|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-30-2007, 10:17 AM
|
#1 (permalink) |
|
Registered User
|
I am infected real bad, Please help!
Deckard's System Scanner v20070328.36
Run by Tony on 2007-03-30 at 12:01:03 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 29: 2007-03-30 16:01:23 UTC - RP138 - Deckard's System Scanner Restore Point 28: 2007-03-30 12:38:12 UTC - RP137 - System Checkpoint 27: 2007-03-29 05:31:22 UTC - RP136 - System Checkpoint 26: 2007-03-27 18:20:19 UTC - RP135 - Printer Driver Microsoft Office Document Image Writer Installed 25: 2007-03-27 06:48:29 UTC - RP134 - Software Distribution Service 2.0 -- First Restore Point -- 1: 2007-03-21 18:56:02 UTC - RP110 - Software Distribution Service 2.0 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Tony.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 12:07:39 PM, on 3/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\DOCUME~1\Tony\LOCALS~1\Temp\mozOpenDownload\dss.exe C:\PROGRA~1\HIJACK~1\Tony.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20239.www2.hp.com/techcenter...p_syscheck.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tony R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 172.17.128.200 O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Links to this page - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm O8 - Extra context menu item: &Similar pages - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Look up in Mr&Check... - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm O8 - Extra context menu item: Open in &new window - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm O8 - Extra context menu item: Search with &Google - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm O8 - Extra context menu item: Show page from the &cache - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gcache.htm O8 - Extra context menu item: Translate this page with Google - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm O8 - Extra context menu item: View old version at &archives.org - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm O8 - Extra context menu item: Zoom &in - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm O8 - Extra context menu item: Zoom &out - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys R3 BCM43XX (Broadcom 802.11 Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys R3 CAMCAUD (Conexant AMC Audio) - c:\windows\system32\drivers\camc6aud.sys R3 CAMCHALA - c:\windows\system32\drivers\camc6hal.sys R3 GMSIPCI - e:\install\gmsipci.sys (file missing) R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys R3 HSFHWATI - c:\windows\system32\drivers\hsfhwati.sys R3 NuidFltr (NUID filter driver) - c:\windows\system32\drivers\nuidfltr.sys R3 sdbus - c:\windows\system32\drivers\sdbus.sys R3 StillCam (Still Serial Digital Camera Driver) - c:\windows\system32\drivers\serscan.sys R3 tifm21 - c:\windows\system32\drivers\tifm21.sys R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys S3 DTV_Capture_2X0 (DVB-T Receiver) - c:\windows\system32\drivers\dtv_capture_2x0.sys S3 DTV_Loader_2X1 (DVB-T Loader) - c:\windows\system32\drivers\dtv_loader_2x1.sys S3 eabusb - c:\windows\system32\drivers\eabusb.sys S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys S3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 MSSQL$MSSMLBIZ (SQL Server (MSSMLBIZ)) - "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -smssmlbiz R2 NSCService (Norton Protection Center Service) - c:\program files\common files\symantec shared\security console\nscsrvce.exe R2 SQLBrowser (SQL Server Browser) - "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe" R2 SQLWriter (SQL Server VSS Writer) - "c:\program files\microsoft sql server\90\shared\sqlwriter.exe" R2 UxTuneUp (TuneUp Design Expansion) - c:\windows\system32\svchost.exe -k netsvcs S3 ccISPwdSvc (Symantec Internet Security Password Validation) - "c:\program files\norton internet security\ccpwdsvc.exe" S3 MHN - c:\windows\system32\svchost.exe -k netsvcs S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" -- Scheduled Tasks ------------------------------------------------------------- 2007-03-29 19:14:32 420 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{014EE5DA-CAEF-44FC-AA0B-1FD98128793F}.job<USER_F~1.JOB> 2007-03-27 15:48:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB> 2007-03-23 20:52:02 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tony.job<NORTON~1.JOB> 2007-03-23 17:19:09 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB> 2007-03-19 11:32:58 304 --a------ C:\WINDOWS\Tasks\HPCeeSchedule.job<HPCEES~1.JOB> 2007-03-19 11:32:09 456 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job<EASYIN~1.JOB> 2007-03-16 20:55:04 288 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job<MICROS~1.JOB> -- Files created between 2007-02-28 and 2007-03-30 ----------------------------- 2007-03-30 11:51:14 0 d-------- C:\ie-spyad 2007-03-30 11:50:21 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~1> 2007-03-30 09:58:18 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-03-30 09:58:16 0 d-------- C:\WINDOWS\LastGood 2007-03-27 17:00:02 90112 --a------ C:\WINDOWS\unvise32.exe 2007-03-27 16:59:49 0 d-------- C:\Program Files\SWiSHmax 2007-03-27 15  51 0 d-------- C:\Program Files\Yahoo SiteBuilder<YAHOOS~1>2007-03-26 12:38:43 0 d-------- C:\Program Files\Common Files\L&H 2007-03-26 12:38:23 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1> 2007-03-26 12:36:29 0 d-------- C:\WINDOWS\SHELLNEW 2007-03-26 12:31:27 0 dr-h----- C:\MSOCache 2007-03-26 10:21:15 0 d-------- C:\Documents and Settings\Tony\Application Data\Leadertech<LEADER~1> 2007-03-26 09:27:52 0 d--h----- C:\WINDOWS\PIF 2007-03-25 16:34:05 1046 --a------ C:\WINDOWS\mozver.dat 2007-03-24 16:03:45 0 d-------- C:\Program Files\IE7pro 2007-03-24 16:03:45 0 d-------- C:\Documents and Settings\Tony\Application Data\IE7pro 2007-03-24 14:45:25 0 d-------- C:\Documents and Settings\Tony\Application Data\Nvu 2007-03-24 14:44:43 0 d-------- C:\Program Files\Nvu 2007-03-22 19:15:22 139345 --a------ C:\WINDOWS\system32\hpzlnt12.dll 2007-03-22 19:13:58 229376 -ra------ C:\WINDOWS\system32\hpovst08.dll 2007-03-22 19:13:58 581632 -ra------ C:\WINDOWS\system32\hpotscl.dll 2007-03-22 19:05:58 19696 -----n--- C:\WINDOWS\hpomdl05.dat 2007-03-22 19:05:58 68947 --a------ C:\WINDOWS\hpoins05.dat 2007-03-22 14:39:49 0 d-------- C:\Documents and Settings\Tony\.DownloadManager<DOWNLO~1> 2007-03-22 13:45:58 0 d-------- C:\Program Files\Celestia 2007-03-21 18:30:47 0 d-------- C:\Program Files\Trend Micro<TRENDM~1> 2007-03-21 17:35:22 2321664 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-03-21 15:02:56 0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0> 2007-03-21 14:08:41 0 d-------- C:\b4c2fc34dca1bd5c86d486e18c<B4C2FC~1> 2007-03-21 13:11:41 0 d-------- C:\220770b1bfb545b4560166<220770~1> 2007-03-21 13:09:24 0 d-------- C:\14f6377c0c57f699a69534fb4d<14F637~1> 2007-03-21 13:03:43 0 d-------- C:\Documents and Settings\Tony\Application Data\Windows Desktop Search<WINDOW~1> 2007-03-21 13:02:48 0 d-------- C:\Program Files\Windows Desktop Search<WI459E~1> 2007-03-21 10:46:34 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET> 2007-03-21 10:34:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~2> 2007-03-21 10:09:11 0 d-------- C:\3e26b4e7c3febe22c578887e2ec6e9<3E26B4~1> 2007-03-20 16:27:29 0 d--h----- C:\WINDOWS\Icons 2007-03-20 16:08:54 0 d-------- C:\Program Files\iPod 2007-03-20 16:08:36 0 d-------- C:\Program Files\iTunes 2007-03-20 16:02:27 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-03-20 16:02:04 0 d-------- C:\Program Files\TuneUp Utilities 2007<TUNEUP~1> 2007-03-20 16:02:04 0 d-------- C:\Documents and Settings\Tony\Application Data\TuneUp Software<TUNEUP~1> 2007-03-20 16:01:22 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software<TUNEUP~1> 2007-03-20 05:51:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback 2007-03-20 05:03:06 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1> 2007-03-20 04:58:48 626688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-03-20 04:48:47 0 d-------- C:\Program Files\MediaMonkey<MEDIAM~1> 2007-03-18 17:56:33 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1> 2007-03-18 17:55:47 0 d-------- C:\Program Files\Common Files\Real 2007-03-18 17:55:46 0 d-------- C:\Program Files\Real 2007-03-18 17:54:48 0 d-------- C:\Documents and Settings\Tony\Application Data\Real 2007-03-18 12:01:32 0 d-------- C:\Documents and Settings\Tony\Application Data\DivX 2007-03-18 12:00:16 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-03-18 12:00:16 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-03-18 12:00:15 129784 -----n--- C:\WINDOWS\system32\pxafs.dll 2007-03-17 10:21:43 178408 --a------ C:\WINDOWS\system32\muweb.dll 2007-03-17 10:21:43 127208 --a------ C:\WINDOWS\system32\mucltui.dll 2007-03-17 10:20:44 0 d-------- C:\Program Files\Microsoft Network Monitor 3.0<MICROS~1.0> 2007-03-16 18:02:37 0 d-------- C:\Program Files\DivX 2007-03-16 13:34:47 0 d-------- C:\Program Files\Microsoft IntelliPoint<MIFB84~1> 2007-03-16 08:41:47 0 d-------- C:\Documents and Settings\Tony\Application Data\Get Mail<GETMAI~1> 2007-03-16 08:41:11 0 d-------- C:\Program Files\PaulB 2007-03-15 11:18:31 0 d-------- C:\Documents and Settings\Tony\Application Data\OfficeUpdate12<OFFICE~1> 2007-03-15 10:43:13 0 d-------- C:\Program Files\Windows Live Local for Outlook<WIC386~1> 2007-03-15 10:09:35 0 d-------- C:\Program Files\Microsoft Small Business<MIB7F8~1> 2007-03-15 09:47:43 0 d-------- C:\WINDOWS\system32\Backup 2007-03-15 09:47:22 0 d-------- C:\WINDOWS\SQLHotfix<SQLHOT~1> 2007-03-15 09:45:35 33340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll 2007-03-15 09:45:35 24576 --a------ C:\WINDOWS\system32\dbmsgnet.dll 2007-03-15 09:42:19 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1> 2007-03-15 08:02:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Ahead 2007-03-13 16:03:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage<OFFICE~1> 2007-03-13 15:58:45 0 d-------- C:\Program Files\MSECache 2007-03-11 07:30:07 0 d-------- C:\Documents and Settings\Tony\Application Data\AdobeAUM 2007-03-10 18:33:33 36864 -----n--- C:\WINDOWS\system32\wbsys.dll 2007-03-10 18:33:33 20480 --a------ C:\WINDOWS\system32\wbload.dll 2007-03-10 18:33:31 0 d-------- C:\Program Files\Stardock 2007-03-07 19:45:35 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-03-05 14:22:06 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~2> 2007-03-05 13:34:28 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL<OGACHE~1.DLL> 2007-03-05 07:37:57 5632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-03-05 07:37:56 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-03-05 07:37:55 159232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-03-05 07:22:42 0 d-------- C:\Program Files\Common Files\HP 2007-02-28 12:25:13 0 d-------- C:\BandLink 2007-02-28 04:54:56 0 d-------- C:\Documents and Settings\Tony\Application Data\Printer Info Cache<PRINTE~1> 2007-02-28 04:54:55 0 d-------- C:\Documents and Settings\Tony\Application Data\Image Zone Express<IMAGEZ~1> -- Find3M Report --------------------------------------------------------------- 2007-03-30 11:01:28 0 d-------- C:\Program Files\Symantec 2007-03-30 10:44:21 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1> 2007-03-30 10:41:01 0 d-------- C:\Program Files\Common Files\LightScribe<LIGHTS~1> 2007-03-30 10:12:45 0 d-------- C:\Documents and Settings\Tony\Application Data\Symantec 2007-03-28 16 04 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>2007-03-27 02:50:34 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1> 2007-03-26 11:45:55 0 d-------- C:\Program Files\Microsoft Works<MICROS~3> 2007-03-23 14:26:38 251 --a------ C:\Program Files\wt3d.ini 2007-03-23 13:51:28 0 d---s---- C:\Documents and Settings\Tony\Application Data\Microsoft<MICROS~1> 2007-03-23 12:29:45 0 d-------- C:\Program Files\ParticleG<PARTIC~1> 2007-03-23 12:27:08 0 d-------- C:\Documents and Settings\Tony\Application Data\Uniblue 2007-03-22 19:18:07 0 d-------- C:\Program Files\HP 2007-03-22 14:38:57 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-22 14:34:45 0 d-------- C:\Documents and Settings\Tony\Application Data\Adobe 2007-03-20 16:01:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-03-20 08:53:31 0 d-------- C:\Documents and Settings\Tony\Application Data\Ahead 2007-03-14 12:16:32 737280 --a------ C:\WINDOWS\iun6002.exe 2007-03-14 11:35:34 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1> 2007-03-11 07:44:06 0 d-------- C:\Documents and Settings\Tony\Application Data\AdobeUM 2007-03-11 07:36:42 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-08 18:14:51 0 d-------- C:\Program Files\GemMaster<GEMMAS~1> 2007-03-08 18:14:51 0 d-------- C:\Program Files\ESPNMotion<ESPNMO~1> 2007-03-08 18:14:51 0 d-------- C:\Program Files\EnglishOtto<ENGLIS~1> 2007-03-07 19:43:43 0 d-------- C:\Program Files\Apple Software Update<APPLES~1> 2007-03-06 16:12:27 0 d-------- C:\Program Files\Trillian 2007-02-28 05:50:11 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1> 2007-02-28 04:50:50 2845 --a------ C:\Documents and Settings\Tony\Application Data\HPCOM_48BitScanUpdate.log<HPCOM_~1.LOG> 2007-02-28 03:39:29 0 d-------- C:\Program Files\Google 2007-02-27 16:04:30 0 d-------- C:\Program Files\Java 2007-02-27 14:52:32 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1> 2007-02-27 14:52:31 0 d-------- C:\Program Files\RGB 2007-02-27 14:52:31 0 d-------- C:\Program Files\music_now<MUSIC_~1> 2007-02-27 14:52:31 0 d-------- C:\Program Files\MSN Encarta Plus<MSNENC~1> 2007-02-27 14:52:31 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-02-25 18:24:53 0 d-------- C:\Program Files\Logo Cre8or<LOGOCR~1> 2007-02-25 09:50:31 0 d-------- C:\Program Files\Back2zip 2007-02-25 09:36:25 0 d-------- C:\Program Files\CCleaner 2007-02-25 06:48:24 0 d-------- C:\Program Files\Backup Plus<BACKUP~1> 2007-02-24 16 12 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL2007-02-24 15:54:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-02-23 17:38:46 0 d-------- C:\Program Files\FileMaker<FILEMA~1> 2007-02-23 17:38:45 0 d-------- C:\Program Files\Common Files\ODBC 2007-02-23 00:29:58 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-02-23 00:29:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-02-23 00:29:52 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe 2007-02-23 00:29:52 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe 2007-02-23 00:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-02-23 00:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-02-23 00:25:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-02-23 00:25:24 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-02-23 00:25:23 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2007-02-23 00:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-02-23 00:25:22 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-02-23 00:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2007-02-23 00:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-02-23 00:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-02-23 00:25:19 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL> 2007-02-23 00:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL> 2007-02-23 00:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL> 2007-02-23 00:25:19 639066 --a------ C:\WINDOWS\system32\DivX.dll 2007-02-21 16:37:45 0 d-------- C:\Documents and Settings\Tony\Application Data\EPSON 2007-02-21 16:04:55 0 d-------- C:\Program Files\EPSON 2007-02-20 04:12:12 0 d-------- C:\Documents and Settings\Tony\Application Data\Sun 2007-02-20 03:20:01 0 d-------- C:\Program Files\HPQ 2007-02-20 03:19:54 0 d-------- C:\Documents and Settings\Tony\Application Data\Hewlett-Packard<HEWLET~1> 2007-02-20 02:55:17 0 -rahs---- C:\MSDOS.SYS 2007-02-20 02:55:17 0 -rahs---- C:\IO.SYS 2007-02-19 13:54:56 0 d-------- C:\Program Files\MTV Networks<MTVNET~1> 2007-02-19 13:10:25 0 d-------- C:\Documents and Settings\Tony\Application Data\CyberLink<CYBERL~1> 2007-02-19 13:10:20 0 d-------- C:\Documents and Settings\Tony\Application Data\HP 2007-02-18 21:39:47 0 d-------- C:\Program Files\DIFX 2007-02-18 21:00:13 0 d-------- C:\Program Files\Broadcom 2007-02-18 20:34:38 37027 --a------ C:\WINDOWS\atmoUn.exe 2007-02-18 20:34:36 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1> 2007-02-18 18:38:28 0 d-------- C:\Documents and Settings\Tony\Application Data\PC Tools<PCTOOL~1> 2007-02-18 14:54:46 0 d-------- C:\Program Files\DTV 2007-02-18 11:33:35 0 d-------- C:\Program Files\RegistryFix<REGIST~1> 2007-02-18 10:50:34 0 d-------- C:\Program Files\Common Files\Ahead 2007-02-18 10:48:49 0 d-------- C:\Program Files\Nero 2007-02-18 10:31:41 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll 2007-02-18 08:07:53 0 d-------- C:\Documents and Settings\Tony\Application Data\Lavasoft 2007-02-18 08:07:45 0 d-------- C:\Program Files\Lavasoft 2007-02-17 19:22:02 0 d-------- C:\Documents and Settings\Tony\Application Data\Apple Computer<APPLEC~1> 2007-02-17 16:40:18 0 d-------- C:\Program Files\MSBuild 2007-02-17 16:35:55 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1> 2007-02-17 13:52:22 0 d-------- C:\Program Files\Yahoo! 2007-02-17 13:08:39 0 d-------- C:\Documents and Settings\Tony\Application Data\Talkback 2007-02-17 13:08:21 0 --a------ C:\WINDOWS\nsreg.dat 2007-02-17 13:08:17 0 d-------- C:\Documents and Settings\Tony\Application Data\Mozilla 2007-02-17 13:02:16 0 d-------- C:\Documents and Settings\Tony\Application Data\Macromedia<MACROM~1> 2007-02-17 12:36:46 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0> 2007-02-17 11:57:40 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1> 2007-02-17 11:05:23 0 d-------- C:\Documents and Settings\Tony\Application Data\Google 2007-02-17 10:59:38 0 d-------- C:\Program Files\Windows Plus<WINDOW~3> 2007-02-17 10:59:34 0 d-------- C:\Program Files\Windows NT<WINDOW~2> 2007-02-17 10:56:13 0 d-------- C:\Program Files\WildTangent<WILDTA~1> 2007-02-17 10:56:09 0 d-------- C:\Program Files\Synaptics<SYNAPT~1> 2007-02-17 10:56:06 0 d-------- C:\Program Files\Sonic 2007-02-17 10:55:16 0 d-------- C:\Program Files\Quickensetup<QUICKE~1> 2007-02-17 10:55:05 0 d-------- C:\Program Files\Quicken 2007-02-17 10:54:51 0 d-------- C:\Program Files\Online Services<ONLINE~1> 2007-02-17 10:53:34 0 d-------- C:\Program Files\Netscape 2007-02-17 10:53:22 0 d-------- C:\Program Files\muvee Technologies<MUVEET~1> 2007-02-17 10:53:21 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1> 2007-02-17 10:53:19 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-02-17 10:52:46 0 d-------- C:\Program Files\Microsoft Office Trial Wizard<MI4B70~1> 2007-02-17 10:52:45 0 d-------- C:\Program Files\Microsoft Money 2006<MICROS~2> 2007-02-17 10:52:30 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1> 2007-02-17 10:52:03 0 d-------- C:\Program Files\HP Rhapsody<HPRHAP~1> 2007-02-17 10:50:34 0 d-------- C:\Program Files\DIGStream<DIGSTR~1> 2007-02-17 10:50:34 0 d-------- C:\Program Files\CONEXANT 2007-02-17 10:50:34 0 d-------- C:\Program Files\Common Files\TiVo Shared<TIVOSH~1> 2007-02-17 10:50:12 0 d-------- C:\Program Files\Common Files\SureThing Shared<SURETH~1> 2007-02-17 10:50:12 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1> 2007-02-17 10:50:03 0 d-------- C:\Program Files\Common Files\Palo Alto Software<PALOAL~1> 2007-02-17 10:50:03 0 d-------- C:\Program Files\Common Files\muvee Technologies<MUVEET~1> 2007-02-17 10:49:52 0 d-------- C:\Program Files\Common Files\MSSoap 2007-02-17 10:49:40 0 d-------- C:\Program Files\Common Files\Java 2007-02-17 10:49:39 0 d-------- C:\Program Files\Common Files\Intuit 2007-02-17 10:49:38 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-02-17 10:49:31 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1> 2007-02-17 10:43:31 0 d-------- C:\Documents and Settings\Tony\Application Data\Intuit 2007-02-17 10:43:31 0 d-------- C:\Documents and Settings\Tony\Application Data\Identities<IDENTI~1> 2007-02-17 10:42:54 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1> 2007-02-15 21:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE> 2007-02-12 18:22:48 538256 --a------ C:\WINDOWS\system32\SymNeti.dll 2007-02-12 18:22:46 161424 --a------ C:\WINDOWS\system32\SymRedir.dll 2007-02-10 05:29:52 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll 2007-02-10 05:29:52 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll 2007-02-05 15:43:06 1481728 -----n--- C:\WINDOWS\system32\mssrch.dll 2007-02-05 15:42:10 1504768 -----n--- C:\WINDOWS\system32\tquery.dll 2007-02-05 15:41:14 122368 -----n--- C:\WINDOWS\system32\UncPH.dll 2007-02-05 15:41:06 134656 -----n--- C:\WINDOWS\system32\UncDMS.dll 2007-02-05 15:41:04 108544 -----n--- C:\WINDOWS\system32\UncNE.dll 2007-02-05 15:40:58 98304 -----n--- C:\WINDOWS\system32\UncCplExt.dll<UNCCPL~1.DLL> 2007-02-05 15:40:56 260096 -----n--- C:\WINDOWS\system32\oeph.dll 2007-02-05 15:36:48 52224 -----n--- C:\WINDOWS\system32\msstrc.dll 2007-02-05 15:36:08 27136 -----n--- C:\WINDOWS\system32\rtffilt.dll 2007-02-05 15:36:06 111104 -----n--- C:\WINDOWS\system32\xmlfilter.dll<XMLFIL~1.DLL> 2007-02-05 15:35:38 248320 -----n--- C:\WINDOWS\system32\msshsq.dll 2007-02-05 15:35:24 167424 -----n--- C:\WINDOWS\system32\mssphtb.dll 2007-02-05 15:34:38 300032 -----n--- C:\WINDOWS\system32\searchindexer.exe<SEARCH~3.EXE> 2007-02-05 15:33:54 331776 -----n--- C:\WINDOWS\system32\mssph.dll 2007-02-05 15:32:28 182784 -----n--- C:\WINDOWS\system32\searchprotocolhost.exe<SEARCH~1.EXE> 2007-02-05 15:32:02 65536 -----n--- C:\WINDOWS\system32\propdefs.dll 2007-02-05 15:31:10 76800 -----n--- C:\WINDOWS\system32\searchfilterhost.exe<SEARCH~2.EXE> 2007-02-05 15:30:16 23552 -----n--- C:\WINDOWS\system32\msscb.dll 2007-02-05 15:29:24 51200 -----n--- C:\WINDOWS\system32\msscntrs.dll 2007-02-05 15:29:14 98816 -----n--- C:\WINDOWS\system32\mssitlb.dll 2007-02-05 15:29:12 255488 -----n--- C:\WINDOWS\system32\srchadmin.dll<SRCHAD~1.DLL> 2007-02-05 15:28:56 32256 -----n--- C:\WINDOWS\system32\mssprxy.dll 2007-02-05 15:28:46 733696 -----n--- C:\WINDOWS\system32\propsys.dll 2007-02-05 15:24:38 2048 -----n--- C:\WINDOWS\system32\UncRes.dll 2007-02-05 15:24:36 11264 -----n--- C:\WINDOWS\system32\oephRes.dll 2007-02-05 14:24:28 18271 -----n--- C:\WINDOWS\system32\structuredqueryschematrivial.bin<STRUCT~2.BIN> 2007-02-05 14:24:26 99999 -----n--- C:\WINDOWS\system32\structuredqueryschema.bin<STRUCT~1.BIN> 2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-03 11:21:06 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "TuneUp MemOptimizer"="\"C:\\Program Files\\TuneUp Utilities 2007\\MemOptimizer.exe\" autostart" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe" "hpWirelessAssistant"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,\ 65,77,6c,65,74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,57,69,72,65,6c,65,73,\ 73,20,41,73,73,69,73,74,61,6e,74,5c,48,50,57,41,4d,61,69,6e,2e,65,78,65,00 "eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start" "ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "IntelliPoint"="\"c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "EPSON PictureMate 500"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9TE.EXE /P21 \"EPSON PictureMate 500\" /O6 \"USB001\" /M \"PictureMate 500\"" "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe" "Synchronization Manager"="%SystemRoot%\\system32\\mobsync.exe /logon" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "GreyMSIAds"=dword:00000001 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GMSIPCI *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SETUPNTGLM7X -- Hosts ----------------------------------------------------------------------- 192.168.2.2 HP0015604A3E79 -- End of Deckard's System Scanner: finished at 2007-03-30 at 12:08:17 ---------
__________________
"Things should be made as simple as possible, but not any simpler." |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-05-2007, 09:43 PM
|
#3 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Re: I am infected real bad, Please help!
Hi Ring Tone,
Welcome to Tech Support Forum!  I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help. OK, here’s what we do first. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change from what we know in 2006, read this article: http://www.clickz.com/news/article.php/3561546 Additional info: http://vil.nai.com/vil/content/v_137262.htm I suggest you remove the program now. Go to Start -> Control Panel -> Add/Remove Programs and remove the following programs (if present): Viewpoint Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar NEXT: Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present): O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked". Then please exit HijackThis. NEXT: Please download OTMoveIt by OldTimer:
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see. NEXT: Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind. Please download CCleaner (freeware) and save it to your desktop:
CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system. NEXT: Please download ComboFix by sUBs: NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NEXT: Please do an online scan with Kaspersky Online Scanner:
Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%. NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply:
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length of the forum software). Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
__________________
 Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 04-05-2007 at 09:49 PM. |
|
|
|
|
04-06-2007, 04:58 AM
|
#4 (permalink) |
|
Registered User
|
Re: I am infected real bad, Please help!
I can't believe I have two viruses. I am using Nortons 2006 and it didn't catch it, wow!!
 KASPERSKY ONLINE SCANNER REPORT Friday, April 06, 2007 6:34:57 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 6/04/2007 Kaspersky Anti-Virus database records: 292105 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ E:\ Z:\ Scan Statistics: Total number of scanned objects: 105535 Number of viruses found: 2 Number of infected objects: 11 / 0 Number of suspicious objects: 0 Duration of the scan process: 02:12:05 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.7.Crwl Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.7.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy20.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Tony\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped C:\Documents and Settings\Tony\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped C:\Documents and Settings\Tony\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\cert8.db Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\history.dat Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\key3.db Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\parent.lock Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\search.sqlite Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Tony\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped C:\Documents and Settings\Tony\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Tony\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\History\History.IE5\MSHist012007040620070407\index.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\Perflib_Perfdata_260.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\Perflib_Perfdata_b8c.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF7AAE.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF7C2.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DFD57F.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DFD5D5.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DFE83E.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tony\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Tony\ntuser.dat.LOG Object is locked skipped C:\New Downloads\Nero-7.7.5.1_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\New Downloads\Nero-7.7.5.1_eng_trial.exe RAR: infected - 1 skipped C:\Ntf1B.tmp Object is locked skipped C:\Ntf1C.tmp Object is locked skipped C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0052NAV~.TMP Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0948NAV~.TMP Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\billing_Tony.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\client_Tony.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\network_Tony.log Object is locked skipped C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe/WISE0010.BIN/WISE0008.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe/WISE0010.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe WiseSFX: infected - 2 skipped C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe WiseSFX Dropper: infected - 2 skipped C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst/WISE0010.BIN/WISE0008.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst/WISE0010.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi Embedded: infected - 3 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP159\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B46D30CB-5F53-4511-9D8A-B2EC49B4E2DA}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A5CE11FE-0CA4-4563-A628-391C09E0A701}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\usgthrsvc\Perflib_Perfdata_89c.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
__________________
"Things should be made as simple as possible, but not any simpler." |
|
|
|
|
04-06-2007, 04:59 AM
|
#5 (permalink) |
|
Registered User
|
Re: I am infected real bad, Please help!
Here's the combo fix log.
"Tony" - 07-04-06 3:50:33 Service Pack 2 ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Tony" ((((((((((((((((((((((((((((((( Files Created from 2007-03-06 to 2007-04-06 )))))))))))))))))))))))))))))))))) 2007-04-04 05:04 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\OpenOffice.org2 2007-04-04 04:58 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2 2007-04-04 04:38 <DIR> d-------- C:\Program Files\KompoZer 2007-04-04 04:38 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\KompoZer 2007-04-03 06:03 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector 2007-04-02 15:32 <DIR> d-------- C:\Program Files\DFX 2007-04-02 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DFX 2007-03-31 09:58 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\Symantec 2007-03-31 09:49 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-03-31 09:49 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-03-31 08:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-03-31 08:40 <DIR> d-------- C:\Program Files\Common Files\L&H 2007-03-31 08:38 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-03-31 08:35 <DIR> dr-h----- C:\MSOCache 2007-03-30 12:01 <DIR> d-------- C:\Deckard 2007-03-30 11:51 <DIR> d-------- C:\ie-spyad 2007-03-30 11:50 <DIR> d-------- C:\Program Files\SpywareGuard 2007-03-30 09:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-03-28 18:51 97,936 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2007-03-28 18:51 538,256 --a------ C:\WINDOWS\system32\SymNeti.dll 2007-03-28 18:51 31,888 --a------ C:\WINDOWS\system32\drivers\symids.sys 2007-03-28 18:51 28,304 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2007-03-28 18:51 24,208 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2007-03-28 18:51 189,584 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2007-03-28 18:51 161,424 --a------ C:\WINDOWS\system32\SymRedir.dll 2007-03-28 18:51 12,944 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2007-03-27 16:59 <DIR> d-------- C:\Program Files\SWiSHmax 2007-03-27 15:06 <DIR> d-------- C:\Program Files\Yahoo SiteBuilder 2007-03-26 10:21 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\Leadertech 2007-03-26 09:27 <DIR> d--h----- C:\WINDOWS\PIF 2007-03-25 16:34 1,046 --a------ C:\WINDOWS\mozver.dat 2007-03-24 16:03 <DIR> d-------- C:\Program Files\IE7pro 2007-03-24 16:03 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\IE7pro 2007-03-24 14:45 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\Nvu 2007-03-24 14:44 <DIR> d-------- C:\Program Files\Nvu 2007-03-22 19:15 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll 2007-03-22 19:13 581,632 -ra------ C:\WINDOWS\system32\hpotscl.dll 2007-03-22 19:13 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll 2007-03-22 19:05 19,696 --------- C:\WINDOWS\hpomdl05.dat 2007-03-22 14:39 <DIR> d-------- C:\DOCUME~1\Tony\.DownloadManager 2007-03-22 13:45 <DIR> d-------- C:\Program Files\Celestia 2007-03-21 18:30 <DIR> d-------- C:\Program Files\Trend Micro 2007-03-21 14:08 <DIR> d-------- C:\b4c2fc34dca1bd5c86d486e18c 2007-03-21 13:11 <DIR> d-------- C:\220770b1bfb545b4560166 2007-03-21 13:09 <DIR> d-------- C:\14f6377c0c57f699a69534fb4d 2007-03-21 13:03 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\Windows Desktop Search 2007-03-21 13:02 <DIR> d-------- C:\Program Files\Windows Desktop Search 2007-03-21 10:46 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-03-21 10:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-03-21 10:09 <DIR> d-------- C:\3e26b4e7c3febe22c578887e2ec6e9 2007-03-20 16:27 <DIR> d--h----- C:\WINDOWS\Icons 2007-03-20 16:08 <DIR> d-------- C:\Program Files\iTunes 2007-03-20 16:08 <DIR> d-------- C:\Program Files\iPod 2007-03-20 16:02 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-03-20 16:02 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2007-03-20 16:02 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\TuneUp Software 2007-03-20 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software 2007-03-20 05:51 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback 2007-03-20 05:03 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2007-03-20 04:58 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-03-20 04:48 <DIR> d-------- C:\Program Files\MediaMonkey 2007-03-18 17:56 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-03-18 17:55 <DIR> d-------- C:\Program Files\Real 2007-03-18 17:55 <DIR> d-------- C:\Program Files\Common Files\Real 2007-03-18 17:54 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\Real 2007-03-18 12:01 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\DivX 2007-03-18 12:00 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-03-18 12:00 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-03-18 12:00 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-03-17 10:21 178,408 --a------ C:\WINDOWS\system32\muweb.dll 2007-03-17 10:21 127,208 --a------ C:\WINDOWS\system32\mucltui.dll 2007-03-17 10:20 <DIR> d-------- C:\Program Files\Microsoft Network Monitor 3.0 2007-03-16 18:02 <DIR> d-------- C:\Program Files\DivX 2007-03-16 13:34 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint 2007-03-16 08:41 <DIR> d-------- C:\Program Files\PaulB 2007-03-16 08:41 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\Get Mail 2007-03-15 11:18 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\OfficeUpdate12 2007-03-15 10:43 <DIR> d-------- C:\Program Files\Windows Live Local for Outlook 2007-03-15 10:09 <DIR> d-------- C:\Program Files\Microsoft Small Business 2007-03-15 09:47 <DIR> d-------- C:\WINDOWS\system32\Backup 2007-03-15 09:47 <DIR> d-------- C:\WINDOWS\SQLHotfix 2007-03-15 09:45 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll 2007-03-15 09:45 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll 2007-03-15 09:42 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2007-03-15 08:02 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead 2007-03-13 16:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage 2007-03-13 15:58 <DIR> d-------- C:\Program Files\MSECache 2007-03-11 07:30 <DIR> d-------- C:\DOCUME~1\Tony\APPLIC~1\AdobeAUM 2007-03-10 18:33 36,864 --------- C:\WINDOWS\system32\wbsys.dll 2007-03-10 18:33 20,480 --a------ C:\WINDOWS\system32\wbload.dll 2007-03-10 18:33 <DIR> d-------- C:\Program Files\Stardock 2007-03-07 19:45 <DIR> d-------- C:\Program Files\QuickTime (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-06 03:10 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-04-05 03:20 -------- d-------- C:\Program Files\norton internet security 2007-04-05 03:18 -------- d-------- C:\Program Files\symantec 2007-04-04 04:57 -------- d-------- C:\Program Files\java 2007-04-03 05:27 -------- d-------- C:\Program Files\spywareblaster 2007-04-02 16:04 -------- d-------- C:\Program Files\Common Files\wise installation wizard 2007-03-31 09:34 -------- d-------- C:\Program Files\messenger 2007-03-30 10:41 -------- d-------- C:\Program Files\Common Files\lightscribe 2007-03-28 16:06 -------- d-------- C:\Program Files\msn messenger 2007-03-26 11:45 -------- d-------- C:\Program Files\microsoft works 2007-03-23 12:29 -------- d-------- C:\Program Files\particleg 2007-03-23 12:27 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\uniblue 2007-03-22 19:18 -------- d-------- C:\Program Files\hp 2007-03-20 15:29 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-03-20 08:53 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\ahead 2007-03-14 11:35 -------- d-------- C:\Program Files\hewlett-packard 2007-03-11 07:44 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\adobeum 2007-03-11 07:36 -------- d--h----- C:\Program Files\installshield installation information 2007-03-08 18:14 -------- d-------- C:\Program Files\gemmaster 2007-03-08 18:14 -------- d-------- C:\Program Files\espnmotion 2007-03-08 18:14 -------- d-------- C:\Program Files\englishotto 2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-06 16:12 -------- d-------- C:\Program Files\trillian 2007-03-05 13:34 676224 --a------ C:\WINDOWS\system32\ogacheckcontrol.dll 2007-03-05 07:23 -------- d-------- C:\Program Files\Common Files\hp 2007-02-28 05:50 -------- d-------- C:\Program Files\Common Files\sonic shared 2007-02-28 05:21 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\image zone express 2007-02-28 04:54 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\printer info cache 2007-02-28 04:50 2845 --a------ C:\DOCUME~1\Tony\APPLIC~1\hpcom_48bitscanupdate.log 2007-02-28 03:39 -------- d-------- C:\Program Files\google 2007-02-27 14:52 -------- d-------- C:\Program Files\windows media connect 2 2007-02-27 14:52 -------- d-------- C:\Program Files\rgb 2007-02-27 14:52 -------- d-------- C:\Program Files\music_now 2007-02-27 14:52 -------- d-------- C:\Program Files\msn encarta plus 2007-02-25 18:24 -------- d-------- C:\Program Files\logo cre8or 2007-02-25 09:50 -------- d-------- C:\Program Files\back2zip 2007-02-25 09:36 -------- d-------- C:\Program Files\ccleaner 2007-02-25 06:48 -------- d-------- C:\Program Files\backup plus 2007-02-23 17:38 -------- d-------- C:\Program Files\filemaker 2007-02-23 17:38 -------- d-------- C:\Program Files\Common Files\odbc 2007-02-23 00:29 524288 --a------ C:\WINDOWS\system32\divxsm.exe 2007-02-23 00:29 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-02-23 00:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-02-23 00:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-02-23 00:29 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-02-23 00:29 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-02-23 00:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-02-23 00:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-02-23 00:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-02-23 00:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-02-23 00:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-02-23 00:25 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-02-23 00:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll 2007-02-23 00:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2007-02-23 00:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll 2007-02-23 00:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2007-02-23 00:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2007-02-23 00:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2007-02-23 00:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-02-21 16:37 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\epson 2007-02-21 16:04 -------- d-------- C:\Program Files\epson 2007-02-20 04:12 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\sun 2007-02-20 03:20 -------- d-------- C:\Program Files\hpq 2007-02-20 03:19 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\hewlett-packard 2007-02-20 02:55 0 -rahs---- C:\MSDOS.SYS 2007-02-20 02:55 0 -rahs---- C:\IO.SYS 2007-02-19 13:54 -------- d-------- C:\Program Files\mtv networks 2007-02-19 13:10 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\hp 2007-02-19 13:10 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\cyberlink 2007-02-18 21:39 -------- d-------- C:\Program Files\difx 2007-02-18 21:00 -------- d-------- C:\Program Files\broadcom 2007-02-18 20:34 37027 --a------ C:\WINDOWS\atmoun.exe 2007-02-18 18:38 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\pc tools 2007-02-18 14:54 -------- d-------- C:\Program Files\dtv 2007-02-18 11:33 -------- d-------- C:\Program Files\registryfix 2007-02-18 10:50 -------- d-------- C:\Program Files\Common Files\ahead 2007-02-18 10:48 -------- d-------- C:\Program Files\nero 2007-02-18 10:31 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll 2007-02-18 08:07 -------- d-------- C:\Program Files\lavasoft 2007-02-18 08:07 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\lavasoft 2007-02-17 19:22 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\apple computer 2007-02-17 16:40 -------- d-------- C:\Program Files\msbuild 2007-02-17 16:35 -------- d-------- C:\Program Files\reference assemblies 2007-02-17 13:52 -------- d-------- C:\Program Files\yahoo! 2007-02-17 13:08 0 --a------ C:\WINDOWS\nsreg.dat 2007-02-17 13:08 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\talkback 2007-02-17 12:36 -------- d-------- C:\Program Files\msxml 4.0 2007-02-17 11:05 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\google 2007-02-17 10:59 -------- d-------- C:\Program Files\windows plus 2007-02-17 10:59 -------- d-------- C:\Program Files\windows nt 2007-02-17 10:56 -------- d-------- C:\Program Files\synaptics 2007-02-17 10:56 -------- d-------- C:\Program Files\sonic 2007-02-17 10:55 -------- d-------- C:\Program Files\quickensetup 2007-02-17 10:55 -------- d-------- C:\Program Files\quicken 2007-02-17 10:54 -------- d-------- C:\Program Files\online services 2007-02-17 10:53 -------- d-------- C:\Program Files\netscape 2007-02-17 10:53 -------- d-------- C:\Program Files\muvee technologies 2007-02-17 10:53 -------- d-------- C:\Program Files\msn gaming zone 2007-02-17 10:53 -------- d-------- C:\Program Files\movie maker 2007-02-17 10:52 -------- d-------- C:\Program Files\microsoft money 2006 2007-02-17 10:52 -------- d-------- C:\Program Files\microsoft frontpage 2007-02-17 10:52 -------- d-------- C:\Program Files\hp rhapsody 2007-02-17 10:50 -------- d-------- C:\Program Files\digstream 2007-02-17 10:50 -------- d-------- C:\Program Files\conexant 2007-02-17 10:50 -------- d-------- C:\Program Files\Common Files\tivo shared 2007-02-17 10:50 -------- d-------- C:\Program Files\Common Files\surething shared 2007-02-17 10:50 -------- d-------- C:\Program Files\Common Files\speechengines 2007-02-17 10:50 -------- d-------- C:\Program Files\Common Files\palo alto software 2007-02-17 10:50 -------- d-------- C:\Program Files\Common Files\muvee technologies 2007-02-17 10:49 -------- d-------- C:\Program Files\Common Files\mssoap 2007-02-17 10:49 -------- d-------- C:\Program Files\Common Files\java 2007-02-17 10:49 -------- d-------- C:\Program Files\Common Files\intuit 2007-02-17 10:49 -------- d-------- C:\Program Files\Common Files\installshield 2007-02-17 10:49 -------- d-------- C:\Program Files\ati technologies 2007-02-17 10:43 -------- d-------- C:\DOCUME~1\Tony\APPLIC~1\intuit 2007-02-17 10:42 -------- d-------- C:\Program Files\Common Files\hewlett-packard 2007-02-15 21:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe 2007-02-05 15:43 1481728 --------- C:\WINDOWS\system32\mssrch.dll 2007-02-05 15:42 1504768 --------- C:\WINDOWS\system32\tquery.dll 2007-02-05 15:41 134656 --------- C:\WINDOWS\system32\uncdms.dll 2007-02-05 15:41 122368 --------- C:\WINDOWS\system32\uncph.dll 2007-02-05 15:41 108544 --------- C:\WINDOWS\system32\uncne.dll 2007-02-05 15:40 98304 --------- C:\WINDOWS\system32\unccplext.dll 2007-02-05 15:40 260096 --------- C:\WINDOWS\system32\oeph.dll 2007-02-05 15:36 52224 --------- C:\WINDOWS\system32\msstrc.dll 2007-02-05 15:36 27136 --------- C:\WINDOWS\system32\rtffilt.dll 2007-02-05 15:36 111104 --------- C:\WINDOWS\system32\xmlfilter.dll 2007-02-05 15:35 248320 --------- C:\WINDOWS\system32\msshsq.dll 2007-02-05 15:35 167424 --------- C:\WINDOWS\system32\mssphtb.dll 2007-02-05 15:34 300032 --------- C:\WINDOWS\system32\searchindexer.exe 2007-02-05 15:33 331776 --------- C:\WINDOWS\system32\mssph.dll 2007-02-05 15:32 65536 --------- C:\WINDOWS\system32\propdefs.dll 2007-02-05 15:32 182784 --------- C:\WINDOWS\system32\searchprotocolhost.exe 2007-02-05 15:31 76800 --------- C:\WINDOWS\system32\searchfilterhost.exe 2007-02-05 15:30 23552 --------- C:\WINDOWS\system32\msscb.dll 2007-02-05 15:29 98816 --------- C:\WINDOWS\system32\mssitlb.dll 2007-02-05 15:29 51200 --------- C:\WINDOWS\system32\msscntrs.dll 2007-02-05 15:29 255488 --------- C:\WINDOWS\system32\srchadmin.dll 2007-02-05 15:28 733696 --------- C:\WINDOWS\system32\propsys.dll 2007-02-05 15:28 32256 --------- C:\WINDOWS\system32\mssprxy.dll 2007-02-05 15:24 2048 --------- C:\WINDOWS\system32\uncres.dll 2007-02-05 15:24 11264 --------- C:\WINDOWS\system32\oephres.dll 2007-02-05 14:24 99999 --------- C:\WINDOWS\system32\structuredqueryschema.bin 2007-02-05 14:24 18271 --------- C:\WINDOWS\system32\structuredqueryschematrivial.bin 2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "TuneUp MemOptimizer"="\"C:\\Program Files\\TuneUp Utilities 2007\\MemOptimizer.exe\" autostart" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe" "hpWirelessAssistant"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,\ 65,77,6c,65,74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,57,69,72,65,6c,65,73,\ 73,20,41,73,73,69,73,74,61,6e,74,5c,48,50,57,41,4d,61,69,6e,2e,65,78,65,00 "eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "IntelliPoint"="\"c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" "ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "EPSON PictureMate 500"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9TE.EXE /P21 \"EPSON PictureMate 500\" /O6 \"USB001\" /M \"PictureMate 500\"" "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe" "Synchronization Manager"="%SystemRoot%\\system32\\mobsync.exe /logon" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "GreyMSIAds"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Tony.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-06 3:57:09 C:\ComboFix-quarantined-files.txt ... 07-04-06 03:57
__________________
"Things should be made as simple as possible, but not any simpler." |
|
|
|
|
04-06-2007, 05:01 AM
|
#6 (permalink) |
|
Registered User
|
Re: I am infected real bad, Please help!
Here's the OTMoveIt Log.
C:\Program Files\wt3d.ini moved successfully. C:\WINDOWS\unvise32.exe moved successfully. C:\WINDOWS\system32\TUKernel.exe moved successfully. C:\WINDOWS\system32\d3d9caps.dat moved successfully. C:\WINDOWS\iun6002.exe moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully. C:\Program Files\Viewpoint moved successfully. Created on 04/06/2007 03:41:51
__________________
"Things should be made as simple as possible, but not any simpler." |
|
|
|
|
04-06-2007, 05:04 AM
|
#7 (permalink) |
|
Registered User
|
Re: I am infected real bad, Please help!
Here's my HijackThis log.
Logfile of HijackThis v1.99.1 Scan saved at 7:02:57 AM, on 4/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20239.www2.hp.com/techcenter...p_syscheck.htm O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Links to this page - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm O8 - Extra context menu item: &Similar pages - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Look up in Mr&Check... - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm O8 - Extra context menu item: Open in &new window - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm O8 - Extra context menu item: Search with &Google - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm O8 - Extra context menu item: Show page from the &cache - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gcache.htm O8 - Extra context menu item: Translate this page with Google - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm O8 - Extra context menu item: View old version at &archives.org - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm O8 - Extra context menu item: Zoom &in - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm O8 - Extra context menu item: Zoom &out - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
__________________
"Things should be made as simple as possible, but not any simpler." |
|
|
|
|
04-06-2007, 09:44 AM
|
#8 (permalink) | |
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Re: I am infected real bad, Please help!
Hi Ring Tone,
Quote:
OK, let’s do this next. Please run OTMoveIt and quarantine the following files/folders (please also remember to copy the Results report and paste it in your next reply for me to see): C:\New Downloads\Nero-7.7.5.1_eng_trial.exe C:\Program Files\DIGStream\digstream.exe C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi C:\WINDOWS\atmoun.exe C:\Ntf1B.tmp C:\Ntf1C.tmp NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply:
How are things running now? Please let me know of any problems that still persist.
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 04-06-2007 at 09:48 AM. |
|
|
|
|
|
04-07-2007, 04:51 AM
|
#9 (permalink) |
|
Registered User
|
Re: I am infected real bad, Please help!
Here's a copy of the OTMoveIt Result:
C:\New Downloads\Nero-7.7.5.1_eng_trial.exe moved successfully. C:\Program Files\DIGStream\digstream.exe moved successfully. C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe moved successfully. C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi moved successfully. C:\WINDOWS\atmoun.exe moved successfully. C:\Ntf1B.tmp moved successfully. C:\Ntf1C.tmp moved successfully. Created on 04/07/2007 06:46:55 Is this where the virus actually is/was? As far as how my comp is running, I will have to give it a good go over the weekend. i know i do need some ram or maybe it was the virus that was robbing me of ram power. My 512 don't seem to measure up. Do you have any suggestion on where I can get a 1g for my laptop? Also, can I use a 1g module in one slot and a 256mb in the other slot?
__________________
"Things should be made as simple as possible, but not any simpler." |
|
|
|
|
04-07-2007, 05:04 AM
|
#10 (permalink) |
|
Registered User
|
Re: I am infected real bad, Please help!
My comp seem to be a bit slow loading some programs but, like I said before, it could be the low ram and me running all these high ram usage software. What do you think. Please not that I mostly use Firefox with alot of add-ons to protect and fancy up the browser.
Here's a copy of my the HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 7:00:56 AM, on 4/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\msiexec.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\HPZinw12.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\Tony.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20239.www2.hp.com/techcenter...p_syscheck.htm O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Links to this page - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm O8 - Extra context menu item: &Similar pages - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Look up in Mr&Check... - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm O8 - Extra context menu item: Open in &new window - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm O8 - Extra context menu item: Search with &Google - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm O8 - Extra context menu item: Show page from the &cache - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gcache.htm O8 - Extra context menu item: Translate this page with Google - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm O8 - Extra context menu item: View old version at &archives.org - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm O8 - Extra context menu item: Zoom &in - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm O8 - Extra context menu item: Zoom &out - C:\Documents and Settings\Tony\Application Data\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
__________________
"Things should be made as simple as possible, but not any simpler." |
|
|
|
|
04-08-2007, 05:35 AM
|
#11 (permalink) |
|
Registered User
|
Re: I am infected real bad, Please help!
I am happy to say that my comp is running a bit better but not by much. I did a virus scan again and it is telling me that I still have 2 virus and 11 infected objects. Here is the log for the latest kavscan:
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, April 08, 2007 7:29:24 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/04/2007 Kaspersky Anti-Virus database records: 292515 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ E:\ Z:\ Scan Statistics: Total number of scanned objects: 106680 Number of viruses found: 2 Number of infected objects: 11 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:52:14 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.9.Crwl Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.9.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wsb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy32.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Tony\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped C:\Documents and Settings\Tony\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped C:\Documents and Settings\Tony\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\cert8.db Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\history.dat Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\key3.db Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\parent.lock Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\search.sqlite Object is locked skipped C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Tony\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped C:\Documents and Settings\Tony\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\FORMS\IPM.Note.OctaneSMS\FSB1.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Application Data\Mozilla\Firefox\Profiles\qowc9wky.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Tony\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\History\History.IE5\MSHist012007040820070409\index.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\Perflib_Perfdata_b74.dat Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF1AE2.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF28F6.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF5EAD.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF5F28.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DF7C5F.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DFB7DB.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temp\~DFDBF3.tmp Object is locked skipped C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Tony\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Tony\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Tony\UserData\index.dat Object is locked skipped C:\Ntf23.tmp Object is locked skipped C:\Ntf24.tmp Object is locked skipped C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Microsoft Office\OFFICE11\STARTUP\PDFMaker.dot Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0354NAV~.TMP Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0793NAV~.TMP Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP161\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9A7D34E7-6D2C-444C-901F-C97619E45FB5}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{AD58F5B8-8641-4057-89EF-83C63F28A294}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\usgthrsvc\Perflib_Perfdata_680.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\_OTMoveIt\MovedFiles\New Downloads\Nero-7.7.5.1_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\_OTMoveIt\MovedFiles\New Downloads\Nero-7.7.5.1_eng_trial.exe RAR: infected - 1 skipped C:\_OTMoveIt\MovedFiles\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\_OTMoveIt\MovedFiles\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe/WISE0010.BIN/WISE0008.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\_OTMoveIt\MovedFiles\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe/WISE0010.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\_OTMoveIt\MovedFiles\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe WiseSFX: infected - 2 skipped C:\_OTMoveIt\MovedFiles\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe WiseSFX Dropper: infected - 2 skipped C:\_OTMoveIt\MovedFiles\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst/WISE0010.BIN/WISE0008.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\_OTMoveIt\MovedFiles\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst/WISE0010.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\_OTMoveIt\MovedFiles\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst Infected: not-a-virus:Downloader.Win32.DigStream skipped C:\_OTMoveIt\MovedFiles\SWSETUP\MedCtrFP\Samples\BonusDVD.msi Embedded: infected - 3 skipped Scan process completed.
__________________
"Things should be made as simple as possible, but not any simpler." |
|
|
|
|
04-08-2007, 10:34 PM
|
#12 (permalink) | ||
|
Analyst, Security Team
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2
|
Re: I am infected real bad, Please help!
Hi Ring Tone,
I’m sorry for my late reply. I’ve been having Internet problems the last few days. Quote:
Sometimes, having too much RAM can also be a problem. For a Windows XP system, buying another 512 MB RAM chip to add to your existing 256 MB slot would be more than adequate for everyday uses. Sorry I can’t suggest where you can get a good deal on RAM chips. I don’t buy mine online, so I don’t have any experience with good vendors on this product. Quote:
You are also running Symantec, which could slow down a system substantially. In addition, running TuneUp Utilities memory optimizer doesn’t really optimize anything. XP optimizes memory usage, and any memory optimizer just reallocates memory to your hard drive. This would make your hard drive work harder, and shorten its shelf life. What Kaspersky found are in your OTMoveIt quarantine folder. These are now not active and don’t pose a danger to your system. You may delete the contents of the C:\_OTMoveIt\MovedFiles folder if you like. Otherwise, your system appears to be clean. NEXT: Everything looks great --- your HijackThis log appears to be clean. Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection. Hopefully this should take care of your problems! Good luck! Please respond one more time and let me know you received this post, so that it can be marked as resolved, unless you have other problems.
__________________
Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 04-08-2007 at 10:35 PM. |
||
|
|
|
|
04-09-2007, 11:35 AM
|
#13 (permalink) |
|
Registered User
|
Re: I am infected real bad, Please help!
[quote=Sempurna;855401]Hi Ring Tone,
I’m sorry for my late reply. I’ve been having Internet problems the last few days. I am sorry to hear that you are having internet problems. I figure you were busy or something. Thank you so much for your help, I really appreciate it a lot  I will be forever be in debt to you and TSF for this assistance. I think that whatever other issues my comp has, it is due to software or hardware probs, I think I am somewhat clean and free of malware or any undesirable spyware out there. Thanks again for you time and patience, Peace!
__________________
"Things should be made as simple as possible, but not any simpler." |
|
|
|
| Thread Tools | |
|
|
Re: I am infected real bad, Please help!
