:30 0 --a------ C:\WINDOWS\smdat32a.sys<Unsigned: n/a>
2007-01-30 22:48:28 0 d-------- C:\Program Files\Altnet
2007-01-30 17:32:02 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll<Signed: TuneUp Software GmbH>
2007-01-30 17:31:49 0 d-------- C:\Program Files\TuneUp Utilities 2007<TUNEUP~1>
2007-01-30 11:57:18 155648 --a------ C:\WINDOWS\system32\ssleay32.dll<Unsigned: n/a>
2007-01-30 11:57:18 684032 --a------ C:\WINDOWS\system32\libeay32.dll<Unsigned: n/a>
2007-01-29 13:30:57 0 d-------- C:\Documents and Settings\SUPPORT_388945a0\Application Data\FarStone
2007-01-29 13:30:57 0 d-------- C:\Documents and Settings\HelpAssistant\Application Data\FarStone
2007-01-29 13:30:57 0 d-------- C:\Documents and Settings\Guest\Application Data\FarStone
2007-01-29 13:30:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\FarStone
2007-01-29 13:10:39 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a>
2007-01-29 00:51:39 0 d-------- C:\Documents and Settings\All Users\Application Data\farstone
2007-01-29 00:34:28 36864 -----n--- C:\WINDOWS\system32\unVHDDrvExe.exe<UNVHDD~1.EXE><Unsigned: n/a>
2007-01-29 00:34:28 36864 -----n--- C:\WINDOWS\system32\inVHDDrvExe.exe<INVHDD~1.EXE><Unsigned: n/a>
2007-01-28 16:01:36 0 d--hs---- C:\FOUND.003
2007-01-26 09:18:54 200704 --a------ C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-26 09:18:54 1044480 --a------ C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-26 09:13:45 196608 --a------ C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2007-01-26 09:13:45 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2007-01-26 09:13:45 73728 --a------ C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2007-01-26 09:13:44 57344 --a------ C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2007-01-26 09:13:44 344064 --a------ C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2007-01-26 09:13:44 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2007-01-26 09:13:44 294912 --a------ C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2007-01-26 09:13:44 294912 --a------ C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>
2007-01-26 09:13:42 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2007-01-26 09:13:40 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2007-01-26 09:13:40 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2007-01-26 09:13:40 738906 --a------ C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2007-01-25 20:47:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-01-19 15:46:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SnapStream<SNAPST~1>
2007-01-19 15:33:49 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-01-17 23:02:31 639872 --a------ C:\WINDOWS\system32\drivers\3xHybrid.sys<Unsigned: Philips Semiconductors GmbH>
2007-01-17 23:02:31 3072 --a------ C:\WINDOWS\system32\34CoInstaller.dll<34COIN~1.DLL><Unsigned: n/a>
2007-01-17 12:34:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-01-17 12:02:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!


-- Find3M Report ----------------------------------------------------------------

2007-02-07 22:10:36 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL><Unsigned: BitComet>
2007-01-26 09:19:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
2007-01-26 09:19:04 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2007-01-26 09:19:02 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
2007-01-26 09:19:02 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
2007-01-26 09:19:02 129784 -----n--- C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
2007-01-26 09:19:02 36624 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys<Unsigned: Sonic Solutions>
2007-01-15 16:25:52 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-01-12 12:20:28 0 d-------- C:\Documents and Settings\max\Application Data\WinPatrol<WINPAT~1>
2007-01-09 18:26:42 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-01-09 17:58:22 0 d-------- C:\Program Files\F?nts
2007-01-08 12:24:30 36864 --a------ C:\WINDOWS\system32\svchosts.exe<Unsigned: n/a>
2007-01-08 12:18:24 0 d-------- C:\Program Files\TvInternet<TVINTE~1>
2007-01-08 12:18:24 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-01-04 12:53:14 3047 --a------ C:\WINDOWS\mozver.dat
2007-01-04 11:23:24 0 d-------- C:\Documents and Settings\max\Application Data\DivX
2007-01-03 17:27:20 0 d-------- C:\Program Files\Google
2006-12-28 19:13:36 0 d-------- C:\Program Files\Xilisoft
2006-12-24 23:11:52 0 d-------- C:\Documents and Settings\max\Application Data\Nokia
2006-12-24 22:51:46 0 d-------- C:\Program Files\DIFX
2006-12-24 22:50:56 0 d-------- C:\Documents and Settings\max\Application Data\PC Suite<PCSUIT~1>
2006-12-24 22:50:42 0 d-------- C:\Program Files\Nokia
2006-12-21 15:13:36 0 d-------- C:\Documents and Settings\max\Application Data\VersionTracker Pro<VERSIO~1>
2006-12-19 12:42:18 0 d-------- C:\Program Files\thriXXX
2006-12-18 11:25:40 0 d-------- C:\Program Files\YAMAHA
2006-12-13 00:24:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>
2006-12-13 00:24:44 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"SoundMan"="SOUNDMAN.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"Apoint"="\"C:\\Program Files\\Apoint2K\\Apoint.exe\""
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\CPLBCL53.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-0000-7760-000000000002}\\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^max^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^max^Start Menu^Programs^Startup^Wallpaper Calendar.lnk]
"path"="C:\\Documents and Settings\\max\\Start Menu\\Programs\\Startup\\Wallpaper Calendar.lnk"
"backup"="C:\\WINDOWS\\pss\\Wallpaper Calendar.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\zepsoft\\WALLPA~1\\WallCal3.exe /delay 5"
"item"="Wallpaper Calendar"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26c5070-4274-11db-b207-0004236ff40e}]
Shell\Auto\command BrO_AcT.exe
Shell\AutoRun\command BrO_AcT.exe
Shell\Explore\command BrO_AcT.exe
Shell\OPEN\command BrO_AcT.exe


-- End of ComboScan: finished at 2007-02-17 at 12:23:47 -------------------------
Attached Files
File Type: txt Supplementary.txt (10.5 KB, 6 views)
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 02-17-2007, 09:06 PM   #2 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,640
OS: Windows XP Pro, Vista, Windows 7


Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

Please be patient with me during this time.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-18-2007, 09:52 AM   #3 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,640
OS: Windows XP Pro, Vista, Windows 7


Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

The cleaning process is not instant. Please follow through to the end until I tell you your machine is clear.
The absence of symptoms does not mean that everything is clean.

Please make every effort to reply to my posts in a timely manner. Malware spreads quickly, and the longer an infection remains on a system, increases the llikelihood of any additional infections coming into your computer.

---------------------------------------------------------------------------------------------

Open My Computer. Select the View menu and click Folder Options. Select the View Tab then select Show all files in the Hidden files section. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

DO NOT run SDFix yet. We will shortly

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp

*Note* On the install please uncheck the option "Add CCleaner Yahoo toolbar and use CCleaner from within IE"

1. Open the program and the "Cleaner" button should be active.
2. Click on "Run Cleaner"
3. Once thats done it will clean out the TEMP folder.
4. Now click on "Issues" and then "Scan for Issues"
5. Once it's done checkmark ALL it finds and click "Fix Selected Issues"
6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back.

Close the program.

---------------------------------------------------------------------------------------------

P2P Software

P2P - I see you have P2P software BitComet & BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------------------------------------------------------------

Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

K-Lite Mega Codec Pack 1.35 - Is a component of Kazaa, which is known for its adware
thriXXX 3DSexVilla-030.001 <<<These types of programs usually contain adware, so I suggest you uninstall the program


---------------------------------------------------------------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\FOUND.003
C:\FOUND.004
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\smdat32a.sys
C:\Program Files\Common Files\{262916F0-0512-1033-0804-03121620002c}
C:\Program Files\F?nts <<<The question mark can be any random character
C:\Program Files\Altnet
C:\Program Files\thriXXX


---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Paste the contents of the Report.txt back on the forum

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report here together with a new HiJack This log.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware Report
Report.txt Log
Panda results
New HijackThis Log
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-21-2007, 08:29 PM   #4 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi again.
these are the results of the scans....


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:11:49 22/02/2007

+ Scan result:



C:\Documents and Settings\max\Application Data\TuneUp Software\TuneUp Utilities\Backups\00000033.rcb/00000054.fil -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000018.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000015.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000015.exe/ffext.mod/{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000016.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000016.exe/search.dl~ -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000016.exe/whse.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Recycled\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000002.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP2\A0000162.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP3\A0000187.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP4\A0000257.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP5\A0000326.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000414.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000415.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000416.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000417.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000418.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP7\A0000419.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP8\A0001224.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP8\A0001225.dll -> Adware.Softomate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP1\A0000013.exe -> Adware.Whenu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\svchosts.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Documents and Settings\max\Application Data\TuneUp Software\TuneUp Utilities\Backups\00000033.rcb/00000073.fil -> Downloader.Small.buy : Cleaned with backup (quarantined).


::Report end






SDFix: Version 1.66

Run by max - 22/02/2007 @ 11:14:26.73

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001377

COM+ Messages Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\unsvchosts.lzma - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Documents and Settings\\MAX\\Desktop\\dota\\Frozen Throne.exe"="C:\\Documents and Settings\\MAX\\Desktop\\dota\\Frozen Throne.exe:*:Enabled:Frozen Throne"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\NTICDMK32.dll
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT5.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp

Add/Remove Programs List:

Adobe Acrobat 7.0 Professional
Adobe Photoshop CS2
Adobe Shockwave Player
Agere Systems AC'97 Modem
Alien Shooter
AVG Anti-Spyware 7.5
CCleaner (remove only)
DC++ 0.680
DivX Content Uploader
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Indeor Software
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Launch Manager
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
PCWH
Registry Mechanic 6.0
Satellite TV for PC Elite 4.8.8.0
Adobe Flash Player 9 ActiveX
Skype (BETA)
WARP13
Norton SystemWorks 2005 (Symantec Corporation)
Theme Creator Pro 3.1.260 SR-1
TravelMate 290
TVAnts 1.0
TVUPlayer 2.3.0.0
VideoLAN VLC media player 0.8.2
Wallpaper Calendar
Winamp (remove only)
Windows XP Service Pack 2
WinRAR archiver
Microsoft User-Mode Driver Framework Feature Pack 1.0
XviD 1.1 final uninstall
Yahoo! Toolbar
Yahoo! Messenger
Yahoo! Install Manager
YAMAHA ATS-MA5-SMAF
Google Toolbar for Internet Explorer
Adobe Photoshop CS2
Internet Worm Protection
Google Toolbar for Firefox
SymNet
WinPatrol
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
DFX for Windows Media Player
EasyGPRS
Norton CleanSweep
ChrisTV Professional 4.99
PowerDVD
MSXML 4.0 SP2 Parser and SDK
Norton SystemWorks 2005
Nokia Nseries Skin for Microsoft Windows Media Player
SPBBC
Adobe Stock Photos 1.0
DivX Codec
Intel(R) Extreme Graphics 2 Driver
DivX Player
Adobe Common File Installer
NSW_DRM_COLLECTION
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Noiseware Community Edition
Norton SystemWorks
ALPS Touch Pad Driver
Adobe Acrobat 7.0 Professional
DivX Converter
DivX Web Player
Adobe Bridge 1.0
Norton AntiVirus 2005
TuneUp Utilities 2007
Symantec Network Drivers Update
Microsoft .NET Framework 1.1
MSRedist
Nero 7 Demo
Symantec Script Blocking Installer
Google Toolbar for Internet Explorer
ccCommon
Norton AntiVirus Parent MSI
Beyond TV DVD Burning Foundation
Adobe Help Center 1.0
Huge Pine USB to UART Driver
QuickTime
Guitar Pro 4
Norton WMI Update
Realtek AC'97 Audio

Finished








Incident Status Location

Potentially unwanted tool:application/need2find Not disinfected hkey_local_machine\software\Need2Find
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
Dialer:dialer.min Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/whenusearch Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\SYSTEM32\ACTSKN45.OCX
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MAX\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MAX\Cookies\max@atdmt[2].txt
Potentially unwanted tool:Application/ErrorGuard Not disinfected C:\Program Files\DC++\Downloads\TAB\setuperrorguard.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\APPS\Process.exe
Adware:Adware/Gator Not disinfected D:\SOFTWARE\CODEC\DivXPro511Adware.exe[Gain_Trickler.exe]
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected D:\SOFTWARE\mIRC\sysreset_2.53.exe[addons\moo.dll]






Logfile of HijackThis v1.99.1
Scan saved at 12:24:54, on 22/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-22-2007, 07:36 PM   #5 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,640
OS: Windows XP Pro, Vista, Windows 7


Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-hkey_local_machine\software\Need2Find]

[-hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}]
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Delete the following Files indicated in RED if they still exist.

C:\WINDOWS\SYSTEM32\ACTSKN45.OCX
C:\Program Files\DC++\Downloads\TAB\setuperrorguard.exe
D:\SOFTWARE\CODEC\DivXPro511Adware.exe
D:\SOFTWARE\mIRC\sysreset_2.53.exe


---------------------------------------------------------------------------------------------

Can you tell me what else is in the folder in blue

C:\Program Files\DC++\Downloads\TAB

---------------------------------------------------------------------------------------------

Restart your computer in Normal Mode

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

Kaspersky Results

Whats are the contents inside the following folder: C:\Program Files\DC++\Downloads\TAB

How is your system behaving now?
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-23-2007, 10:51 PM   #6 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi

C:\Program Files\DC++\Downloads\TAB contains Guitar Pro files (.gtp) and QuickTime files (.gsm).... totalled up to 820 files so I dont think I can name them all here individualy ;p but basically comprise of those two types of files only... to help me improve my guitar skill ;p


I seem to have problem running that Kaspersky online scan. Here is what happened:

After trying to download the AxtiveX control, the window just show all the stuff about the Kapersky's benefits, requirements, privacy statement etc...
nothing else happen. No sign of downloading anything at all even when i leave it on for a long time. (I'm using a broadband internet connection).


But the thing is, my initial problem is no longer there. The file that keep poping up in my Recycle Bin is no longer there everytime I restart my pc. Seems like the problem is solved but I cant confirm it since I could not post the Kaspersky scann report her (as it cant even download the required components).


Please advise. Thanx
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-24-2007, 10:07 AM   #7 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,640
OS: Windows XP Pro, Vista, Windows 7


Lets try another online scanner for the meantime.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-24-2007, 09:06 PM   #8 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi...

When i tried to instal the antispyware by clicking "Scan & Clean your PC", it will install as4web.cab ActiveX controll in my pc without the option to save it (tmas-web-scan.exe) on my desktop first i.e it install itself automatically. I carried on anyway to see what happen next. I managed to scan etc but after reboot there was no log anywhere and i cant find the TrendMicro tool anywhere for the second scan.... since i couldnt save and instal from my desktop (accept for the auto instal for ActiveX).


By the way... the initial problem of the file that keep apearing in my Recycle Bin is no longer there after reboot.

Please advise. Thanx
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-24-2007, 09:58 PM   #9 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,640
OS: Windows XP Pro, Vista, Windows 7


Were there any threats found by the scanner, and if so, were they deleted?
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-25-2007, 02:05 PM   #10 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,640
OS: Windows XP Pro, Vista, Windows 7


Lets also try the Kaspersky online scan again. There sometimes is a problem viewing the system requirements page in IE7. If your having trouble viewing the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


=============================================================

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-26-2007, 12:59 AM   #11 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi...

Initialy I ran TrendMicro online scan and it detected some threats and managed to clean it. I dont have the report of the scan as it did not have such option like i mentioned before.

Here is the log of the Kaspersky scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 26, 2007 4:54:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/02/2007
Kaspersky Anti-Virus database records: 273383
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 84987
Number of viruses found: 27
Number of infected objects: 259 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:02:16

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-02-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\max\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\max\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\max\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\max\Local Settings\Temporary Internet Files\Content.IE5\XPE8LQLD\as4web[2].cab Object is locked skipped
C:\Documents and Settings\max\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\max\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\max\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\max\Desktop\BearShareV6.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\Documents and Settings\max\Desktop\BearShareV6.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\Documents and Settings\max\Desktop\BearShareV6.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\Documents and Settings\max\Desktop\BearShareV6.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\max\Desktop\BearShareV6.exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\max\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\max\NTUSER.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FFD0776.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A511532.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21E945CD.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6CBD6F2A.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D246E88.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32780BD8.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\34E87DAE.log Infected: IRC-Worm.Win32.Small.g skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61DE3129.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5045122D.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C2E46AD.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\069C7DBD.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61E15B25.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\160D702C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04795604.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\12C4724D.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\548124E7.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\226122E0.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27D47216.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02A152F8.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2C4110EE.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62FD377C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39265925.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62DD3E88.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F414756.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40095411.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AC406B9.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\496059C8.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4BA74831.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61E50521.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BD54E2C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2CC3655A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1EED66DE.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15010CE3.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21CD230C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61E82F1E.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\219D2C2B.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\550E74B1.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2B155B6F.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\558074DF.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21392338.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\54C9735B.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30015A6C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7DC520E0.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\714B6F45.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61EB591A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67650A2A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D580408.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\373D5000.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16005CDB.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20A52364.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2B4433FD.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\06B11E26.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\668768D9.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78724B2A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EED0E90.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\12D210BC.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A6248EE.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39BE1524.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61EE0317.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61F22D13.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72F64629.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4DED22B5.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4F8E3921.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16FF2CD3.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F7D23BC.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\583A3542.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3412259A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\380B78CC.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61F5570F.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38BE2428.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7638320C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BB72DB2.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\577F14CF.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1EE923E8.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2EB575E4.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0AC26954.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61FB2B08.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\444E6027.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46CD50B9.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\740816D3.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\587E64C7.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1DC12440.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BAB7729.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\382270C8.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61FF5505.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\160B6002.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\696A7E3C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\37DB412F.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\674E408C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C2D34AD.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04B534F8.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\160E09FE.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F325C3B.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60255085.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7377351D.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CAD1CA8.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04213524.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\52C4731A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44EA1BB5.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\448F4C7C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4EB955A6.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44DC2475.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\161133FB.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74FA3A3A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16155DF7.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3AC2183A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30BA6F33.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BC81E3E.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\161807F4.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\008A7639.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\59057E8A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\17F012CF.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E2C549C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\161B31F0.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46535438.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\01500DE0.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\162859E2.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D734C35.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\227A4B3B.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\54BB59A2.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20AA5C88.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\162C03DE.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\233B2A35.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4AC45A92.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60E34E33.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61294484.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7EEE36B1.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D1638CF.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\511B7D40.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7361543F.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\162F2DDA.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\69040834.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\730F69E9.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D0B42C4.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21A92C80.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7E5A36DD.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\33917971.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27CB40FA.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C231C38.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\163D6C95.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02C7012E.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5CF036F5.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A742F00.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\163257D7.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2ECC6633.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B5A793F.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79343755.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6228147C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7DC63709.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A0C3A13.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7E7C04B4.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\163501D3.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74944433.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43A40896.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\055C2BE5.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22A87C78.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D323735.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60867AB6.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\552C486F.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2DA72C2A.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\248A245E.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7810146C.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78176865.exe Infected: Email-Worm.Win32.Brontok.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\483B302F.exe Infected: not-virus:BadJoke.Win32.Hauntpc skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26883644.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26F749CA.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0FFB5F93.htm Infected: Exploit.JS.ADODB.Stream.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3BAF4EE4.exe Infected: Trojan-Downloader.Win32.Small.dhj skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4CAC4431.exe Infected: Trojan-Downloader.Win32.Small.dhj skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4DAC0760.exe Infected: Trojan-Downloader.Win32.Small.dhj skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\53886053.exe Infected: Trojan-Downloader.Win32.INService.bl skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\634330EC.exe Infected: Trojan-Downloader.Win32.INService.bl skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D330E8B.exe Infected: Trojan-Downloader.Win32.INService.bl skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\538B0A4F.exe Infected: Trojan-Downloader.Win32.INService.bl skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\290B0EEB.exe Infected: Trojan-Downloader.Win32.INService.bl skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\357E1DE2.exe Infected: Trojan-Downloader.Win32.INService.bl skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BDC46DA.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FD83D1B.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\70035EEC.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\469162F0.exe Infected: Worm.Win32.VB.dh skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46D654A4.exe Infected: Worm.Win32.RJump.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78470150.bc! Infected: Backdoor.Win32.Cakl.b skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0BD243CF.bc! Infected: Backdoor.Win32.Cakl.b skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\657E4889 Infected: Exploit.JS.ADODB.Stream.ac skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65817285 Infected: Exploit.JS.ADODB.Stream.ac skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\658B707A Infected: Exploit.JS.ADODB.Stream.ac skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C085F09.exe Infected: Trojan-Downloader.Win32.Agent.bdr skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51B95C00.exe Infected: Trojan-Downloader.Win32.Agent.bdr skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C0B0905.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74763523.net/stream/data0002/stream/data0002 Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74763523.net/stream/data0002/stream Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74763523.net/stream/data0002 Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74763523.net/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74763523.net/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74763523.net NSIS: infected - 5 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74763523.net CryptFF: infected - 5 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\749902FC.exe/stream/data0002/stream/data0002 Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\749902FC.exe/stream/data0002/stream Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\749902FC.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\749902FC.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\749902FC.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\749902FC.exe NSIS: infected - 5 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\749902FC.exe CryptFF: infected - 5 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7CE436F8.htm Infected: Exploit.JS.ADODB.Stream.ac skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D750A5F.EXE Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\289E367C.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\29AA219D.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39785638.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C0877CC.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3DA76079.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4C3E278F.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\42E3366D.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7BA04FB1.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D1139A4.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0AEE3BFD.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\73817C0B.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\431E4592.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15A50DE5.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F1C3F7A.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F086DF6.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\68A06C94.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77FF0DAA.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\001F06B9.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04DB5F84.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0AAF5319.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0EEB054B.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C63412E.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CFC4A18.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2AE738C7.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6971011A.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6B7F611F.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP8\A0001228.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP8\A0001229.dll Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP13\change.log Object is locked skipped
D:\PATCH\system data\wallpaper\sp2backgroundxp.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
D:\PATCH\system data\wallpaper\sp2backgroundxp.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\PATCH\system data\wallpaper\sp2backgroundxp.exe/WISE0015.BIN Infected: Trojan-Dropper.Win32.Small.ff skipped
D:\PATCH\system data\wallpaper\sp2backgroundxp.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d skipped
D:\PATCH\system data\wallpaper\sp2backgroundxp.exe WiseSFX: infected - 4 skipped
D:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP9\A0001340.exe/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP9\A0001340.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP9\A0001340.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP9\A0001341.exe/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
D:\System Volume Information\_restore{88E8CE90-9E51-4BCD-AABB-A4526D600B0B}\RP9\A0001341.exe RAR: infected - 1 skipped
D:\software\mIRC\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
D:\software\mIRC\mirc612.exe mIRC: infected - 1 skipped
D:\software\mIRC\mirc_(v6.14).exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\software\mIRC\mirc_(v6.14).exe mIRC: infected - 1 skipped
D:\software\mIRC\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\software\mIRC\mirc616.exe mIRC: infected - 1 skipped
D:\software\mIRC\wwe-script.exe/data Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
D:\software\mIRC\wwe-script.exe SetupFactory: infected - 1 skipped
D:\software\p2p application\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\software\p2p application\BSINSTALL.exe WiseSFX: infected - 1 skipped
D:\software\p2p application\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped

Scan process completed.
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-27-2007, 05:01 PM   #12 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


forhockey will be away from his PC tending to Real Life for a while, so I'll finish up with you. We're near done, but some items found by Kaspersky need attention.

P2P - I see you have P2P software ( BearShare, BitComet, and BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

---------------------------------------------------------------------------------------------

Please use Symantec's guide to remove the Norton Quarantine files.

---------------------------------------------------------------------------------------------

Disable the autorun feature of ALL removable drives to prevent a reinfection.

Download & run this tool - http://www.techsupportforum.com/sectools/CleanX-II.exe

If the log doesnt come back clean after the first pass, reboot & run it again.

Then post the log it produces, at the end of this fix.

---------------------------------------------------------------------------------------------

Delete these files:

D:\software\p2p application\BSINSTALL.exe
D:\PATCH\system data\wallpaper\sp2backgroundxp.exe
C:\Documents and Settings\max\Desktop\BearShareV6.exe

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.
  • After the install is complete, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
    • Downloaded Applications
    • Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Post a new HJT log, and let us know how your system is behaving, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-27-2007, 08:23 PM   #13 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi...

the initial problem is no longer there as mentioned in my previous thread. Everything seems to be ok. Just that everytime I reboot my system, it is noticeably slower especialy the part when it shows the black screen with Windows XP logo on it (before desktop appear). Is it normal or there is something can be done to make this start-up faster?


Anyway, here are the logs after running the CleanX-II and the HJT:




#######################################################################

Brontok Worm Removal Tool - (Version - 06.08.14)
by sUBs

#######################################################################

Current date: 28/02/2007 Current time: 11:31:48.57

=== PRE RUN ANALYSIS ===================================

...............



=== POST RUN ANALYSIS ==================================



NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.

======================================================






Logfile of HijackThis v1.99.1
Scan saved at 12:16:07, on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2007, 05:40 AM   #14 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

AVG Anti-Spyware would be a good program to keep, update and run a scan with once a week or so. It adds another layer of protection to your system's security tools. You may want to prevent AVG Anti-Spyware from running at Windows startup, and just call it into service when needed. This may help with system boot times. To do so, right click on the AVG A/S system tray icon, and uncheck Start with Windows. Also disable it's real time protection, as this will also use system resources, and will time out at the end of the trial period in 30 days. To do so:

Open AVG Anti-Spyware.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.

See if that helps your startup time.


Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK


Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

  • IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Download IE-SpyAD - Extract the contents to a new folder
      From within the folder, double-click install.bat
      Select Option #2 - Install the new IE-SPYAD list.
      Then return to the main menu.
      Select option #4 - Add the old porn sites domain


  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.


  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
    See this link for a listing of some online antivirus scanners:

    Anti-Spyware Tutorial
  • FIREWALL
    If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

    Do not install more than one firewall program because they will conflict with each other.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-02-2007, 02:34 AM   #15 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi...
first of all, I would like to thanx everyone for helping me out with my problem. Now my laptop is clear from any threat.


Now, the problem is, my harddisk start getting busy every less then a minute. The LED indicator will start blinking. This happen all the time even when running a simplest program such as media player or even browse the internet making my system lag. Initialy I tought i was running a heavy processing program but when i restart my system and just run a web browser, the same thing happen. My system doesnt run as smooth anymore. The lag that occur everytime the harddisk gets "busy" is realy annoying.

I ran all the options from TuneUp Utilities and also from Norton SystemWorks but it didnt help.

I remebered there was a backup registry created before I introduced some modification given by you guys. Is it ok to run that backup registry and restore to previous setting? (not sure this will help ;p)
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-02-2007, 07:25 AM   #16 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Restoring a previous registry backup would not likely help this.

Let's see if anything is hiding:


Download and run Blacklight

Note that you must have local administrative privileges to run the program.

Click Scan. BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you should allow BlackLight to do this

When it finishes, click Next. You may get a screen similar to the picture below. Click on Close.

BlackLight beta would create a log file "fsbl-<date-and-time>.log". By default, the log file is in the same directory as the executable. Please post the log.




Download GMER Rootkit Scanner from here or here.

Unzip it to your Desktop and double-click gmer.exe

Run the program and select the Rootkit tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Copy the log using the Copy button , Open Notepad and paste the log into a new text file (Using Ctrl + V), save it somewhere you can find it, and post the log in this thread.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-03-2007, 07:12 AM   #17 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi...

i ran d Blacklight and it didnt detect anything. Here are the logs for the Blacklight and GMER:

03/03/07 22:34:16 [Info]: BlackLight Engine 1.0.55 initialized
03/03/07 22:34:16 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/03/07 22:34:18 [Note]: 7019 4
03/03/07 22:34:18 [Note]: 7005 0
03/03/07 22:34:37 [Note]: 7006 0
03/03/07 22:34:37 [Note]: 7011 1868
03/03/07 22:34:37 [Note]: 7026 0
03/03/07 22:34:38 [Note]: 7026 0
03/03/07 22:34:47 [Note]: FSRAW library version 1.7.1021
03/03/07 22:35:51 [Note]: 2000 1012
03/03/07 22:35:51 [Note]: 2000 1012
03/03/07 22:35:51 [Note]: 2000 1012
03/03/07 22:36:50 [Note]: 7007 0





GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-03 23:05:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 85592EE8 ZwConnectPort
SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 855FA160 ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload BAC0C62C 5 Bytes JMP 853781C8

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 857D71E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 857D71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 852C71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 852C71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 852C71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 852C71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 852C71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 852C71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 852C71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 852C71E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 852C71E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 852C71E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 852C71E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 852C71E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CREATE 853691E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CLOSE 853691E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 853691E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 853691E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_POWER 853691E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 853691E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_PNP 853691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 857691E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EA74E6A-1464-4C79-8581-5CC0FCD5AD08} IRP_MJ_CREATE 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EA74E6A-1464-4C79-8581-5CC0FCD5AD08} IRP_MJ_CLOSE 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EA74E6A-1464-4C79-8581-5CC0FCD5AD08} IRP_MJ_DEVICE_CONTROL 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EA74E6A-1464-4C79-8581-5CC0FCD5AD08} IRP_MJ_INTERNAL_DEVICE_CONTROL 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EA74E6A-1464-4C79-8581-5CC0FCD5AD08} IRP_MJ_CLEANUP 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EA74E6A-1464-4C79-8581-5CC0FCD5AD08} IRP_MJ_PNP 8556B980
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 857691E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 85357980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 85357980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7828D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 857D81E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 857D81E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 857D81E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 857D81E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7828D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 857D81E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 857D81E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 857D81E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 857D81E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 857D81E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 857D81E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7828D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 857D81E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 857D81E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F7828D60] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 857D81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 857D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 857691E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 857691E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8556B980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8556B980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8556B980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8556B980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8556B980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8556B980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8556B980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8556B980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8556B980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8556B980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8556B980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5DC13955-9333-4AA2-895D-ADD1B750B936} IRP_MJ_CREATE 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5DC13955-9333-4AA2-895D-ADD1B750B936} IRP_MJ_CLOSE 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5DC13955-9333-4AA2-895D-ADD1B750B936} IRP_MJ_DEVICE_CONTROL 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5DC13955-9333-4AA2-895D-ADD1B750B936} IRP_MJ_INTERNAL_DEVICE_CONTROL 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5DC13955-9333-4AA2-895D-ADD1B750B936} IRP_MJ_CLEANUP 8556B980
Device \Driver\NetBT \Device\NetBT_Tcpip_{5DC13955-9333-4AA2-895D-ADD1B750B936} IRP_MJ_PNP 8556B980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 852C71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 852C71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 852C71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 852C71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 852C71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 852C71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 852C71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 852C71E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85490980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85490980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 852C71E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 852C71E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 852C71E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 852C71E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 852C71E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85490980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85490980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 853691E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE 853691E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 853691E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 853691E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER 853691E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 853691E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP 853691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 857691E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 857691E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 857D71E8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 857D71E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85514980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85514980

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1182671931-1974565712-2106517767-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D94DC05-98E9-91BA-0747-1AD504C5E036}@ablgnfjagcmhdchlebikiabeagaiibbkfl 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-1182671931-1974565712-2106517767-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D94DC05-98E9-91BA-0747-1AD504C5E036}@bblgnfjagcmhdchlebjkjcpjmhkffemcfmgc 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.12 ----
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-03-2007, 07:41 AM   #18 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Can't see anything malicious in those logs.

Let's use one more diagnostic tool.

Please download this tool > http://www.kztechs.com/sreng/sreng2.zip

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it. You may have to rename SREngLOG.log to SREngLOG.txt to upload it.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-03-2007, 07:15 PM   #19 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 12
OS: XP


update.exe
hi...
here's the attached sreng log:
Attached Files
File Type: txt SREngLOG.txt (41.8 KB, 2 views)
mightymax_81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-03-2007, 08:07 PM   #20 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,560
OS: 2000 Pro; XP Pro; XP Home


Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:
REGEDIT4

[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26c5070-4274-11db-b207-0004236ff40e}]
Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

I do see one minor issue we can repair. I don't think it's the cause of any lingering issues, though.

~ REPAIRING FILE ASSOCIATIONS ~


Select 'System Repair' from the left pane
- Click on 'File Association'
-- Select all entries that have an 'Error status' & click [Repair]
In your case, it should be:
  • .SCR


Use the following image as an example:





Close SREng.

---------------------------------------------------------------------------------------------

Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Leave the scanning options at default and press "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and post it in your next reply.

---------------------------------------------------------------------------------------------

Run ComboScan once again, and post it's log.


If you're still experiencing issues, please once again give details about what they are. The more information you give, the better I'll be able to help, or direct you to someone who can if I cannot.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:03 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84