|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
02-21-2007, 08:16 PM
|
#1 (permalink) |
|
Registered User
Join Date: Feb 2007
Posts: 38
OS: windows xp home
|
New member needs help with log....
I've read the steps that the forum states before you post your log on the redout on my computer....pretty sure that i have done all that was required...so here is what my readout states: is this puter fixable:
What I'm getting is popups but they actually have an address.....http://www.?????.com. Popup blocker is set but doesnt seem to stop this annoying occurance. Logfile of HijackThis v1.99.1 Scan saved at 6:57:53 PM, on 2/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\WINDOWS\CDProxyServ.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQInet.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Intellicast\Intellicast.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\bob\Desktop\Honer's Hall of Shame\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [Dvd Dash] C:\DOCUME~1\bob\APPLIC~1\SUPPOR~1\drvwarnhide.exe O4 - Startup: Intellicast.lnk = C:\Program Files\Intellicast\Intellicast.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {36263222-2F65-421C-BDEB-782EEEF11C2C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/game...ts/y/rt0_x.cab O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44...abblecubes.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by3fd.bay3.hotmail.msn.com/re...s/MsnPUpld.cab O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Email AntiVirus (Email AV) - Unknown owner - C:\WINDOWS\email-av.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Service Cvasvr (Service Cvas) - Unknown owner - C:\WINDOWS\csvas.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
     |
| Sponsored Links |
|
02-25-2007, 06:51 PM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
Hello and Welcome. Apologies for the delay, but as you can see, the forum is terribly busy.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please Download NoLop to your desktop from one of the links below... Link 1 Link 2 Link 3
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O4 - HKCU\..\Run: [Dvd Dash] C:\DOCUME~1\bob\APPLIC~1\SUPPOR~1\drvwarnhide.exe Close HijackThis now. --------------------------------------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following if they exist: C:\Documents and Settings\bob\Application Data\supportwaybend --------------------------------------------------------------------------------------------- Also.... Please do this:
---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
02-26-2007, 06:02 AM
|
#3 (permalink) |
|
Registered User
Join Date: Feb 2007
Posts: 38
OS: windows xp home
|
I have finished all the steps as you have stated.... I must be honest tho...when following the very first step.....running the NoLop I was expecting something in the notebook fashion... so once it ran i did not get the answer that you want....now if i go into the C: drive here is the only thing that is under NoLopBackups..... B452B6119CE934D9.job.01 infected.... my apologies for this one....
Here are the results on the other scan: Comboscan: ComboScan v20070221.16 run by bob on 2007-02-26 at 07:35:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as bob.exe) -------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 7:35:50 AM, on 2/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\WINDOWS\CDProxyServ.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQInet.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\bob\Desktop\comboscan.exe C:\Documents and Settings\bob\Desktop\Honer's Hall of Shame\bob.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [Dvd Dash] C:\DOCUME~1\bob\APPLIC~1\SUPPOR~1\drvwarnhide.exe O4 - Startup: Intellicast.lnk = C:\Program Files\Intellicast\Intellicast.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {36263222-2F65-421C-BDEB-782EEEF11C2C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/game...ts/y/rt0_x.cab O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44...abblecubes.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by3fd.bay3.hotmail.msn.com/re...s/MsnPUpld.cab O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Email AntiVirus (Email AV) - Unknown owner - C:\WINDOWS\email-av.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Service Cvasvr (Service Cvas) - Unknown owner - C:\WINDOWS\csvas.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- HijackThis Fixed Entries (C:\Documents and Settings\bob\Desktop\Honer's Hall of Shame\backups\) -------------------------------------------------------------------------------- backup-20070226-072745-354 O4 - HKCU\..\Run: [Dvd Dash] C:\DOCUME~1\bob\APPLIC~1\SUPPOR~1\drvwarnhide.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" %* .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 0R $sys$cor - C:\WINDOWS\system32\drivers\$sys$cor.sys 1R $sys$crater - C:\WINDOWS\system32\$sys$filesystem\crater.sys 0R amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\amdagp.sys 1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys 3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys 3S Bridge (MAC Bridge) - C:\WINDOWS\system32\drivers\bridge.sys 3S BridgeMP (MAC Bridge Miniport) - C:\WINDOWS\system32\drivers\bridge.sys 1R Cdr4_2K - C:\WINDOWS\system32\drivers\cdr4_2K.sys 1R Cdr4_xp - C:\WINDOWS\system32\drivers\cdr4_xp.sys 2R Cdralw2k - C:\WINDOWS\system32\drivers\cdralw2k.sys 1S cdudf_XP - C:\WINDOWS\system32\drivers\cdudf_xp.sys 3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys 1R DcCam (Kodak Camera Proxy) - C:\WINDOWS\system32\drivers\DcCam.sys 3S DcFpoint - C:\WINDOWS\system32\drivers\DcFpoint.sys 2R DCFS2K (Kodak DCFS2K Driver) - C:\WINDOWS\system32\drivers\DCFS2k.sys 3S DcLps (Legacy Polling Service) - C:\WINDOWS\system32\drivers\DcLps.sys 3S DcPTP - C:\WINDOWS\system32\drivers\DcPtp.sys 3S dvd_2K - C:\WINDOWS\system32\drivers\Dvd_2k.sys 1S EACMOS - C:\WINDOWS\system32\drivers\EACMOS.SYS (not found) 1S EAWDMFD - C:\WINDOWS\system32\drivers\EAWDMFD.sys (not found) 3R ElbyCDFL - C:\WINDOWS\system32\drivers\ElbyCDFL.sys 2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys 1S Exportit - C:\WINDOWS\system32\drivers\ExportIt.sys 3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys 1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys 3S lredbooo - C:\DOCUME~1\bob\LOCALS~1\Temp\lredbooo.sys (not found) 3S mmc_2K - C:\WINDOWS\system32\drivers\Mmc_2k.sys 3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys 3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVENG.SYS 3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVEX15.SYS 3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3S nv4 - C:\WINDOWS\system32\drivers\nv4.sys 0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys 3R Ptserlp (PCTEL Serial Device Driver for PCI) - C:\WINDOWS\system32\drivers\ptserlp.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S RTL8023 (Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver) - C:\WINDOWS\system32\drivers\Rtlnic51.sys 3R RTL8023xp (TRENDnet TE100 PCBUSR PC Card) - C:\WINDOWS\system32\drivers\TE100XP.SYS 3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\rtl8139.sys 1R SAVRT - C:\Program Files\Symantec AntiVirus\savrt.sys 2R SAVRTPEL - C:\Program Files\Symantec AntiVirus\Savrtpel.sys 3S sbpci (Sound Blaster AudioPCI Driver (WDM)) - C:\WINDOWS\system32\drivers\sbpci.sys 3R SMC1211 (SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver) - C:\WINDOWS\system32\drivers\SMC1211.sys 3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS 3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys 1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys 1R UdfReadr_xp - C:\WINDOWS\system32\drivers\udfreadr_xp.sys 3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys 3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 0R Vmodem (XP Vmodem) - C:\WINDOWS\system32\drivers\vmodem.sys 0R Vpctcom (XP Vpctcom) - C:\WINDOWS\system32\drivers\vpctcom.sys 2R vsdatant - C:\WINDOWS\system32\vsdatant.sys 0R Vvoice (XP Vvoice) - C:\WINDOWS\system32\drivers\vvoice.sys 3S wandrv (WAN Network Driver) - C:\WINDOWS\system32\drivers\wandrv.sys 1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2R $sys$DRMServer (Plug and Play Device Manager) - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe 4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService 3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe 3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" 3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" 2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" 2R CD_Proxy (XCP CD Proxy) - C:\WINDOWS\CDProxyServ.exe 3S cisvc (Indexing Service) - C:\WINDOWS\System32\cisvc.exe 4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe 3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} 2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch 2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec AntiVirus\DefWatch.exe" 2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com 3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService 2S Email AV (Email AntiVirus) - "C:\WINDOWS\email-av.exe" 4S ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe 3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter 3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" 3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\system32\ImapiRox.exe 3S KodakCCS (Kodak Camera Connection Software) - C:\WINDOWS\system32\drivers\KodakCCS.exe 2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE 2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService 4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe 3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe 3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V 4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe 4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe 3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe 3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe 3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe 3S ose (Office Source Engine) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe 2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe 2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe 2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe 2R RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe 4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe 2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss 3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe 2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe 3S SavRoam - "C:\Program Files\Symantec AntiVirus\SavRoam.exe" 2R SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe 2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2S Service Cvas (Service Cvasvr) - "C:\WINDOWS\csvas.exe" 2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" 2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe 2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService 2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc 3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{A977B055-EF0D-4468-91AD-1A8BFC97D5D3} 2R Symantec AntiVirus - "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" 3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe 3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch 2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3R upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService 3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe 2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service 3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe 2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService 2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe" 2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe 2R WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe" 2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup 2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs -- Scheduled Tasks -------------------------------------------------------------- 2007-02-26 07:14:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB> 2007-02-20 22:26:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB> 2004-02-13 23:50:00 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job<REGIST~3.JOB> 2004-02-08 23:50:00 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job<REGIST~2.JOB> 2004-02-03 23:50:00 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job<REGIST~1.JOB> -- Files created between 2007-01-26 and 2007-02-26 ------------------------------ 2007-02-26 07:35:14 0 d-------- C:\Documents and Settings\bob\Application Data\Supportwaybend<SUPPOR~1> 2007-02-26 06:54:42 0 d-------- C:\NoLopBackups<NOLOPB~1> 2007-02-21 10  55 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys2007-02-20 15:43:19 0 d-------- C:\Program Files\Supportwaybend<SUPPOR~1> 2007-02-17 21:48:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Mags Spam Log User<MAGSSP~1> 2007-02-16 12:01:42 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll 2007-02-16 12:01:41 118832 --a------ C:\WINDOWS\system32\SHW32.DLL 2007-02-16 11:42:55 0 d-------- C:\Program Files\EA SPORTS<EASPOR~1> 2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Find3M Report ---------------------------------------------------------------- 2007-02-26 07:11:29 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1> 2007-02-21 19:04:59 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1> 2007-02-20 15:43:32 0 d-------- C:\Program Files\Virtools Web Player 3.5<VIRTOO~1.5> 2007-02-20 15:43:10 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-20 15:42:19 0 d-------- C:\Program Files\Google 2007-02-20 15:04:06 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-02-20 01:49:45 0 d---s---- C:\Documents and Settings\bob\Application Data\Microsoft<MICROS~1> 2007-02-15 07:22:16 0 d-------- C:\Program Files\Absolute Poker<ABSOLU~1> 2007-02-14 22:10:29 0 d-------- C:\Program Files\Java 2007-02-12 09:58:18 0 d-------- C:\Documents and Settings\bob\Application Data\Apple Computer<APPLEC~1> 2007-02-03 02:00:24 0 --a------ C:\tdd.exe 2007-01-23 09:42:04 0 d-------- C:\Program Files\Ahead 2007-01-22 23:39:43 0 d-------- C:\Documents and Settings\bob\Application Data\Ahead 2007-01-22 22:12:55 0 d-------- C:\Program Files\CCleaner 2007-01-21 22:32:54 0 d-------- C:\Program Files\InetGet2 2007-01-21 22:32:32 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-21 22:32:06 0 d-------- C:\Program Files\LimeWire 2007-01-21 22:31:46 0 d-------- C:\Program Files\AIM 2007-01-21 22:31:46 0 d-------- C:\Documents and Settings\bob\Application Data\Aim 2007-01-21 22:30:50 0 d-------- C:\Documents and Settings\bob\Application Data\Viewpoint<VIEWPO~1> 2007-01-18 12:28:15 0 d-------- C:\Documents and Settings\bob\Application Data\AdobeUM 2007-01-18 09:28:07 0 d-------- C:\Program Files\Apple Software Update<APPLES~1> 2007-01-12 09:27:42 822784 --a------ C:\WINDOWS\system32\wininet(2)(2).dll<WININE~1.DLL> 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 1149952 --a------ C:\WINDOWS\system32\urlmon(2)(2).dll<URLMON~1.DLL> 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 --a------ C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url(2)(2).dll<URL(2)~1.DLL> 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll<IERTUT~1.DLL> 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-31 11:46:07 0 d-------- C:\Documents and Settings\bob\Application Data\Sun 2006-12-31 08:45:57 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1> 2006-12-31 08:42:49 0 d-------- C:\Program Files\Windows Media Connect<WINDOW~4> 2006-12-30 23:14:42 0 d-------- C:\Program Files\Kazaa Lite Resurrection<KAZAAL~1> 2006-12-27 16:42:41 0 d-------- C:\Program Files\Common Files\Java 2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs(2)(2).dll<SHSVCS~1.DLL> 2006-12-19 15:52:18 8453632 --a------ C:\WINDOWS\system32\shell32(2)(2).dll<SHELL3~1.DLL> 2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-11-27 08:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll 2006-11-27 08:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet" "Dvd Dash"="C:\\DOCUME~1\\bob\\APPLIC~1\\SUPPOR~1\\drvwarnhide.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WCOLOREAL"="\"C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe\"" "CPQEASYACC"="C:\\Program Files\\Compaq\\Easy Access Button Support\\StartEAK.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "srmclean"="C:\\Cpqs\\Scom\\srmclean.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Zone Labs Client"="C:\\PROGRA~1\\ZONELA~1\\ZONEAL~1\\zlclient.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"=dword:00000000 "Btn_Search"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e03f28-52da-11d8-90a6-806d6172696f}] Shell\AutoRun\command E:\RunGame.exe -- End of ComboScan: finished at 2007-02-26 at 07:36:34 ------------------------- Supplementary.txt : ComboScan v20070221.16 run by bob on 2007-02-26 at 07:35:28 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) XP 1500 Percentage of Memory in Use: 85% Physical Memory (total/avail): 511.55 MiB / 75.11 MiB Pagefile Memory (total/avail): 1248.68 MiB / 843.34 MiB Virtual Memory (total/avail): 2047.88 MiB / 1993.98 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 33.37 GiB total, 12.75 GiB free. D: is Fixed (FAT32) - 3.89 GiB total, 0.96 GiB free. E: is CDROM (CDFS) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AntivirusOverride is set. FirewallOverride is set. -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\bob\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PIECEOFART ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\bob LOGONSERVER=\\PIECEOFART NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0602 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\bob\LOCALS~1\Temp TMP=C:\DOCUME~1\bob\LOCALS~1\Temp USERDOMAIN=PIECEOFART USERNAME=bob USERPROFILE=C:\Documents and Settings\bob windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- Owner (new local, admin) bob (admin) Guest (guest) -- Add/Remove Programs ---------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} CiD Help --> C:\DOCUME~1\bob\APPLIC~1\SUPPOR~1\drvwarnhide.exe -uninstall CloneCD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Elaborate Bytes\CloneCD\Uninst.isu" -c"C:\Program Files\Elaborate Bytes\CloneCD\InstallHelp.dll" Coloreal --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\setup.exe" Compaq Advisor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL Compaq Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03AAA1D8-D4CF-48BD-9C66-78B41D80DF06}\setup.exe" CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0} Creative PCI Audio Drivers --> C:\CPQDRV\AUDIO\SBSETUP.EXE /u EA SPORTS online 2006 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe Easy Access Button Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93539D60-1817-11D1-9504-00805F26A89C}\setup.exe" -uninst Encarta Online --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0A23442-6214-11D3-8CDF-0080C768385C}\setup.exe" -uninst ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8} ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340} ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD} ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331} ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF} ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69} ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1} FlashFXP --> C:\PROGRA~1\FlashFXP\UNWISE.EXE C:\PROGRA~1\FlashFXP\INSTALL.LOG Golden Tee Golf Course Addon #1 --> C:\PROGRA~1\INCRED~1\GOLDEN~1\UNWISE.EXE C:\PROGRA~1\INCRED~1\GOLDEN~1\INSTALL.LOG Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 1.99.1 --> C:\Documents and Settings\bob\Desktop\Honer's Hall of Shame\HijackThis.exe /uninstall HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE} HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21} HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8} Homestead SiteBuilder LPX --> C:\Documents and Settings\bob\My Documents\Homestead\Homestead SiteBuilder LPX\hkuninst.exe Intellicast Desktop --> MsiExec.exe /X{73ACFCD5-4CA0-4404-8A50-009942DE70AB} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_190007_6b316\Setup.exe /APR-REMOVE KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} Lexmark 510 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBZUN5C.EXE -dLexmark 510 Series LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe" LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA} Nero 6 Demo --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Netscape 6 (6.1) --> C:\WINDOWS\N6Uninst.exe /ua "6.1 (en)" Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C} OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353} Quicken 2002 New User Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll" QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0} SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE} SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527} The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe Tiger Woods PGA TOUR 06 --> C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 06\EAUninstall.exe Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html" VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4 Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- End of ComboScan: finished at 2007-02-26 at 07:36:34 ------------------------- |
|
|
|
|
02-26-2007, 07:53 AM
|
#5 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
NoLOP should have produced a log at C:\NoLOP.log
Please post it. Also do this: Download fl.zip Extract the contents to a new folder on your Desktop. Within the folder, locate & double-click fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
02-26-2007, 11:01 AM
|
#6 (permalink) |
|
Registered User
Join Date: Feb 2007
Posts: 38
OS: windows xp home
|
I found the log that i couldn't find before.....here are the results to them:
NoLop Log: NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\bob\Desktop [2/26/2007] [6:52:36 AM] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\B452B6119CE934D9.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Ahead C:\Documents and Settings\All Users\Application Data\Aol Downloads C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Kazaa C:\Documents and Settings\All Users\Application Data\Kodak C:\Documents and Settings\All Users\Application Data\Mags Spam Log User C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Msn6 C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Trymedia C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\Yahoo! C:\Documents and Settings\Bob\Application Data\Acccore C:\Documents and Settings\Bob\Application Data\Adobe C:\Documents and Settings\Bob\Application Data\Adobeum C:\Documents and Settings\Bob\Application Data\Ahead C:\Documents and Settings\Bob\Application Data\Aim -- EMPTY Directory C:\Documents and Settings\Bob\Application Data\Apple Computer C:\Documents and Settings\Bob\Application Data\Downloadmanager C:\Documents and Settings\Bob\Application Data\Google C:\Documents and Settings\Bob\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Bob\Application Data\Identities C:\Documents and Settings\Bob\Application Data\Kazaa Lite C:\Documents and Settings\Bob\Application Data\Kontiki C:\Documents and Settings\Bob\Application Data\Lavasoft C:\Documents and Settings\Bob\Application Data\Leadertech C:\Documents and Settings\Bob\Application Data\Macromedia C:\Documents and Settings\Bob\Application Data\Microsoft C:\Documents and Settings\Bob\Application Data\Msn6 C:\Documents and Settings\Bob\Application Data\Real C:\Documents and Settings\Bob\Application Data\Simple Star -- EMPTY Directory C:\Documents and Settings\Bob\Application Data\Sun C:\Documents and Settings\Bob\Application Data\Supportwaybend C:\Documents and Settings\Bob\Application Data\Symantec C:\Documents and Settings\Bob\Application Data\Template C:\Documents and Settings\Bob\Application Data\Trend Micro C:\Documents and Settings\Bob\Application Data\Uoau -- EMPTY Directory C:\Documents and Settings\Bob\Application Data\Viewpoint C:\Documents and Settings\Bob\Application Data\Walgreens C:\Documents and Settings\Bob\Application Data\Yahoo! C:\Documents and Settings\Bob\Application Data\Yahoo! Messenger C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Guest\Application Data\Aim C:\Documents and Settings\Guest\Application Data\Identities C:\Documents and Settings\Guest\Application Data\Macromedia C:\Documents and Settings\Guest\Application Data\Microsoft C:\Documents and Settings\Guest\Application Data\Real C:\Documents and Settings\Guest\Application Data\Template C:\Documents and Settings\Localservice\Application Data\Macromedia C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Symantec C:\Documents and Settings\Owner\Application Data\Identities C:\Documents and Settings\Owner\Application Data\Microsoft here is the findlop.txt : NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\bob\Desktop [2/26/2007] [6:52:36 AM] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\B452B6119CE934D9.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Ahead C:\Documents and Settings\All Users\Application Data\Aol Downloads C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Kazaa C:\Documents and Settings\All Users\Application Data\Kodak C:\Documents and Settings\All Users\Application Data\Mags Spam Log User C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Msn6 C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Trymedia C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\Yahoo! C:\Documents and Settings\Bob\Application Data\Acccore C:\Documents and Settings\Bob\Application Data\Adobe C:\Documents and Settings\Bob\Application Data\Adobeum C:\Documents and Settings\Bob\Application Data\Ahead C:\Documents and Settings\Bob\Application Data\Aim -- EMPTY Directory C:\Documents and Settings\Bob\Application Data\Apple Computer C:\Documents and Settings\Bob\Application Data\Downloadmanager C:\Documents and Settings\Bob\Application Data\Google C:\Documents and Settings\Bob\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Bob\Application Data\Identities C:\Documents and Settings\Bob\Application Data\Kazaa Lite C:\Documents and Settings\Bob\Application Data\Kontiki C:\Documents and Settings\Bob\Application Data\Lavasoft C:\Documents and Settings\Bob\Application Data\Leadertech C:\Documents and Settings\Bob\Application Data\Macromedia C:\Documents and Settings\Bob\Application Data\Microsoft C:\Documents and Settings\Bob\Application Data\Msn6 C:\Documents and Settings\Bob\Application Data\Real C:\Documents and Settings\Bob\Application Data\Simple Star -- EMPTY Directory C:\Documents and Settings\Bob\Application Data\Sun C:\Documents and Settings\Bob\Application Data\Supportwaybend C:\Documents and Settings\Bob\Application Data\Symantec C:\Documents and Settings\Bob\Application Data\Template C:\Documents and Settings\Bob\Application Data\Trend Micro C:\Documents and Settings\Bob\Application Data\Uoau -- EMPTY Directory C:\Documents and Settings\Bob\Application Data\Viewpoint C:\Documents and Settings\Bob\Application Data\Walgreens C:\Documents and Settings\Bob\Application Data\Yahoo! C:\Documents and Settings\Bob\Application Data\Yahoo! Messenger C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Guest\Application Data\Aim C:\Documents and Settings\Guest\Application Data\Identities C:\Documents and Settings\Guest\Application Data\Macromedia C:\Documents and Settings\Guest\Application Data\Microsoft C:\Documents and Settings\Guest\Application Data\Real C:\Documents and Settings\Guest\Application Data\Template C:\Documents and Settings\Localservice\Application Data\Macromedia C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Symantec C:\Documents and Settings\Owner\Application Data\Identities C:\Documents and Settings\Owner\Application Data\Microsoft |
|
|
|
|
02-26-2007, 04:42 PM
|
#7 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
You're still getting popups because not all of LOP has been removed. The HJT entry I wanted you to fix remains, as does the folder I wanted you to delete.
Let's try again, and we'll add some tools. P2P - I see you have P2P software ( Limewire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. -------------------------------------------------------------------------------------------- Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" 
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. --------------------------------------------------------------------------------------------- Please download Brute Force Uninstaller to your desktop.
Save it in the same folder you made earlier (c:\BFU). Do NOT run it yet. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O4 - HKCU\..\Run: [Dvd Dash] C:\DOCUME~1\bob\APPLIC~1\SUPPOR~1\drvwarnhide.exe Close HijackThis now. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only
For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
--------------------------------------------------------------------------------------------- Then, please go to Start > My Computer and navigate to the C:\BFU folder.
--------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- Run ComboScan once again --------------------------------------------------------------------------------------------- Download fl.zip Extract the contents to a new folder on your Desktop. Within the folder, locate & double-click fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply --------------------------------------------------------------------------------------------- Please return with logs from: AVG Anti-Spyware Panda ComboScan.txt C:\findLOP.txt
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
02-28-2007, 08:55 PM
|
#8 (permalink) |
|
Registered User
Join Date: Feb 2007
Posts: 38
OS: windows xp home
|
sure took me long enough to get this done but here are the results of my finding...... one last question....of all the downloads that i have installed what should i keep and if i do keep how often should i run these.....
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 6:01:03 AM 2/28/2007 + Scan result: C:\System Volume Information\_restore{78B518AB-0831-4146-921C-018A9AAD5B2E}\RP1257\A0212506.dll -> Adware.F1Organizer : Cleaned with backup (quarantined). C:\System Volume Information\_restore{78B518AB-0831-4146-921C-018A9AAD5B2E}\RP1257\A0212509.exe -> Adware.IWantSearch : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{78B518AB-0831-4146-921C-018A9AAD5B2E}\RP1246\A0205217.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{78B518AB-0831-4146-921C-018A9AAD5B2E}\RP1255\A0210251.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{78B518AB-0831-4146-921C-018A9AAD5B2E}\RP1257\A0212508.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\Downloads\DeerHunter2005_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined). C:\Program Files\Archive\archive.exe -> Downloader.Small.adv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{78B518AB-0831-4146-921C-018A9AAD5B2E}\RP1257\A0212510.exe -> Trojan.MediaPipe.a : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld819C.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ld8E7F.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldD87B.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\1024\ldFA41.tmp -> Trojan.Small : Cleaned with backup (quarantined). C:\My Downloads\007 spy software crack.zip/007 spy software crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\3ds max 7 crack.zip/3ds max 7 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\3gp converter crack.zip/3gp converter crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Abakus UIQ3 crack.zip/Abakus UIQ3 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Adobe Acrobat Pro crack.zip/Adobe Acrobat Pro crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\CamStudio crack.zip/CamStudio crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Cash Cow crack.zip/Cash Cow crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\DVD Cloner IV crack.zip/DVD Cloner IV crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\EMPIRE EARTH 2 crack.zip/EMPIRE EARTH 2 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\EasyBoot crack.zip/EasyBoot crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\FLASHFXP crack.zip/FLASHFXP crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\FinePrint crack.zip/FinePrint crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Kaspersky Anti-Virus Personal Pro crack.zip/Kaspersky Anti-Virus Personal Pro crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Macromedia Flash 8 crack.zip/Macromedia Flash 8 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Magic Photo Editor crack.zip/Magic Photo Editor crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\MagicLines crack.zip/MagicLines crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\MagicMatch crack.zip/MagicMatch crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Mpeg crack.zip/Mpeg crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Mystic Inn crack.zip/Mystic Inn crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Outpost Firewall Pro crack.zip/Outpost Firewall Pro crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Perpetual Disco Screen Saver crack.zip/Perpetual Disco Screen Saver crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Pinball Arcade crack.zip/Pinball Arcade crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Pinnacle Studio Plus Titanium Edition v10.6 crack.zip/Pinnacle Studio Plus Titanium Edition v10.6 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Poker Superstars crack.zip/Poker Superstars crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Quick time crack.zip/Quick time crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\R-Studio crack.zip/R-Studio crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Simply Calenders crack.zip/Simply Calenders crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Sothink SWF Decompiler 3.4 build 60912 crack.zip/Sothink SWF Decompiler 3.4 build 60912 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\System Mechanic 6.0u crack.zip/System Mechanic 6.0u crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\System Mechanic 7 Pro crack.zip/System Mechanic 7 Pro crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Universal Shield crack.zip/Universal Shield crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\Video Edit Magic v4.21 crack.zip/Video Edit Magic v4.21 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\VirusRescue crack.zip/VirusRescue crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\WIN ZIP crack.zip/WIN ZIP crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\acronis true image crack.zip/acronis true image crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\adult crack.zip/adult crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\agnitum crack.zip/agnitum crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\anyplace control 3.2 crack.zip/anyplace control 3.2 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\autodesk inventor crack.zip/autodesk inventor crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\avira crack.zip/avira crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\betrapped crack.zip/betrapped crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\black crack.zip/black crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\boris crack.zip/boris crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\canopus crack.zip/canopus crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\cuteftp 8 crack.zip/cuteftp 8 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\digitando crack.zip/digitando crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\diskkeeper crack.zip/diskkeeper crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\divx pro 5.2.1 crack.zip/divx pro 5.2.1 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\dreamweaver 6 crack.zip/dreamweaver 6 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\dvd-cloner crack.zip/dvd-cloner crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\eltima crack.zip/eltima crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\far cry crack.zip/far cry crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\garmin crack.zip/garmin crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\holiday lights crack.zip/holiday lights crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\ice clock 3d crack.zip/ice clock 3d crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\icoo crack.zip/icoo crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\illustrator crack.zip/illustrator crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\internet download manager 5.05 crack.zip/internet download manager 5.05 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\intervideo windvr crack.zip/intervideo windvr crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\karu crack.zip/karu crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\keygen nero 7 crack.zip/keygen nero 7 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\luxor amun rising crack.zip/luxor amun rising crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\magic dvd crack.zip/magic dvd crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\magix music maker crack.zip/magix music maker crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\mahjong quest crack.zip/mahjong quest crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\mathcad crack.zip/mathcad crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\media center crack.zip/media center crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\memoriesontv crack.zip/memoriesontv crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\milkshape crack.zip/milkshape crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\ms office 2007 crack.zip/ms office 2007 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\mystery crack.zip/mystery crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\n-track studio v5.0.2 crack.zip/n-track studio v5.0.2 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\nero 6 crack.zip/nero 6 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\nero 7 ultra crack.zip/nero 7 ultra crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\office 2003 small business crack.zip/office 2003 small business crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\operation flashpoint crack.zip/operation flashpoint crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\partition manager crack.zip/partition manager crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\pc cillin crack.zip/pc cillin crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\pc-cillin 2007 crack.zip/pc-cillin 2007 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\power DVD 7.0 crack.zip/power DVD 7.0 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\privacy guardian crack.zip/privacy guardian crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\pro crack.zip/pro crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\real player crack.zip/real player crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\red alert crack.zip/red alert crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\route 66 crack.zip/route 66 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\setup factory crack.zip/setup factory crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\simcity 3000 crack.zip/simcity 3000 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\sims 2 pets crack.zip/sims 2 pets crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\spin it again crack.zip/spin it again crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\super ad blocker crack.zip/super ad blocker crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\swf decompiler crack.zip/swf decompiler crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\switch crack.zip/switch crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\switch v 1.11 crack.zip/switch v 1.11 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\system mechanic 7 professional crack.zip/system mechanic 7 professional crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\toast crack.zip/toast crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\tuneup utilities2006 crack.zip/tuneup utilities2006 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\uninstall tool crack.zip/uninstall tool crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\viewletcam crack.zip/viewletcam crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\winrar 361 crack.zip/winrar 361 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\wm recorder 11 crack.zip/wm recorder 11 crack.exe/zgo.exe -> Worm.Agent.v : Cleaned with backup (quarantined). C:\My Downloads\007 spy software crack.zip/007 spy software crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\3ds max 7 crack.zip/3ds max 7 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\3gp converter crack.zip/3gp converter crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Abakus UIQ3 crack.zip/Abakus UIQ3 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Adobe Acrobat Pro crack.zip/Adobe Acrobat Pro crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\CamStudio crack.zip/CamStudio crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Cash Cow crack.zip/Cash Cow crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\DVD Cloner IV crack.zip/DVD Cloner IV crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\EMPIRE EARTH 2 crack.zip/EMPIRE EARTH 2 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\EasyBoot crack.zip/EasyBoot crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\FLASHFXP crack.zip/FLASHFXP crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\FinePrint crack.zip/FinePrint crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Kaspersky Anti-Virus Personal Pro crack.zip/Kaspersky Anti-Virus Personal Pro crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Macromedia Flash 8 crack.zip/Macromedia Flash 8 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Magic Photo Editor crack.zip/Magic Photo Editor crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\MagicLines crack.zip/MagicLines crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\MagicMatch crack.zip/MagicMatch crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Mpeg crack.zip/Mpeg crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Mystic Inn crack.zip/Mystic Inn crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Outpost Firewall Pro crack.zip/Outpost Firewall Pro crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Perpetual Disco Screen Saver crack.zip/Perpetual Disco Screen Saver crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Pinball Arcade crack.zip/Pinball Arcade crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Pinnacle Studio Plus Titanium Edition v10.6 crack.zip/Pinnacle Studio Plus Titanium Edition v10.6 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Poker Superstars crack.zip/Poker Superstars crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Quick time crack.zip/Quick time crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\R-Studio crack.zip/R-Studio crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Simply Calenders crack.zip/Simply Calenders crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Sothink SWF Decompiler 3.4 build 60912 crack.zip/Sothink SWF Decompiler 3.4 build 60912 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\System Mechanic 6.0u crack.zip/System Mechanic 6.0u crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\System Mechanic 7 Pro crack.zip/System Mechanic 7 Pro crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Universal Shield crack.zip/Universal Shield crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\Video Edit Magic v4.21 crack.zip/Video Edit Magic v4.21 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\VirusRescue crack.zip/VirusRescue crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\WIN ZIP crack.zip/WIN ZIP crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\acronis true image crack.zip/acronis true image crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\adult crack.zip/adult crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\agnitum crack.zip/agnitum crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\anyplace control 3.2 crack.zip/anyplace control 3.2 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\autodesk inventor crack.zip/autodesk inventor crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\avira crack.zip/avira crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\betrapped crack.zip/betrapped crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\black crack.zip/black crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\boris crack.zip/boris crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\canopus crack.zip/canopus crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\cuteftp 8 crack.zip/cuteftp 8 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\digitando crack.zip/digitando crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\diskkeeper crack.zip/diskkeeper crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\divx pro 5.2.1 crack.zip/divx pro 5.2.1 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\dreamweaver 6 crack.zip/dreamweaver 6 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\dvd-cloner crack.zip/dvd-cloner crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\eltima crack.zip/eltima crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\far cry crack.zip/far cry crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\garmin crack.zip/garmin crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\holiday lights crack.zip/holiday lights crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\ice clock 3d crack.zip/ice clock 3d crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\icoo crack.zip/icoo crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\illustrator crack.zip/illustrator crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\internet download manager 5.05 crack.zip/internet download manager 5.05 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\intervideo windvr crack.zip/intervideo windvr crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\karu crack.zip/karu crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\keygen nero 7 crack.zip/keygen nero 7 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\luxor amun rising crack.zip/luxor amun rising crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\magic dvd crack.zip/magic dvd crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\magix music maker crack.zip/magix music maker crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\mahjong quest crack.zip/mahjong quest crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\mathcad crack.zip/mathcad crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\media center crack.zip/media center crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\memoriesontv crack.zip/memoriesontv crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\milkshape crack.zip/milkshape crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\ms office 2007 crack.zip/ms office 2007 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\mystery crack.zip/mystery crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\n-track studio v5.0.2 crack.zip/n-track studio v5.0.2 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\nero 6 crack.zip/nero 6 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\nero 7 ultra crack.zip/nero 7 ultra crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\office 2003 small business crack.zip/office 2003 small business crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\operation flashpoint crack.zip/operation flashpoint crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\partition manager crack.zip/partition manager crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\pc cillin crack.zip/pc cillin crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\pc-cillin 2007 crack.zip/pc-cillin 2007 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\power DVD 7.0 crack.zip/power DVD 7.0 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\privacy guardian crack.zip/privacy guardian crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\pro crack.zip/pro crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\real player crack.zip/real player crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\red alert crack.zip/red alert crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\route 66 crack.zip/route 66 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\setup factory crack.zip/setup factory crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\simcity 3000 crack.zip/simcity 3000 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\sims 2 pets crack.zip/sims 2 pets crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\spin it again crack.zip/spin it again crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\super ad blocker crack.zip/super ad blocker crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\swf decompiler crack.zip/swf decompiler crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\switch crack.zip/switch crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\switch v 1.11 crack.zip/switch v 1.11 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\system mechanic 7 professional crack.zip/system mechanic 7 professional crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\toast crack.zip/toast crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\tuneup utilities2006 crack.zip/tuneup utilities2006 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\uninstall tool crack.zip/uninstall tool crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\viewletcam crack.zip/viewletcam crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\winrar 361 crack.zip/winrar 361 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). C:\My Downloads\wm recorder 11 crack.zip/wm recorder 11 crack.exe/run.exe -> Worm.VB.njc : Cleaned with backup (quarantined). ::Report end Volume in drive C has no label. Volume Serial Number is E4B9-42B6 Directory of C:\Documents and Settings\All Users\Application Data 01/21/2007 10:31 PM <DIR> Adobe 01/21/2007 10:32 PM <DIR> Ahead 01/25/2006 11:34 PM <DIR> AOL Downloads 02/20/2007 03:03 PM <DIR> Apple Computer 12/15/2004 05:33 PM 3 DirectCDUserName.txt 11/26/2004 08:43 PM <DIR> Kazaa 11/05/2005 12:39 AM <DIR> Kodak 11/07/2006 10:24 AM <DIR> MSN6 11/01/2005 09:12 PM <DIR> QuickTime 07/11/2006 12:19 AM <DIR> Symantec 11/15/2006 09:30 AM <DIR> Trymedia 02/21/2007 07:05 PM <DIR> Viewpoint 08/13/2005 07:50 AM <DIR> Windows Genuine Advantage 1 File(s) 3 bytes 12 Dir(s) 13,659,770,880 bytes free Volume in drive C has no label. Volume Serial Number is E4B9-42B6 Directory of C:\Documents and Settings\bob\Application Data 01/25/2006 11:36 PM <DIR> acccore 07/19/2006 09:04 PM <DIR> Adobe 01/18/2007 12:28 PM <DIR> AdobeUM 01/22/2007 11:39 PM <DIR> Ahead 01/21/2007 10:31 PM <DIR> Aim 02/12/2007 09:58 AM <DIR> Apple Computer 03/08/2006 08:52 AM <DIR> DownloadManager 03/13/2006 09:20 PM <DIR> Google 02/22/2004 06:47 AM <DIR> Help 01/29/2004 11:25 PM <DIR> Identities 11/26/2004 08:34 PM <DIR> Kazaa Lite 11/27/2004 03:18 PM <DIR> Kontiki 11/01/2004 09:13 PM <DIR> Lavasoft 11/20/2004 05:12 PM <DIR> Leadertech 03/12/2006 11:31 AM <DIR> Macromedia 11/07/2006 10:26 AM <DIR> MSN6 03/15/2005 06:23 PM 0 OfficePool 2005 Prefs 02/14/2004 07:01 AM <DIR> Real 11/17/2005 01:30 AM <DIR> Simple Star 12/31/2006 11:46 AM <DIR> Sun 02/14/2004 07:05 AM <DIR> Symantec 02/01/2004 11:59 PM <DIR> Template 10/27/2006 08:19 AM <DIR> Trend Micro 07/07/2004 05:00 PM <DIR> uoau 03/10/2006 10:46 PM <DIR> Walgreens 07/11/2006 12:53 AM <DIR> Yahoo! 07/22/2004 04:43 PM <DIR> Yahoo! Messenger 1 File(s) 0 bytes 26 Dir(s) 13,659,770,880 bytes free Volume in drive C has no label. Volume Serial Number is E4B9-42B6 Directory of C:\Documents and Settings\Guest\Application Data 03/04/2004 03:50 PM <DIR> Aim 01/29/2004 11:25 PM <DIR> Identities 02/04/2004 10:39 PM <DIR> Macromedia 02/19/2004 10:17 PM <DIR> Real 02/03/2004 10:25 PM <DIR> Template 0 File(s) 0 bytes 5 Dir(s) 13,659,770,880 bytes free Volume in drive C has no label. Volume Serial Number is E4B9-42B6 Directory of C:\Documents and Settings\Owner\Application Data 01/29/2004 11:25 PM <DIR> Identities 0 File(s) 0 bytes 1 Dir(s) 13,659,770,880 bytes free Volume in drive C has no label. Volume Serial Number is E4B9-42B6 Directory of C:\Documents and Settings\Default User\Application Data 01/29/2004 11:25 PM <DIR> . 01/29/2004 11:25 PM <DIR> .. 01/29/2004 03:11 PM 62 desktop.ini 1 File(s) 62 bytes 2 Dir(s) 13,659,770,880 bytes free Volume in drive C has no label. Volume Serial Number is E4B9-42B6 Directory of C:\Documents and Settings\LocalService\Application Data Volume in drive C has no label. Volume Serial Number is E4B9-42B6 Directory of C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues [TRACE] Activating job 'AppleSoftwareUpdate.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe' Parameters: '-Task' WorkingDirectory: '' Comment: '' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 03/06/2007 22:26:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: ..T.... StartDate: 01/18/2007 EndDate: 00/00/0000 StartTime: 22:26 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'MP Scheduled Scan.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Windows Defender\MpCmdRun.exe' Parameters: 'Scan -RestrictPrivileges' WorkingDirectory: '' Comment: 'Scheduled Scan' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 03/01/2007 2:11:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 1 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/28/2007 EndDate: 00/00/0000 StartTime: 02:11 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Registration reminder 1.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\System32\OOBE\oobebaln.exe' Parameters: '/sys /r /n:1' WorkingDirectory: '' Comment: '' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 02/03/2004 23:50:00 NextRun: 00/00/0000 0:00:00 StartError: S_OK ExitCode: 0x80 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Once StartDate: 02/03/2004 EndDate: 00/00/0000 StartTime: 00:05 MinutesDuration: 1440 MinutesInterval: 15 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Registration reminder 2.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\System32\OOBE\oobebaln.exe' Parameters: '/sys /r /n:2' WorkingDirectory: '' Comment: '' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 02/08/2004 23:50:00 NextRun: 00/00/0000 0:00:00 StartError: S_OK ExitCode: 0x80 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Once StartDate: 02/08/2004 EndDate: 00/00/0000 StartTime: 00:05 MinutesDuration: 1440 MinutesInterval: 15 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Registration reminder 3.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\System32\OOBE\oobebaln.exe' Parameters: '/sys /r /n:3' WorkingDirectory: '' Comment: '' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 02/13/2004 23:50:00 NextRun: 00/00/0000 0:00:00 StartError: S_OK ExitCode: 0x80 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Once StartDate: 02/13/2004 EndDate: 00/00/0000 StartTime: 00:05 MinutesDuration: 1440 MinutesInterval: 15 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 ================= Incident Status Location Spyware:spyware/betterinet Not disinfected c:\windows\system32\in10b6s.dll Adware:adware/videoc Not disinfected c:\windows\videoc.ocx Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products Adware:adware/neededware Not disinfected Windows Registry Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\bob\Cookies\bob@ads.addynamix[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\bob\Cookies\bob@ads.pointroll[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\bob\Cookies\bob@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bob\Cookies\bob@doubleclick[2].txt Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg Spyware:Cookie/Go Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@go[1].txt ================= ComboScan v20070221.16 run by bob on 2007-02-28 at 22:31:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as bob.exe) -------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:31:31 PM, on 2/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\CDProxyServ.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQInet.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Documents and Settings\bob\Desktop\comboscan.exe C:\Documents and Settings\bob\Desktop\Honer's Hall of Shame\bob.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [Dvd Dash] C:\DOCUME~1\bob\APPLIC~1\SUPPOR~1\drvwarnhide.exe O4 - Startup: Intellicast.lnk = C:\Program Files\Intellicast\Intellicast.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {36263222-2F65-421C-BDEB-782EEEF11C2C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/game...ts/y/rt0_x.cab O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44...abblecubes.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by3fd.bay3.hotmail.msn.com/re...s/MsnPUpld.cab O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Email AntiVirus (Email AV) - Unknown owner - C:\WINDOWS\email-av.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Service Cvasvr (Service Cvas) - Unknown owner - C:\WINDOWS\csvas.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- Files created between 2007-01-28 and 2007-02-28 ------------------------------ 2007-02-28 06:31:08 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-02-28 06:31:03 0 d-------- C:\WINDOWS\LastGood 2007-02-28 06:19:01 0 d-------- C:\640b4ee8a92ba8d5b31bc18db9<640B4E~1> 2007-02-28 06:08:16 0 d-------- C:\bintheredunthat<BINTHE~1> 2007-02-27 20:27:09 0 d-------- C:\bfu 2007-02-27 20:09:00 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-27 20:08:53 0 d-------- C:\Program Files\Grisoft 2007-02-26 15:51:19 0 d-------- C:\Program Files\Common Files\EasyInfo 2007-02-26 06:54:42 0 d-------- C:\NoLopBackups<NOLOPB~1> 2007-02-21 10 55 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys2007-02-16 12:01:42 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll 2007-02-16 12:01:41 118832 --a------ C:\WINDOWS\system32\SHW32.DLL 2007-02-16 11:42:55 0 d-------- C:\Program Files\EA SPORTS<EASPOR~1> 2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe -- Find3M Report ---------------------------------------------------------------- 2007-02-28 20:58:48 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1> 2007-02-28 20:58:34 0 d-------- C:\Program Files\Symantec AntiVirus<SYMANT~1> 2007-02-28 20:44:11 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-02-28 06:00:52 0 d-------- C:\Program Files\Archive 2007-02-27 20:43:30 0 d-------- C:\Program Files\Java 2007-02-26 15:39:06 0 d-------- C:\Program Files\Google 2007-02-20 15:43:32 0 d-------- C:\Program Files\Virtools Web Player 3.5<VIRTOO~1.5> 2007-02-20 15:43:10 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-20 15:04:06 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-02-20 01:49:45 0 d---s---- C:\Documents and Settings\bob\Application Data\Microsoft<MICROS~1> 2007-02-15 07:22:16 0 d-------- C:\Program Files\Absolute Poker<ABSOLU~1> 2007-02-12 09:58:18 0 d-------- C:\Documents and Settings\bob\Application Data\Apple Computer<APPLEC~1> 2007-02-03 02:00:24 0 --a------ C:\tdd.exe 2007-01-23 09:42:04 0 d-------- C:\Program Files\Ahead 2007-01-22 23:39:43 0 d-------- C:\Documents and Settings\bob\Application Data\Ahead 2007-01-22 22:12:55 0 d-------- C:\Program Files\CCleaner 2007-01-21 22:32:32 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-21 22:31:46 0 d-------- C:\Program Files\AIM 2007-01-21 22:31:46 0 d-------- C:\Documents and Settings\bob\Application Data\Aim 2007-01-18 12:28:15 0 d-------- C:\Documents and Settings\bob\Application Data\AdobeUM 2007-01-18 09:28:07 0 d-------- C:\Program Files\Apple Software Update<APPLES~1> 2007-01-12 09:27:42 822784 --a------ C:\WINDOWS\system32\wininet(2)(2).dll<WININE~1.DLL> 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 1149952 --a------ C:\WINDOWS\system32\urlmon(2)(2).dll<URLMON~1.DLL> 2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 09:27:42 458752 --a------ C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url(2)(2).dll<URL(2)~1.DLL> 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll<IERTUT~1.DLL> 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-31 11:46:07 0 d-------- C:\Documents and Settings\bob\Application Data\Sun 2006-12-31 08:45:57 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1> 2006-12-31 08:42:49 0 d-------- C:\Program Files\Windows Media Connect<WINDOW~4> 2006-12-30 23:14:42 0 d-------- C:\Program Files\Kazaa Lite Resurrection<KAZAAL~1> 2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs(2)(2).dll<SHSVCS~1.DLL> 2006-12-19 15:52:18 8453632 --a------ C:\WINDOWS\system32\shell32(2)(2).dll<SHELL3~1.DLL> 2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet" "Dvd Dash"="C:\\DOCUME~1\\bob\\APPLIC~1\\SUPPOR~1\\drvwarnhide.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WCOLOREAL"="\"C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe\"" "CPQEASYACC"="C:\\Program Files\\Compaq\\Easy Access Button Support\\StartEAK.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "srmclean"="C:\\Cpqs\\Scom\\srmclean.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Zone Labs Client"="C:\\PROGRA~1\\ZONELA~1\\ZONEAL~1\\zlclient.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"=dword:00000000 "Btn_Search"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of ComboScan: finished at 2007-02-28 at 22:32:04 ------------------------- Last edited by tetonbob; 02-28-2007 at 09:09 PM. |
|
|
|
|
02-28-2007, 09:45 PM
|
#9 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
Hello, do you see a bad pattern there in the AVG Anti Spyware log? Cracks, along with P2P programs, are leading causes of infected machines.
If those crack zip files still remain on your system, I strongly recommend you delete the lot of them. Frankly, I'd consider nuking the entire My Downloads folder. I know that last set of scans took some time, but we're not done yet. You've got signs of worms and backdoors on your system. Your popups should be resolved, though. I'll advise you on the tools to keep or discard once we're done. ---------------------------------------------------------------------------------------------- CLEAR & RESET SYSTEM RESTORE'S CACHE Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter * Tick on the checkbox - Turn off System Restore on all drives * Click Apply Turn it back 'On' by unticking the same checkbox & click Apply, and then OK --------------------------------------------------------------------------------------------- Windows Defender Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.
---------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O4 - HKCU\..\Run: [Dvd Dash] C:\DOCUME~1\bob\APPLIC~1\SUPPOR~1\drvwarnhide.exe Close HijackThis now. --------------------------------------------------------------------------------------------- Go to Start>Run and copy/paste the following: sc delete "Service Cvas" Then press Enter. Again, Go to Start>Run and copy/paste the following: sc delete "Email AV" Then press Enter. --------------------------------------------------------------------------------------------- Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4): Quote:
 Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. --------------------------------------------------------------------------------------------- * Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe We'll use this in safe mode. Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Delete the following if they exist: c:\windows\system32\in10b6s.dll c:\windows\videoc.ocx C:\WINDOWS\email-av.exe C:\WINDOWS\csvas.exe C:\tdd.exe ---------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------- Once back in normal mode, please do this: Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool. Select option #1 - Search by typing 1 and press "Enter" and a text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! Please return with results from: DrWeb HJT SmitfraudFix (C:\rapport.txt)
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. Last edited by tetonbob; 02-28-2007 at 09:52 PM. |
|
|
|
|
|
03-04-2007, 05:18 AM
|
#10 (permalink) |
|
Registered User
Join Date: Feb 2007
Posts: 38
OS: windows xp home
|
Working on the new list but have a question needing a quick response....it was suggested that i delete all the contents that are in the folder called "my downloads"....when looking at this all there was in there was one thing.....realplayer....is there another place i need to go to find all the contents that are mentioned in the AGV scan report.
|
|
|
|
|
03-04-2007, 09:50 AM
|
#11 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
If this is all that's left, that's good.
C:\My Downloads\real player crack.zip If it's still there, delete it. The folder in question is: C:\My Downloads
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
03-04-2007, 08:02 PM
|
#12 (permalink) |
|
Registered User
Join Date: Feb 2007
Posts: 38
OS: windows xp home
|
here are the results of the steps that i have been instructed to do:
DR. WEB: setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.1.3;Probably BACKDOOR.Trojan;Incurable.Moved.; HIJACKTHIS: Logfile of HijackThis v1.99.1 Scan saved at 9:50:09 PM, on 3/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\CDProxyServ.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\COMPAQ\CPQINET\CPQInet.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\bob\Desktop\Honer's Hall of Shame\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Intellicast.lnk = C:\Program Files\Intellicast\Intellicast.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {36263222-2F65-421C-BDEB-782EEEF11C2C} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/game...ts/y/rt0_x.cab O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44...abblecubes.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by3fd.bay3.hotmail.msn.com/re...s/MsnPUpld.cab O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe SMITFRAUDFIX:SmitFraudFix v2.147 Scan done at 21:52:43.15, Sun 03/04/2007 Run from C:\Documents and Settings\bob\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\bob »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\bob\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\bob\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
03-04-2007, 08:10 PM
|
#13 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
We usually run this part of the fix in Safe mode, but in this case, it should not be required.
Double-click on SmitfraudFix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt --------------------------------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. --------------------------------------------------------------------------------------------- How is your system behaving?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
03-04-2007, 08:37 PM
|
#15 (permalink) |
|
Registered User
Join Date: Feb 2007
Posts: 38
OS: windows xp home
|
i got a little quick on my answer....... one thing that i noticed when i went to run the last program..... it told me that on some things access was denied....but here is the result of running option #2
SmitFraudFix v2.147 Scan done at 22:16:58.64, Sun 03/04/2007 Run from C:\Documents and Settings\bob\Desktop\puter fixerupper\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 sds-qckads.com 127.0.0.1 status.qckads.com 127.0.0.1 www.qoolaid.com 127.0.0.1 www.qoologic.com 127.0.0.1 www.CLKPrecision.com 127.0.0.1 www.urllogic.com 127.0.0.1 www.clkoptimizer.com 127.0.0.1 www.isearch.com 127.0.0.1 isearch.com 127.0.0.1 www.idownload.com 127.0.0.1 idownload.com 127.0.0.1 www.mytotalsearch.com 127.0.0.1 mytotalsearch.com 127.0.0.1 www.websearch.com 127.0.0.1 websearch.com 127.0.0.1 www.page-not-found.net 127.0.0.1 page-not-found.net 127.0.0.1 as.adwave.com 127.0.0.1 sr.adwave.com 127.0.0.1 www.adwave.com 127.0.0.1 adwave.com EVENT:HOST:127.0.0.1 127.0.0.1 www.pacimedia.com 127.0.0.1 www.exactsearch.net 127.0.0.1 www.contextplus.net »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
03-04-2007, 08:46 PM
|
#16 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
Quote:
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
|
03-05-2007, 05:31 AM
|
#17 (permalink) |
|
Registered User
Join Date: Feb 2007
Posts: 38
OS: windows xp home
|
i cannot remember exactly.....but do remember it was saying that the particular item it was trying to scan was being used by another source if i remember correctly.... do you want me to run it again and see if i get the same error ?
|
|
|
|
|
03-05-2007, 07:44 AM
|
#18 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
I'm sorry, I should have been more clear.
I'm uncertain what "it" you're referring to. If "it" is SmitfraudFix, it has done it's job. The message could have stemmed from the fact we were using it in normal mode. Let's run this online scan to see if anything remains: Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
03-06-2007, 08:08 AM
|
#20 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home
|
Quote:
All Kaspersky found was items in your Norton Quarantine. They can be deleted by navigating to this folder, and deleting all contents, but not the folder itself: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine Other than that, your logs appear clean. Any more issues? If not you should be good to go. We still have a few items to address. AVG Anti-Spyware would be a good program to keep, update and run a scan with once a week or so. It adds another layer of protection to your system's security tools. You may want to prevent AVG Anti-Spyware from running at Windows startup, and just call it into service when needed. This may help with system boot times. To do so, right click on the AVG A/S system tray icon, and uncheck Start with Windows. Also disable it's real time protection, as this will also use system resources, and will time out at the end of the trial period in 30 days. To do so: Open AVG Anti-Spyware.
Reset hidden/system files and folders
Create a new System Restore point
Enable Windows Auto Update
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
| Thread Tools | |
|
|
and select alcanshorty.bfu by double clicking on it.
located at the bottom of the page.
then click 
