Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Machine Slow Down and Popups galore
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 10-02-2007, 09:34 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Machine Slow Down and Popups galore
Hi,

I keep getting this message all the time"The procedure dnsfree could not be located in the DLL DNSAPI.DLL". I have done a search for these files online and could not find much info on this!! Also, most of the times, I am unable to open certain .exe files. It tells me that there is an Application error. So once I restart the computer, it opens up.

My PC has really slowed down considerably. There are a number of pop ups(Winantivirus etc..) which keep showing up all the time as well

I would appreciate any help with the above issues and cleaning up my computer! I'm afraid to do it anything on my own, I might delete something important!

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:46:08 PM, on 10/1/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
G:\WINNT\System32\smss.exe
G:\WINNT\system32\csrss.exe
G:\WINNT\system32\winlogon.exe
G:\WINNT\system32\services.exe
G:\WINNT\system32\lsass.exe
G:\WINNT\system32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINNT\system32\LEXBCES.EXE
G:\WINNT\system32\spoolsv.exe
G:\WINNT\system32\LEXPPS.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINNT\System32\svchost.exe
G:\WINNT\system32\gearsec.exe
G:\WINNT\system32\hidserv.exe
G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
G:\WINNT\system32\regsvc.exe
G:\WINNT\System32\SCardSvr.exe
G:\WINNT\system32\MSTask.exe
G:\WINNT\System32\WBEM\WinMgmt.exe
G:\WINNT\System32\mspmspsv.exe
G:\WINNT\system32\svchost.exe
G:\WINNT\system32\wuauclt.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
G:\WINNT\system32\pctspk.exe
G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\WINNT\system32\rundll32.exe
G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
G:\Program Files\Microsoft Office\Office\OSA.EXE
G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINNT\explorer.exe
G:\Prudential\Torrents\HiJackThis_v2.exe

O2 - BHO: (no name) - {232080F0-AE2B-48CA-81EE-76F28DC63385} - G:\WINNT\system32\urqpp.dll (file missing)
O2 - BHO: (no name) - {5E21664C-EF42-4330-B59F-32BFECA640F5} - G:\WINNT\system32\nnnlj.dll
O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - G:\WINNT\system32\yayyxyy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Editor plugin - {E5927A15-756E-40c3-957E-C020262D53B7} - eurodol.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - G:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [StrgSync.exe] G:\Storage Sync\StrgSync.exe -w
O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "G:\WINNT\system32\hbhawbnq.dll",sitypnow
O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/...tiveX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O20 - Winlogon Notify: yayyxyy - G:\WINNT\SYSTEM32\yayyxyy.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINNT\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINNT\system32\gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - G:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 8172 bytes
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-03-2007, 02:06 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop







2. Go to → Run → paste in the single line command & click OK
"%userprofile%\desktop\combofix.exe" /killall
3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-03-2007, 09:06 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
Hi sUBs,

Thanks a bunch for the response. I downloaded the file and entered the command. However, I get the error message that " Some installation files are corrupt. Please download a fresh copy and retry the installation". I click ok. Then I can see the WinRar self-extracting archive screen. The last message says:

CRC failed in catchme.cfexe
Unexpected end of archive

I downloaded again, but with the same error message.

Any suggestions?? Thanks in advance!
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-03-2007, 09:23 PM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
Please try this link > http://72.52.136.82/sectools/sUBs/ComboFix.exe
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 12:07 AM   #5 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
Hi,

I downloaded the file and followed the instructions. It started off well. It completed Stage_1 through Stage_6.

SED:-e expression#1, char 11:unmatched parenthesis
SED:-e expression#1, char 10:unmatched parenthesis
Completed Stage_6A

Then this error message

Program Error-"swreg.cfexe.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created. OK"

SED:-e expression#1, char 19:unmatched parenthesis
Completed Stage_7 through Stage_10

Same Error Message. THis error message keeps coming up all the time. I keep clicking ok.

Completed Stage_11 through Stage29. FInally the message that:

The process cannot access the file becasue it is being used by another process

Completed Stage 30..and it just stopped at that..I will check back later in the morning, if anything happened after this.

But when is this supposed to complete usually?

Thanks once again for your assistance!!
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 12:13 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
Reboot to Safe Mode.

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.

Run ComboFix from there
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 06:44 AM   #7 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
HI,

I was finally able to get the scan done using Safe Mode. Here's the ComboFix.exe log file:

ComboFix 07-10-04.5 - Administrator 2007-10-04 1:50:17.4 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.170 [GMT -4:00]
Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINNT\system32\amqubrji.dll
G:\WINNT\system32\ijrbuqma.ini
G:\WINNT\system32\nnnlj.dll
G:\WINNT\system32\oifhkssa.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 00:26 77,376 --a------ G:\WINNT\system32\bivscagx.dll
2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe
2007-10-02 07:16 77,376 --a------ G:\WINNT\system32\lypndyud.dll
2007-10-01 22:08 87,104 --a------ G:\WINNT\system32\mkhxwxpf.dll
2007-10-01 22:07 87,104 --a------ G:\WINNT\system32\rtvndrsa.dll
2007-10-01 22:05 87,104 --a------ G:\WINNT\system32\yyggsufs.dll
2007-10-01 22:05 87,104 --a------ G:\WINNT\system32\lsuclnfq.dll
2007-10-01 22:02 87,104 --a------ G:\WINNT\system32\wriwqpnl.dll
2007-10-01 22:02 87,104 --a------ G:\WINNT\system32\cnqftivq.dll
2007-10-01 21:59 87,104 --a------ G:\WINNT\system32\roivkwhv.dll
2007-10-01 21:59 87,104 --a------ G:\WINNT\system32\iygqbexj.dll
2007-10-01 21:56 87,104 --a------ G:\WINNT\system32\qhqrdatp.dll
2007-10-01 21:56 87,104 --a------ G:\WINNT\system32\qeduvhdb.dll
2007-10-01 21:53 87,104 --a------ G:\WINNT\system32\offglegc.dll
2007-10-01 21:53 87,104 --a------ G:\WINNT\system32\gjatfvum.dll
2007-10-01 21:50 87,104 --a------ G:\WINNT\system32\kyevgupy.dll
2007-10-01 21:50 87,104 --a------ G:\WINNT\system32\gwodgcbg.dll
2007-10-01 21:47 87,104 --a------ G:\WINNT\system32\quuwjwfo.dll
2007-10-01 21:47 87,104 --a------ G:\WINNT\system32\bhjfpsan.dll
2007-10-01 21:44 87,104 --a------ G:\WINNT\system32\hruthwsn.dll
2007-10-01 21:44 87,104 --a------ G:\WINNT\system32\fvavyqds.dll
2007-10-01 21:42 87,104 --a------ G:\WINNT\system32\lusrxvfn.dll
2007-10-01 21:42 87,104 --a------ G:\WINNT\system32\lgtsgidi.dll
2007-10-01 21:38 87,104 --a------ G:\WINNT\system32\eurtyesj.dll
2007-10-01 21:35 87,104 --a------ G:\WINNT\system32\litpykwx.dll
2007-10-01 21:35 87,104 --a------ G:\WINNT\system32\hvxooxgp.dll
2007-10-01 21:31 87,104 --a------ G:\WINNT\system32\qvjkeosm.dll
2007-10-01 21:31 87,104 --a------ G:\WINNT\system32\bvuhlaee.dll
2007-10-01 21:28 87,104 --a------ G:\WINNT\system32\yjvmxdas.dll
2007-10-01 21:28 87,104 --a------ G:\WINNT\system32\inyqvjov.dll
2007-10-01 21:25 87,104 --a------ G:\WINNT\system32\xavsbaov.dll
2007-10-01 21:25 87,104 --a------ G:\WINNT\system32\ptmkrnhd.dll
2007-10-01 21:22 87,104 --a------ G:\WINNT\system32\nymqpqrg.dll
2007-10-01 21:22 87,104 --a------ G:\WINNT\system32\fkrglfbr.dll
2007-10-01 21:19 87,104 --a------ G:\WINNT\system32\txlyfbef.dll
2007-10-01 21:19 87,104 --a------ G:\WINNT\system32\qfjavudw.dll
2007-10-01 21:16 87,104 --a------ G:\WINNT\system32\ohghquvr.dll
2007-10-01 21:16 87,104 --a------ G:\WINNT\system32\cmmpabwe.dll
2007-10-01 21:13 87,104 --a------ G:\WINNT\system32\tpnhrdrl.dll
2007-10-01 21:13 87,104 --a------ G:\WINNT\system32\gaiwgjma.dll
2007-10-01 21:10 87,104 --a------ G:\WINNT\system32\ujvrdkrc.dll
2007-10-01 21:10 87,104 --a------ G:\WINNT\system32\jalbbgib.dll
2007-10-01 21:07 87,104 --a------ G:\WINNT\system32\xxteuidn.dll
2007-10-01 21:07 87,104 --a------ G:\WINNT\system32\svrxqcgd.dll
2007-10-01 21:04 87,104 --a------ G:\WINNT\system32\oipvkcea.dll
2007-10-01 21:04 87,104 --a------ G:\WINNT\system32\oibgggbn.dll
2007-10-01 21:01 87,104 --a------ G:\WINNT\system32\fhbblpuy.dll
2007-10-01 21:01 87,104 --a------ G:\WINNT\system32\aklqnrje.dll
2007-10-01 20:58 87,104 --a------ G:\WINNT\system32\psklumhh.dll
2007-10-01 20:58 87,104 --a------ G:\WINNT\system32\ivociwvj.dll
2007-10-01 20:55 87,104 --a------ G:\WINNT\system32\htevgmkp.dll
2007-10-01 20:55 87,104 --a------ G:\WINNT\system32\ghopinwc.dll
2007-10-01 20:52 87,104 --a------ G:\WINNT\system32\opeqouao.dll
2007-10-01 20:52 87,104 --a------ G:\WINNT\system32\gdtjifyx.dll
2007-10-01 20:49 87,104 --a------ G:\WINNT\system32\icsrebhe.dll
2007-10-01 20:49 87,104 --a------ G:\WINNT\system32\hxefxvpq.dll
2007-10-01 20:46 87,104 --a------ G:\WINNT\system32\shwxvsre.dll
2007-10-01 20:46 87,104 --a------ G:\WINNT\system32\qwnvhrnm.dll
2007-10-01 20:43 87,104 --a------ G:\WINNT\system32\nqtobhxe.dll
2007-10-01 20:43 87,104 --a------ G:\WINNT\system32\ctxxdnhg.dll
2007-10-01 20:40 87,104 --a------ G:\WINNT\system32\xcjmqrsa.dll
2007-10-01 20:40 87,104 --a------ G:\WINNT\system32\hhkcxcmf.dll
2007-10-01 20:37 87,104 --a------ G:\WINNT\system32\xdmypggo.dll
2007-10-01 20:37 87,104 --a------ G:\WINNT\system32\vgjjtbyv.dll
2007-10-01 20:34 87,104 --a------ G:\WINNT\system32\tchepvri.dll
2007-10-01 20:34 87,104 --a------ G:\WINNT\system32\hikhvhab.dll
2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\ppjaaong.dll
2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\htgkstjr.dll
2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\cuuswqsk.dll
2007-10-01 20:28 87,104 --a------ G:\WINNT\system32\ruaqdlka.dll
2007-10-01 20:25 87,104 --a------ G:\WINNT\system32\xwylcxuo.dll
2007-10-01 20:22 87,104 --a------ G:\WINNT\system32\gjbwjsgu.dll
2007-10-01 20:19 87,104 --a------ G:\WINNT\system32\iamuhakk.dll
2007-10-01 20:16 87,104 --a------ G:\WINNT\system32\riemfeeh.dll
2007-10-01 20:13 87,104 --a------ G:\WINNT\system32\ewcotnkr.dll
2007-10-01 20:10 87,104 --a------ G:\WINNT\system32\mfskrytk.dll
2007-10-01 20:07 87,104 --a------ G:\WINNT\system32\wlqvlcju.dll
2007-10-01 20:04 87,104 --a------ G:\WINNT\system32\vdlctiow.dll
2007-10-01 20:01 87,104 --a------ G:\WINNT\system32\jsatqwtb.dll
2007-10-01 19:58 87,104 --a------ G:\WINNT\system32\erjtxuup.dll
2007-10-01 19:55 87,104 --a------ G:\WINNT\system32\txxdnexa.dll
2007-10-01 19:52 87,104 --a------ G:\WINNT\system32\ghpoindo.dll
2007-10-01 19:49 87,104 --a------ G:\WINNT\system32\ekuvipoi.dll
2007-10-01 19:46 87,104 --a------ G:\WINNT\system32\dpahtugk.dll
2007-10-01 19:43 87,104 --a------ G:\WINNT\system32\cwhgscpj.dll
2007-10-01 19:40 87,104 --a------ G:\WINNT\system32\xhvlulcf.dll
2007-10-01 19:37 87,104 --a------ G:\WINNT\system32\sxlnoynq.dll
2007-10-01 19:34 87,104 --a------ G:\WINNT\system32\ruiaxmev.dll
2007-10-01 19:31 87,104 --a------ G:\WINNT\system32\qnhmfklh.dll
2007-10-01 19:28 87,104 --a------ G:\WINNT\system32\nidetfyv.dll
2007-10-01 19:25 87,104 --a------ G:\WINNT\system32\rmqvvjxt.dll
2007-10-01 19:22 87,104 --a------ G:\WINNT\system32\ydlgvdms.dll
2007-10-01 19:19 87,104 --a------ G:\WINNT\system32\vvlsrtde.dll
2007-10-01 19:16 87,104 --a------ G:\WINNT\system32\ftagujyy.dll
2007-10-01 19:13 87,104 --a------ G:\WINNT\system32\nnqlaftj.dll
2007-10-01 19:10 87,104 --a------ G:\WINNT\system32\nwvcglok.dll
2007-10-01 19:10 87,104 --a------ G:\WINNT\system32\cftohyqf.dll
2007-10-01 19:07 87,104 --a------ G:\WINNT\system32\yfluxlpb.dll
2007-10-01 19:07 87,104 --a------ G:\WINNT\system32\tebvclxe.dll
2007-10-01 19:04 87,104 --a------ G:\WINNT\system32\hpctiefw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-10-04 01:27 --------- d-------- G:\Program Files\Common Files\Symantec Shared
07-10-04 00:12 --------- d-------- G:\Program Files\eMule
07-10-03 19:57 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent
07-10-02 22:52 --------- d-------- G:\Program Files\vso
07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE
07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me
07-09-28 17:26 --------- d-------- G:\Program Files\Media
07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos
07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos
07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink
07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast
07-08-29 22:33 --------- d-------- G:\Program Files\SopCast
07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus
07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder
07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE
07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe
03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini
03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt
02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll
02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll
02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll
01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys
00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{232080F0-AE2B-48CA-81EE-76F28DC63385}]
G:\WINNT\system32\urqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5927A15-756E-40c3-957E-C020262D53B7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ]
"PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ]
"PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe]
"Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ]
"StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ]
"OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ]
"ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ]
"ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ]
"UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ]
"PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ]
"Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys
S1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys
S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS
S2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys
S3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys
S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS
S3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 04:00:00 G:\WINNT\Tasks\At1.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 13:00:01 G:\WINNT\Tasks\At10.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 14:00:00 G:\WINNT\Tasks\At11.job"
"2007-10-03 15:00:00 G:\WINNT\Tasks\At12.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 16:00:00 G:\WINNT\Tasks\At13.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 17:00:00 G:\WINNT\Tasks\At14.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 18:00:00 G:\WINNT\Tasks\At15.job"
"2007-10-03 19:00:00 G:\WINNT\Tasks\At16.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 20:00:00 G:\WINNT\Tasks\At17.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 21:00:00 G:\WINNT\Tasks\At18.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 22:00:00 G:\WINNT\Tasks\At19.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-04 05:00:00 G:\WINNT\Tasks\At2.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 23:00:12 G:\WINNT\Tasks\At20.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 00:00:00 G:\WINNT\Tasks\At21.job"
"2007-10-04 01:00:02 G:\WINNT\Tasks\At22.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-04 02:00:00 G:\WINNT\Tasks\At23.job"
"2007-10-04 03:00:00 G:\WINNT\Tasks\At24.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 06:00:01 G:\WINNT\Tasks\At3.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 07:00:01 G:\WINNT\Tasks\At4.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 08:00:00 G:\WINNT\Tasks\At5.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 09:00:00 G:\WINNT\Tasks\At6.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 10:00:00 G:\WINNT\Tasks\At7.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 11:00:00 G:\WINNT\Tasks\At8.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 12:00:00 G:\WINNT\Tasks\At9.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-04 05:27:06 G:\WINNT\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 02:03:27
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 7:23:36 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 07-10-04 07:23
.
--- E O F ---

And here's the Hijackthis log file(also in Safe Mode):

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:25:34 AM, on 10/4/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
Boot mode: Safe mode

Running processes:
G:\WINNT\System32\smss.exe
G:\WINNT\system32\winlogon.exe
G:\WINNT\system32\services.exe
G:\WINNT\system32\lsass.exe
G:\WINNT\system32\svchost.exe
G:\Program Files\Spyware Doctor\svcntaux.exe
G:\Program Files\Spyware Doctor\swdsvc.exe
G:\WINNT\System32\WBEM\WinMgmt.exe
G:\WINNT\Explorer.EXE
G:\WINNT\system32\notepad.exe
G:\Prudential\Torrents\HiJackThis_v2.exe

O2 - BHO: (no name) - {232080F0-AE2B-48CA-81EE-76F28DC63385} - G:\WINNT\system32\urqpp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Editor plugin - {E5927A15-756E-40c3-957E-C020262D53B7} - eurodol.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - G:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [StrgSync.exe] G:\Storage Sync\StrgSync.exe -w
O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/...tiveX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINNT\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINNT\system32\gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - G:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6587 bytes

Thanks once again for your help!!
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 07:06 AM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
Looks like we have a fair bit of work to do.

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:
@echo off

for %%g in (
G:\WINNT\system32\yyggsufs.dll
G:\WINNT\system32\lsuclnfq.dll
G:\WINNT\system32\wriwqpnl.dll
G:\WINNT\system32\cnqftivq.dll
G:\WINNT\system32\roivkwhv.dll
G:\WINNT\system32\iygqbexj.dll
G:\WINNT\system32\qhqrdatp.dll
G:\WINNT\system32\qeduvhdb.dll
G:\WINNT\system32\offglegc.dll
G:\WINNT\system32\gjatfvum.dll
G:\WINNT\system32\kyevgupy.dll
G:\WINNT\system32\gwodgcbg.dll
G:\WINNT\system32\quuwjwfo.dll
G:\WINNT\system32\bhjfpsan.dll
G:\WINNT\system32\hruthwsn.dll
G:\WINNT\system32\fvavyqds.dll
G:\WINNT\system32\lusrxvfn.dll
G:\WINNT\system32\lgtsgidi.dll
G:\WINNT\system32\eurtyesj.dll
G:\WINNT\system32\litpykwx.dll
G:\WINNT\system32\hvxooxgp.dll
G:\WINNT\system32\qvjkeosm.dll
G:\WINNT\system32\bvuhlaee.dll
G:\WINNT\system32\yjvmxdas.dll
G:\WINNT\system32\inyqvjov.dll
G:\WINNT\system32\xavsbaov.dll
G:\WINNT\system32\ptmkrnhd.dll
G:\WINNT\system32\nymqpqrg.dll
G:\WINNT\system32\fkrglfbr.dll
G:\WINNT\system32\txlyfbef.dll
G:\WINNT\system32\qfjavudw.dll
G:\WINNT\system32\ohghquvr.dll
G:\WINNT\system32\cmmpabwe.dll
G:\WINNT\system32\tpnhrdrl.dll
G:\WINNT\system32\gaiwgjma.dll
G:\WINNT\system32\ujvrdkrc.dll
G:\WINNT\system32\jalbbgib.dll
G:\WINNT\system32\xxteuidn.dll
G:\WINNT\system32\svrxqcgd.dll
G:\WINNT\system32\oipvkcea.dll
G:\WINNT\system32\oibgggbn.dll
G:\WINNT\system32\fhbblpuy.dll
G:\WINNT\system32\aklqnrje.dll
G:\WINNT\system32\psklumhh.dll
G:\WINNT\system32\ivociwvj.dll
G:\WINNT\system32\htevgmkp.dll
G:\WINNT\system32\ghopinwc.dll
G:\WINNT\system32\opeqouao.dll
G:\WINNT\system32\gdtjifyx.dll
G:\WINNT\system32\icsrebhe.dll
G:\WINNT\system32\hxefxvpq.dll
G:\WINNT\system32\shwxvsre.dll
G:\WINNT\system32\qwnvhrnm.dll
G:\WINNT\system32\nqtobhxe.dll
G:\WINNT\system32\ctxxdnhg.dll
G:\WINNT\system32\xcjmqrsa.dll
G:\WINNT\system32\hhkcxcmf.dll
G:\WINNT\system32\xdmypggo.dll
G:\WINNT\system32\vgjjtbyv.dll
G:\WINNT\system32\tchepvri.dll
G:\WINNT\system32\hikhvhab.dll
G:\WINNT\system32\ppjaaong.dll
G:\WINNT\system32\htgkstjr.dll
G:\WINNT\system32\cuuswqsk.dll
G:\WINNT\system32\ruaqdlka.dll
G:\WINNT\system32\xwylcxuo.dll
G:\WINNT\system32\gjbwjsgu.dll
G:\WINNT\system32\iamuhakk.dll
G:\WINNT\system32\riemfeeh.dll
G:\WINNT\system32\ewcotnkr.dll
G:\WINNT\system32\mfskrytk.dll
G:\WINNT\system32\wlqvlcju.dll
G:\WINNT\system32\vdlctiow.dll
G:\WINNT\system32\jsatqwtb.dll
G:\WINNT\system32\erjtxuup.dll
G:\WINNT\system32\txxdnexa.dll
G:\WINNT\system32\ghpoindo.dll
G:\WINNT\system32\ekuvipoi.dll
G:\WINNT\system32\dpahtugk.dll
G:\WINNT\system32\cwhgscpj.dll
G:\WINNT\system32\xhvlulcf.dll
G:\WINNT\system32\sxlnoynq.dll
G:\WINNT\system32\ruiaxmev.dll
G:\WINNT\system32\qnhmfklh.dll
G:\WINNT\system32\nidetfyv.dll
G:\WINNT\system32\rmqvvjxt.dll
G:\WINNT\system32\ydlgvdms.dll
G:\WINNT\system32\vvlsrtde.dll
G:\WINNT\system32\ftagujyy.dll
G:\WINNT\system32\nnqlaftj.dll
G:\WINNT\system32\nwvcglok.dll
G:\WINNT\system32\cftohyqf.dll
G:\WINNT\system32\yfluxlpb.dll
G:\WINNT\system32\tebvclxe.dll
G:\WINNT\system32\hpctiefw.dll
) do (
attrib -h -r -s -a %%g
move /y %%~g C:\Qoobox\quarantine\c%%~pnxg.vir
)
del G:\WINNT\Tasks\At*.job /Q
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run


--------------


Next, open notepad again and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/185504-machine-slow-down-popups-galore.html
Collect::
G:\WINNT\system32\bivscagx.dll
G:\WINNT\system32\lypndyud.dll
G:\WINNT\system32\mkhxwxpf.dll
G:\WINNT\system32\rtvndrsa.dll
G:\WINNT\system32\kpOdCh6W.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{232080F0-AE2B-48CA-81EE-76F28DC63385}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5927A15-756E-40c3-957E-C020262D53B7}]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Please submit this file.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 08:37 AM   #9 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
Hi,

Thanks for the prompt response. I am at work now and will get to machine later in the evening. Should I do all the suggestions through the Safe Mode?

Also, even in the Safe Mode, I get the Norton Anti Virus Message that there is malicious activity and script needs to stop. How do i disable the Norton Anti Virus(since I am not using that anymore)?

Thanks.
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 09:08 AM   #10 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
Quote:
How do i disable the Norton Anti Virus
Do you mean to uninstall Norton? Have you tried Control Panel's Add/Remove section ?
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 09:26 AM   #11 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
Yes. Unable to remove from Add/Remove section for the Norton Anti Virus.. I am looking forward to apply the fixes on my home machine this evening!!

Also, I am guessing I can perform the above activities in the Safe Mode
Last edited by mohanlal2000; 10-04-2007 at 09:27 AM. Reason: Addition
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 09:38 AM   #12 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
Please use this guide for removing Norton > http://basconotw.mvps.org/SymRem.htm
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 05:26 PM   #13 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
Hi,

Here's the update:

(1) Ran fix.bat ----It ran for a minute or so.(said it cannot find the file) and then closed out. It no longer shows on my desktop

(2) Ran cfscript

Output of ComboFix.txt

ComboFix 07-10-04.5 - Administrator 10/04/2007 17:52:14.5 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.79 [GMT -4:00]
Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINNT\system32\bivscagx.dll
G:\WINNT\system32\lypndyud.dll
G:\WINNT\system32\mkhxwxpf.dll
G:\WINNT\system32\rtvndrsa.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 18:00 16,384 --a----t- G:\WINNT\system32\Perflib_Perfdata_4b0.dat
2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe
2007-10-01 22:05 87,104 --------- G:\WINNT\system32\yyggsufs.dll
2007-10-01 22:05 87,104 --------- G:\WINNT\system32\lsuclnfq.dll
2007-10-01 22:02 87,104 --------- G:\WINNT\system32\wriwqpnl.dll
2007-10-01 22:02 87,104 --------- G:\WINNT\system32\cnqftivq.dll
2007-10-01 21:59 87,104 --------- G:\WINNT\system32\roivkwhv.dll
2007-10-01 21:59 87,104 --------- G:\WINNT\system32\iygqbexj.dll
2007-10-01 21:56 87,104 --------- G:\WINNT\system32\qhqrdatp.dll
2007-10-01 21:56 87,104 --------- G:\WINNT\system32\qeduvhdb.dll
2007-10-01 21:53 87,104 --------- G:\WINNT\system32\offglegc.dll
2007-10-01 21:53 87,104 --------- G:\WINNT\system32\gjatfvum.dll
2007-10-01 21:50 87,104 --------- G:\WINNT\system32\kyevgupy.dll
2007-10-01 21:50 87,104 --------- G:\WINNT\system32\gwodgcbg.dll
2007-10-01 21:47 87,104 --------- G:\WINNT\system32\quuwjwfo.dll
2007-10-01 21:47 87,104 --------- G:\WINNT\system32\bhjfpsan.dll
2007-10-01 21:44 87,104 --------- G:\WINNT\system32\hruthwsn.dll
2007-10-01 21:44 87,104 --------- G:\WINNT\system32\fvavyqds.dll
2007-10-01 21:42 87,104 --------- G:\WINNT\system32\lusrxvfn.dll
2007-10-01 21:42 87,104 --------- G:\WINNT\system32\lgtsgidi.dll
2007-10-01 21:38 87,104 --------- G:\WINNT\system32\eurtyesj.dll
2007-10-01 21:35 87,104 --------- G:\WINNT\system32\litpykwx.dll
2007-10-01 21:35 87,104 --------- G:\WINNT\system32\hvxooxgp.dll
2007-10-01 21:31 87,104 --------- G:\WINNT\system32\qvjkeosm.dll
2007-10-01 21:31 87,104 --------- G:\WINNT\system32\bvuhlaee.dll
2007-10-01 21:28 87,104 --------- G:\WINNT\system32\yjvmxdas.dll
2007-10-01 21:28 87,104 --------- G:\WINNT\system32\inyqvjov.dll
2007-10-01 21:25 87,104 --------- G:\WINNT\system32\xavsbaov.dll
2007-10-01 21:25 87,104 --------- G:\WINNT\system32\ptmkrnhd.dll
2007-10-01 21:22 87,104 --------- G:\WINNT\system32\nymqpqrg.dll
2007-10-01 21:22 87,104 --------- G:\WINNT\system32\fkrglfbr.dll
2007-10-01 21:19 87,104 --------- G:\WINNT\system32\txlyfbef.dll
2007-10-01 21:19 87,104 --------- G:\WINNT\system32\qfjavudw.dll
2007-10-01 21:16 87,104 --------- G:\WINNT\system32\ohghquvr.dll
2007-10-01 21:16 87,104 --------- G:\WINNT\system32\cmmpabwe.dll
2007-10-01 21:13 87,104 --------- G:\WINNT\system32\tpnhrdrl.dll
2007-10-01 21:13 87,104 --------- G:\WINNT\system32\gaiwgjma.dll
2007-10-01 21:10 87,104 --------- G:\WINNT\system32\ujvrdkrc.dll
2007-10-01 21:10 87,104 --------- G:\WINNT\system32\jalbbgib.dll
2007-10-01 21:07 87,104 --------- G:\WINNT\system32\xxteuidn.dll
2007-10-01 21:07 87,104 --------- G:\WINNT\system32\svrxqcgd.dll
2007-10-01 21:04 87,104 --------- G:\WINNT\system32\oipvkcea.dll
2007-10-01 21:04 87,104 --------- G:\WINNT\system32\oibgggbn.dll
2007-10-01 21:01 87,104 --------- G:\WINNT\system32\fhbblpuy.dll
2007-10-01 21:01 87,104 --------- G:\WINNT\system32\aklqnrje.dll
2007-10-01 20:58 87,104 --------- G:\WINNT\system32\psklumhh.dll
2007-10-01 20:58 87,104 --------- G:\WINNT\system32\ivociwvj.dll
2007-10-01 20:55 87,104 --------- G:\WINNT\system32\htevgmkp.dll
2007-10-01 20:55 87,104 --------- G:\WINNT\system32\ghopinwc.dll
2007-10-01 20:52 87,104 --------- G:\WINNT\system32\opeqouao.dll
2007-10-01 20:52 87,104 --------- G:\WINNT\system32\gdtjifyx.dll
2007-10-01 20:49 87,104 --------- G:\WINNT\system32\icsrebhe.dll
2007-10-01 20:49 87,104 --------- G:\WINNT\system32\hxefxvpq.dll
2007-10-01 20:46 87,104 --------- G:\WINNT\system32\shwxvsre.dll
2007-10-01 20:46 87,104 --------- G:\WINNT\system32\qwnvhrnm.dll
2007-10-01 20:43 87,104 --------- G:\WINNT\system32\nqtobhxe.dll
2007-10-01 20:43 87,104 --------- G:\WINNT\system32\ctxxdnhg.dll
2007-10-01 20:40 87,104 --------- G:\WINNT\system32\xcjmqrsa.dll
2007-10-01 20:40 87,104 --------- G:\WINNT\system32\hhkcxcmf.dll
2007-10-01 20:37 87,104 --------- G:\WINNT\system32\xdmypggo.dll
2007-10-01 20:37 87,104 --------- G:\WINNT\system32\vgjjtbyv.dll
2007-10-01 20:34 87,104 --------- G:\WINNT\system32\tchepvri.dll
2007-10-01 20:34 87,104 --------- G:\WINNT\system32\hikhvhab.dll
2007-10-01 20:31 87,104 --------- G:\WINNT\system32\ppjaaong.dll
2007-10-01 20:31 87,104 --------- G:\WINNT\system32\htgkstjr.dll
2007-10-01 20:31 87,104 --------- G:\WINNT\system32\cuuswqsk.dll
2007-10-01 20:28 87,104 --------- G:\WINNT\system32\ruaqdlka.dll
2007-10-01 20:25 87,104 --------- G:\WINNT\system32\xwylcxuo.dll
2007-10-01 20:22 87,104 --------- G:\WINNT\system32\gjbwjsgu.dll
2007-10-01 20:19 87,104 --------- G:\WINNT\system32\iamuhakk.dll
2007-10-01 20:16 87,104 --------- G:\WINNT\system32\riemfeeh.dll
2007-10-01 20:13 87,104 --------- G:\WINNT\system32\ewcotnkr.dll
2007-10-01 20:10 87,104 --------- G:\WINNT\system32\mfskrytk.dll
2007-10-01 20:07 87,104 --------- G:\WINNT\system32\wlqvlcju.dll
2007-10-01 20:04 87,104 --------- G:\WINNT\system32\vdlctiow.dll
2007-10-01 20:01 87,104 --------- G:\WINNT\system32\jsatqwtb.dll
2007-10-01 19:58 87,104 --------- G:\WINNT\system32\erjtxuup.dll
2007-10-01 19:55 87,104 --------- G:\WINNT\system32\txxdnexa.dll
2007-10-01 19:52 87,104 --------- G:\WINNT\system32\ghpoindo.dll
2007-10-01 19:49 87,104 --------- G:\WINNT\system32\ekuvipoi.dll
2007-10-01 19:46 87,104 --------- G:\WINNT\system32\dpahtugk.dll
2007-10-01 19:43 87,104 --------- G:\WINNT\system32\cwhgscpj.dll
2007-10-01 19:40 87,104 --------- G:\WINNT\system32\xhvlulcf.dll
2007-10-01 19:37 87,104 --------- G:\WINNT\system32\sxlnoynq.dll
2007-10-01 19:34 87,104 --------- G:\WINNT\system32\ruiaxmev.dll
2007-10-01 19:31 87,104 --------- G:\WINNT\system32\qnhmfklh.dll
2007-10-01 19:28 87,104 --------- G:\WINNT\system32\nidetfyv.dll
2007-10-01 19:25 87,104 --------- G:\WINNT\system32\rmqvvjxt.dll
2007-10-01 19:22 87,104 --------- G:\WINNT\system32\ydlgvdms.dll
2007-10-01 19:19 87,104 --------- G:\WINNT\system32\vvlsrtde.dll
2007-10-01 19:16 87,104 --------- G:\WINNT\system32\ftagujyy.dll
2007-10-01 19:13 87,104 --------- G:\WINNT\system32\nnqlaftj.dll
2007-10-01 19:10 87,104 --------- G:\WINNT\system32\nwvcglok.dll
2007-10-01 19:10 87,104 --------- G:\WINNT\system32\cftohyqf.dll
2007-10-01 19:07 87,104 --------- G:\WINNT\system32\yfluxlpb.dll
2007-10-01 19:07 87,104 --------- G:\WINNT\system32\tebvclxe.dll
2007-10-01 19:04 87,104 --------- G:\WINNT\system32\hpctiefw.dll
2007-10-01 18:39 87,104 --a------ G:\WINNT\system32\hbhawbnq.dll
2007-10-01 18:27 87,104 --a------ G:\WINNT\system32\vcysvdux.dll
2007-10-01 18:27 87,104 --a------ G:\WINNT\system32\kmkxjgbv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-10-04 17:44 --------- d-------- G:\Program Files\Common Files\Symantec Shared
07-10-04 00:12 --------- d-------- G:\Program Files\eMule
07-10-03 19:57 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent
07-10-02 22:52 --------- d-------- G:\Program Files\vso
07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE
07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me
07-09-28 17:26 --------- d-------- G:\Program Files\Media
07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos
07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos
07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink
07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast
07-08-29 22:33 --------- d-------- G:\Program Files\SopCast
07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus
07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder
07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE
07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe
03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini
03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt
02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll
02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll
02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll
01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys
00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ]
"PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ]
"PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe]
"Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ]
"StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ]
"OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ]
"ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ]
"ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ]
"UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ]
"PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ]
"Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys
R2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys
R3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys
R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS
S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS
S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-04 22:01:48 G:\WINNT\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 18:00:35
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 18:03:36 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 07-10-04 18:02
G:\ComboFix2.txt ... 07-10-04 07:23
.
--- E O F ---

Also attaching the zipped file: [4]-Submit_Thu 10-04-2007@17.52.zip

Thanks for all your ongoing help!!
Last edited by sUBs; 10-04-2007 at 05:34 PM.
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 05:36 PM   #14 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
That didn't quite go as intended. Let's approach it from another angle.

Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
G:\WINNT\system32\yyggsufs.dll
G:\WINNT\system32\lsuclnfq.dll
G:\WINNT\system32\wriwqpnl.dll
G:\WINNT\system32\cnqftivq.dll
G:\WINNT\system32\roivkwhv.dll
G:\WINNT\system32\iygqbexj.dll
G:\WINNT\system32\qhqrdatp.dll
G:\WINNT\system32\qeduvhdb.dll
G:\WINNT\system32\offglegc.dll
G:\WINNT\system32\gjatfvum.dll
G:\WINNT\system32\kyevgupy.dll
G:\WINNT\system32\gwodgcbg.dll
G:\WINNT\system32\quuwjwfo.dll
G:\WINNT\system32\bhjfpsan.dll
G:\WINNT\system32\hruthwsn.dll
G:\WINNT\system32\fvavyqds.dll
G:\WINNT\system32\lusrxvfn.dll
G:\WINNT\system32\lgtsgidi.dll
G:\WINNT\system32\eurtyesj.dll
G:\WINNT\system32\litpykwx.dll
G:\WINNT\system32\hvxooxgp.dll
G:\WINNT\system32\qvjkeosm.dll
G:\WINNT\system32\bvuhlaee.dll
G:\WINNT\system32\yjvmxdas.dll
G:\WINNT\system32\inyqvjov.dll
G:\WINNT\system32\xavsbaov.dll
G:\WINNT\system32\ptmkrnhd.dll
G:\WINNT\system32\nymqpqrg.dll
G:\WINNT\system32\fkrglfbr.dll
G:\WINNT\system32\txlyfbef.dll
G:\WINNT\system32\qfjavudw.dll
G:\WINNT\system32\ohghquvr.dll
G:\WINNT\system32\cmmpabwe.dll
G:\WINNT\system32\tpnhrdrl.dll
G:\WINNT\system32\gaiwgjma.dll
G:\WINNT\system32\ujvrdkrc.dll
G:\WINNT\system32\jalbbgib.dll
G:\WINNT\system32\xxteuidn.dll
G:\WINNT\system32\svrxqcgd.dll
G:\WINNT\system32\oipvkcea.dll
G:\WINNT\system32\oibgggbn.dll
G:\WINNT\system32\fhbblpuy.dll
G:\WINNT\system32\aklqnrje.dll
G:\WINNT\system32\psklumhh.dll
G:\WINNT\system32\ivociwvj.dll
G:\WINNT\system32\htevgmkp.dll
G:\WINNT\system32\ghopinwc.dll
G:\WINNT\system32\opeqouao.dll
G:\WINNT\system32\gdtjifyx.dll
G:\WINNT\system32\icsrebhe.dll
G:\WINNT\system32\hxefxvpq.dll
G:\WINNT\system32\shwxvsre.dll
G:\WINNT\system32\qwnvhrnm.dll
G:\WINNT\system32\nqtobhxe.dll
G:\WINNT\system32\ctxxdnhg.dll
G:\WINNT\system32\xcjmqrsa.dll
G:\WINNT\system32\hhkcxcmf.dll
G:\WINNT\system32\xdmypggo.dll
G:\WINNT\system32\vgjjtbyv.dll
G:\WINNT\system32\tchepvri.dll
G:\WINNT\system32\hikhvhab.dll
G:\WINNT\system32\ppjaaong.dll
G:\WINNT\system32\htgkstjr.dll
G:\WINNT\system32\cuuswqsk.dll
G:\WINNT\system32\ruaqdlka.dll
G:\WINNT\system32\xwylcxuo.dll
G:\WINNT\system32\gjbwjsgu.dll
G:\WINNT\system32\iamuhakk.dll
G:\WINNT\system32\riemfeeh.dll
G:\WINNT\system32\ewcotnkr.dll
G:\WINNT\system32\mfskrytk.dll
G:\WINNT\system32\wlqvlcju.dll
G:\WINNT\system32\vdlctiow.dll
G:\WINNT\system32\jsatqwtb.dll
G:\WINNT\system32\erjtxuup.dll
G:\WINNT\system32\txxdnexa.dll
G:\WINNT\system32\ghpoindo.dll
G:\WINNT\system32\ekuvipoi.dll
G:\WINNT\system32\dpahtugk.dll
G:\WINNT\system32\cwhgscpj.dll
G:\WINNT\system32\xhvlulcf.dll
G:\WINNT\system32\sxlnoynq.dll
G:\WINNT\system32\ruiaxmev.dll
G:\WINNT\system32\qnhmfklh.dll
G:\WINNT\system32\nidetfyv.dll
G:\WINNT\system32\rmqvvjxt.dll
G:\WINNT\system32\ydlgvdms.dll
G:\WINNT\system32\vvlsrtde.dll
G:\WINNT\system32\ftagujyy.dll
G:\WINNT\system32\nnqlaftj.dll
G:\WINNT\system32\nwvcglok.dll
G:\WINNT\system32\cftohyqf.dll
G:\WINNT\system32\yfluxlpb.dll
G:\WINNT\system32\tebvclxe.dll
G:\WINNT\system32\hpctiefw.dll
G:\WINNT\system32\hbhawbnq.dll
G:\WINNT\system32\vcysvdux.dll
G:\WINNT\system32\kmkxjgbv.dll
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 06:27 PM   #15 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
Hi,

Here's the updated Combofix.txt

ComboFix 07-10-04.5 - Administrator 10/04/2007 18:58:17.6 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.81 [GMT -4:00]
Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\Administrator\Desktop\CFScript.txt

FILE::
G:\WINNT\system32\aklqnrje.dll
G:\WINNT\system32\bhjfpsan.dll
G:\WINNT\system32\bvuhlaee.dll
G:\WINNT\system32\cftohyqf.dll
G:\WINNT\system32\cmmpabwe.dll
G:\WINNT\system32\cnqftivq.dll
G:\WINNT\system32\ctxxdnhg.dll
G:\WINNT\system32\cuuswqsk.dll
G:\WINNT\system32\cwhgscpj.dll
G:\WINNT\system32\dpahtugk.dll
G:\WINNT\system32\ekuvipoi.dll
G:\WINNT\system32\erjtxuup.dll
G:\WINNT\system32\eurtyesj.dll
G:\WINNT\system32\ewcotnkr.dll
G:\WINNT\system32\fhbblpuy.dll
G:\WINNT\system32\fkrglfbr.dll
G:\WINNT\system32\ftagujyy.dll
G:\WINNT\system32\fvavyqds.dll
G:\WINNT\system32\gaiwgjma.dll
G:\WINNT\system32\gdtjifyx.dll
G:\WINNT\system32\ghopinwc.dll
G:\WINNT\system32\ghpoindo.dll
G:\WINNT\system32\gjatfvum.dll
G:\WINNT\system32\gjbwjsgu.dll
G:\WINNT\system32\gwodgcbg.dll
G:\WINNT\system32\hbhawbnq.dll
G:\WINNT\system32\hhkcxcmf.dll
G:\WINNT\system32\hikhvhab.dll
G:\WINNT\system32\hpctiefw.dll
G:\WINNT\system32\hruthwsn.dll
G:\WINNT\system32\htevgmkp.dll
G:\WINNT\system32\htgkstjr.dll
G:\WINNT\system32\hvxooxgp.dll
G:\WINNT\system32\hxefxvpq.dll
G:\WINNT\system32\iamuhakk.dll
G:\WINNT\system32\icsrebhe.dll
G:\WINNT\system32\inyqvjov.dll
G:\WINNT\system32\ivociwvj.dll
G:\WINNT\system32\iygqbexj.dll
G:\WINNT\system32\jalbbgib.dll
G:\WINNT\system32\jsatqwtb.dll
G:\WINNT\system32\kmkxjgbv.dll
G:\WINNT\system32\kyevgupy.dll
G:\WINNT\system32\lgtsgidi.dll
G:\WINNT\system32\litpykwx.dll
G:\WINNT\system32\lsuclnfq.dll
G:\WINNT\system32\lusrxvfn.dll
G:\WINNT\system32\mfskrytk.dll
G:\WINNT\system32\nidetfyv.dll
G:\WINNT\system32\nnqlaftj.dll
G:\WINNT\system32\nqtobhxe.dll
G:\WINNT\system32\nwvcglok.dll
G:\WINNT\system32\nymqpqrg.dll
G:\WINNT\system32\offglegc.dll
G:\WINNT\system32\ohghquvr.dll
G:\WINNT\system32\oibgggbn.dll
G:\WINNT\system32\oipvkcea.dll
G:\WINNT\system32\opeqouao.dll
G:\WINNT\system32\ppjaaong.dll
G:\WINNT\system32\psklumhh.dll
G:\WINNT\system32\ptmkrnhd.dll
G:\WINNT\system32\qeduvhdb.dll
G:\WINNT\system32\qfjavudw.dll
G:\WINNT\system32\qhqrdatp.dll
G:\WINNT\system32\qnhmfklh.dll
G:\WINNT\system32\quuwjwfo.dll
G:\WINNT\system32\qvjkeosm.dll
G:\WINNT\system32\qwnvhrnm.dll
G:\WINNT\system32\riemfeeh.dll
G:\WINNT\system32\rmqvvjxt.dll
G:\WINNT\system32\roivkwhv.dll
G:\WINNT\system32\ruaqdlka.dll
G:\WINNT\system32\ruiaxmev.dll
G:\WINNT\system32\shwxvsre.dll
G:\WINNT\system32\svrxqcgd.dll
G:\WINNT\system32\sxlnoynq.dll
G:\WINNT\system32\tchepvri.dll
G:\WINNT\system32\tebvclxe.dll
G:\WINNT\system32\tpnhrdrl.dll
G:\WINNT\system32\txlyfbef.dll
G:\WINNT\system32\txxdnexa.dll
G:\WINNT\system32\ujvrdkrc.dll
G:\WINNT\system32\vcysvdux.dll
G:\WINNT\system32\vdlctiow.dll
G:\WINNT\system32\vgjjtbyv.dll
G:\WINNT\system32\vvlsrtde.dll
G:\WINNT\system32\wlqvlcju.dll
G:\WINNT\system32\wriwqpnl.dll
G:\WINNT\system32\xavsbaov.dll
G:\WINNT\system32\xcjmqrsa.dll
G:\WINNT\system32\xdmypggo.dll
G:\WINNT\system32\xhvlulcf.dll
G:\WINNT\system32\xwylcxuo.dll
G:\WINNT\system32\xxteuidn.dll
G:\WINNT\system32\ydlgvdms.dll
G:\WINNT\system32\yfluxlpb.dll
G:\WINNT\system32\yjvmxdas.dll
G:\WINNT\system32\yyggsufs.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINNT\system32\aklqnrje.dll
G:\WINNT\system32\bhjfpsan.dll
G:\WINNT\system32\bvuhlaee.dll
G:\WINNT\system32\cftohyqf.dll
G:\WINNT\system32\cmmpabwe.dll
G:\WINNT\system32\cnqftivq.dll
G:\WINNT\system32\ctxxdnhg.dll
G:\WINNT\system32\cuuswqsk.dll
G:\WINNT\system32\cwhgscpj.dll
G:\WINNT\system32\dpahtugk.dll
G:\WINNT\system32\ekuvipoi.dll
G:\WINNT\system32\erjtxuup.dll
G:\WINNT\system32\eurtyesj.dll
G:\WINNT\system32\ewcotnkr.dll
G:\WINNT\system32\fhbblpuy.dll
G:\WINNT\system32\fkrglfbr.dll
G:\WINNT\system32\ftagujyy.dll
G:\WINNT\system32\fvavyqds.dll
G:\WINNT\system32\gaiwgjma.dll
G:\WINNT\system32\gdtjifyx.dll
G:\WINNT\system32\ghopinwc.dll
G:\WINNT\system32\ghpoindo.dll
G:\WINNT\system32\gjatfvum.dll
G:\WINNT\system32\gjbwjsgu.dll
G:\WINNT\system32\gwodgcbg.dll
G:\WINNT\system32\hbhawbnq.dll
G:\WINNT\system32\hhkcxcmf.dll
G:\WINNT\system32\hikhvhab.dll
G:\WINNT\system32\hpctiefw.dll
G:\WINNT\system32\hruthwsn.dll
G:\WINNT\system32\htevgmkp.dll
G:\WINNT\system32\htgkstjr.dll
G:\WINNT\system32\hvxooxgp.dll
G:\WINNT\system32\hxefxvpq.dll
G:\WINNT\system32\iamuhakk.dll
G:\WINNT\system32\icsrebhe.dll
G:\WINNT\system32\inyqvjov.dll
G:\WINNT\system32\ivociwvj.dll
G:\WINNT\system32\iygqbexj.dll
G:\WINNT\system32\jalbbgib.dll
G:\WINNT\system32\jsatqwtb.dll
G:\WINNT\system32\kmkxjgbv.dll
G:\WINNT\system32\kyevgupy.dll
G:\WINNT\system32\lgtsgidi.dll
G:\WINNT\system32\litpykwx.dll
G:\WINNT\system32\lsuclnfq.dll
G:\WINNT\system32\lusrxvfn.dll
G:\WINNT\system32\mfskrytk.dll
G:\WINNT\system32\nidetfyv.dll
G:\WINNT\system32\nnqlaftj.dll
G:\WINNT\system32\nqtobhxe.dll
G:\WINNT\system32\nwvcglok.dll
G:\WINNT\system32\nymqpqrg.dll
G:\WINNT\system32\offglegc.dll
G:\WINNT\system32\ohghquvr.dll
G:\WINNT\system32\oibgggbn.dll
G:\WINNT\system32\oipvkcea.dll
G:\WINNT\system32\opeqouao.dll
G:\WINNT\system32\ppjaaong.dll
G:\WINNT\system32\psklumhh.dll
G:\WINNT\system32\ptmkrnhd.dll
G:\WINNT\system32\qeduvhdb.dll
G:\WINNT\system32\qfjavudw.dll
G:\WINNT\system32\qhqrdatp.dll
G:\WINNT\system32\qnhmfklh.dll
G:\WINNT\system32\quuwjwfo.dll
G:\WINNT\system32\qvjkeosm.dll
G:\WINNT\system32\qwnvhrnm.dll
G:\WINNT\system32\riemfeeh.dll
G:\WINNT\system32\rmqvvjxt.dll
G:\WINNT\system32\roivkwhv.dll
G:\WINNT\system32\ruaqdlka.dll
G:\WINNT\system32\ruiaxmev.dll
G:\WINNT\system32\shwxvsre.dll
G:\WINNT\system32\svrxqcgd.dll
G:\WINNT\system32\sxlnoynq.dll
G:\WINNT\system32\tchepvri.dll
G:\WINNT\system32\tebvclxe.dll
G:\WINNT\system32\tpnhrdrl.dll
G:\WINNT\system32\txlyfbef.dll
G:\WINNT\system32\txxdnexa.dll
G:\WINNT\system32\ujvrdkrc.dll
G:\WINNT\system32\vcysvdux.dll
G:\WINNT\system32\vdlctiow.dll
G:\WINNT\system32\vgjjtbyv.dll
G:\WINNT\system32\vvlsrtde.dll
G:\WINNT\system32\wlqvlcju.dll
G:\WINNT\system32\wriwqpnl.dll
G:\WINNT\system32\xavsbaov.dll
G:\WINNT\system32\xcjmqrsa.dll
G:\WINNT\system32\xdmypggo.dll
G:\WINNT\system32\xhvlulcf.dll
G:\WINNT\system32\xwylcxuo.dll
G:\WINNT\system32\xxteuidn.dll
G:\WINNT\system32\ydlgvdms.dll
G:\WINNT\system32\yfluxlpb.dll
G:\WINNT\system32\yjvmxdas.dll
G:\WINNT\system32\yyggsufs.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 19:06 16,384 --a----t- G:\WINNT\system32\Perflib_Perfdata_508.dat
2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe
2007-10-01 18:21 <DIR> d-------- G:\Documents and Settings\Administrator\Application Data\Uniblue
2007-10-01 13:01 2,118,947 ---hs---- G:\WINNT\system32\jlnnn.ini2
2007-10-01 10:34 87,104 --a------ G:\WINNT\system32\tlyyitep.dll
2007-10-01 10:01 87,104 --a------ G:\WINNT\system32\mjtrmjnp.dll
2007-10-01 08:46 87,104 --a------ G:\WINNT\system32\ernrnrot.dll
2007-09-28 12:51 <DIR> d-------- G:\Program Files\Spyware Doctor
2007-09-28 12:51 <DIR> d-------- G:\Documents and Settings\Administrator\Application Data\PC Tools
2007-09-28 12:39 626,688 --a------ G:\WINNT\system32\msvcr80.dll
2007-09-21 11:12 2,118,908 ---hs---- G:\WINNT\system32\jlnnn.bak2
2007-09-19 11:11 1,549,877 ---hs---- G:\WINNT\system32\jlnnn.bak1
2007-09-06 23:01 <DIR> d-------- G:\Program Files\Enigma Software Group
2007-09-05 06:39 2,008,612 --ahs---- G:\WINNT\system32\ttstv.bak2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-10-04 18:02 --------- d-------- G:\Program Files\Common Files\Symantec Shared
07-10-04 00:12 --------- d-------- G:\Program Files\eMule
07-10-03 19:57 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent
07-10-02 22:52 --------- d-------- G:\Program Files\vso
07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE
07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me
07-09-28 17:26 --------- d-------- G:\Program Files\Media
07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos
07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos
07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink
07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast
07-08-29 22:33 --------- d-------- G:\Program Files\SopCast
07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus
07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder
07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE
07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe
03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini
03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt
02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll
02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll
02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll
01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys
00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ]
"PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ]
"PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe]
"Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ]
"StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ]
"OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ]
"ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ]
"ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ]
"UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ]
"PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ]
"Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys
R2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys
R3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys
R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS
S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS
S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-04 23:07:53 G:\WINNT\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 1941
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 19:09:45 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 07-10-04 19:09
G:\ComboFix2.txt ... 07-10-04 18:03
G:\ComboFix3.txt ... 07-10-04 07:23
.
--- E O F ---
Thanks!!
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-04-2007, 06:56 PM   #16 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
Much better. We still need to do another round of CFscript


Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:
  • SpyHunter
Please note any other programs that you dont recognize in that list in your next response


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
G:\WINNT\system32\jlnnn.ini2
G:\WINNT\system32\tlyyitep.dll
G:\WINNT\system32\mjtrmjnp.dll
G:\WINNT\system32\ernrnrot.dll
G:\WINNT\system32\jlnnn.bak2
G:\WINNT\system32\jlnnn.bak1
G:\WINNT\system32\ttstv.bak2
Folder::
G:\Program Files\Enigma Software Group
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


---------------


Click here perform an online scan >> Online Scanner


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-05-2007, 06:37 AM   #17 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
Hi,

From the Add Remove Programs, I do not see Spy Hunter in there. There is Spyware Doctor. Is that an ok software? Should I do anything with that? Rest of the programs are fine.

Here is the Log for the Combofix.txt

ComboFix 07-10-04.5 - Administrator 10/04/2007 23:05:48.7 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.67 [GMT -4:00]
Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\Administrator\Desktop\CFScript.txt

FILE::
G:\WINNT\system32\ernrnrot.dll
G:\WINNT\system32\jlnnn.bak1
G:\WINNT\system32\jlnnn.bak2
G:\WINNT\system32\jlnnn.ini2
G:\WINNT\system32\mjtrmjnp.dll
G:\WINNT\system32\tlyyitep.dll
G:\WINNT\system32\ttstv.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Program Files\Enigma Software Group
G:\Program Files\Enigma Software Group\SpyHunter\Backup\180solutions.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\bbchk.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\bdcore.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\bdupd.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\bmupdate.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\community.url.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\Dsi.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\Dynamic Toolbar.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\exul.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\Lycos.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\msbe.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\p2p networking.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\p2psetup.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\personals.url.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\photos.url.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\saap_kyf.dat.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\saaphook.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wcmdmgrl.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wdengine.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\webdriver.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\webp2pinstaller.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wt3d.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wthost.exe.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wthostctl.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\Backup\wtvh.dll.dat
G:\Program Files\Enigma Software Group\SpyHunter\backupLog.dat
G:\Program Files\Enigma Software Group\SpyHunter\def.dat.bak
G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.2.9_Patch1.exe
G:\Program Files\Enigma Software Group\SpyHunter\spyhunter.2.9_Patch2.exe
G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe.BAK
G:\Program Files\Enigma Software Group\SpyHunter\SpyHunter_v2.9_Patch_by_AT4RE\SpyHunter.2.9\SpyHunter.2.9_Patch1.exe
G:\Program Files\Enigma Software Group\SpyHunter\support.log
G:\WINNT\system32\ernrnrot.dll
G:\WINNT\system32\jlnnn.bak1
G:\WINNT\system32\jlnnn.bak2
G:\WINNT\system32\jlnnn.ini2
G:\WINNT\system32\mjtrmjnp.dll
G:\WINNT\system32\tlyyitep.dll
G:\WINNT\system32\ttstv.bak2

.
((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))
.

2007-10-04 23:13 16,384 --a----t- G:\WINNT\system32\Perflib_Perfdata_540.dat
2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe
2007-10-01 18:21 <DIR> d-------- G:\Documents and Settings\Administrator\Application Data\Uniblue
2007-09-28 12:51 <DIR> d-------- G:\Program Files\Spyware Doctor
2007-09-28 12:51 <DIR> d-------- G:\Documents and Settings\Administrator\Application Data\PC Tools
2007-09-28 12:39 626,688 --a------ G:\WINNT\system32\msvcr80.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-10-04 23:04 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent
07-10-04 23:00 --------- d-------- G:\Program Files\TaxCut06
07-10-04 19:08 --------- d-------- G:\Program Files\Common Files\Symantec Shared
07-10-04 00:12 --------- d-------- G:\Program Files\eMule
07-10-02 22:52 --------- d-------- G:\Program Files\vso
07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE
07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me
07-09-28 17:26 --------- d-------- G:\Program Files\Media
07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos
07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos
07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink
07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast
07-08-29 22:33 --------- d-------- G:\Program Files\SopCast
07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus
07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder
07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE
07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe
03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini
03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt
02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll
02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll
02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll
01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys
00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ]
"PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ]
"PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe]
"Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ]
"StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ]
"OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ]
"ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ]
"ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ]
"UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ]
"PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ]
"Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys
R2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys
R3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys
R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS
S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS
S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-05 03:14:38 G:\WINNT\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 23:13:26
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 23:16:37 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 07-10-04 23:15
G:\ComboFix2.txt ... 07-10-04 19:09
G:\ComboFix3.txt ... 07-10-04 18:03
.
--- E O F ---

Here's the result of the online scanner:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 05, 2007 7:14:17 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 5/10/2007
Kaspersky Anti-Virus database records: 401392
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
L:\

Scan Statistics:
Total number of scanned objects: 111894
Number of viruses found: 20
Number of infected objects: 127
Number of suspicious objects: 5
Duration of the scan process: 03:23:54

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Temporary Internet Files\Content.IE5\SADLMAYU\exitpoplight[1].html Infected: Trojan.JS.NoClose.i skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 1 skipped
G:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007100420071005\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
G:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip/asmend.exe Suspicious: Password-protected-EXE skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip ZIP: suspicious - 1 skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/optimize.exe Suspicious: Password-protected-EXE skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip ZIP: suspicious - 1 skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe NSIS: infected - 3 skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe NSIS: infected - 3 skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe NSIS: infected - 3 skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe NSIS: infected - 3 skipped
G:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
G:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
G:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
G:\Program Files\Norton AntiVirus\Quarantine\07036A79 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\08FE0E2C.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\0B590470 Infected: Trojan.Java.Nocheat skipped
G:\Program Files\Norton AntiVirus\Quarantine\0CD55D56 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\0DC346A9 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\120A342A.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\15C938EE.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\18204346 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18A324FF Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18A978F7 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18AC22F4 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18B04CF0 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\1ADF6F29 Infected: Trojan.Win32.Destiny skipped
G:\Program Files\Norton AntiVirus\Quarantine\1B631305.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C564B8B Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C8A6B52 Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C8E154E Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C913F4B Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\241E56FB Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\2FD666D1 Infected: Trojan.Java.Nocheat skipped
G:\Program Files\Norton AntiVirus\Quarantine\2FE12D4D Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\300649EC.htm Suspicious: Exploit.HTML.Mht skipped
G:\Program Files\Norton AntiVirus\Quarantine\33E03589.html Infected: Trojan-Downloader.JS.Small.d skipped
G:\Program Files\Norton AntiVirus\Quarantine\360E5600 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\389850F9 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\43D67B12.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\52576547 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\529E0D9A Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.y skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E CHM: infected - 1 skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E CryptFF: infected - 1 skipped
G:\Program Files\Norton AntiVirus\Quarantine\5BE66F90 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\5DE82146 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\618E7BE7 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\654A1892.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\695425E1 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\6C09396E.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\7910043A.exe Infected: Trojan.Win32.Small.k skipped
G:\Program Files\Norton AntiVirus\Quarantine\7C323566.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\7CF25A49 Infected: Trojan.Java.Nocheat skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat.vir/Program Files/SysAI/SysAI.exe Infected: Trojan-Downloader.Win32.Apropo.c skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat.vir ZIP: infected - 1 skipped
G:\qoobox\Quarantine\G\WINNT\system32\aahprvxw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\agdnfjpl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\biedmegh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\cbxumbgr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ciortobg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\cobruira.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ddebxecp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\dmqtkljh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\dygekctf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\efcfgobv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\egtuvvmb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\elygqacg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ewjkjifk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\fknhunpt.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\gdtmeftx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\gkawthji.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hflofjtb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hitieyjs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hnucidix.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hvhaxoau.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\idfjfyvv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\iggvneky.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\immwpalk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\iyytkidg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\jmenfmao.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\kkwhonga.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\klwnnumn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lmfbncvv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lqljjkbs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lvklcpgr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lwjlhtip.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\nkhwlqfj.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\nmtdfxxx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\odrmnqjg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ogffwqce.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\oifhkssa.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\oohxrbbk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\qcbyfcbt.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\qhaoqhrm.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rfvpkpbv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rlkapqor.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rrmrgkpa.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ruwmjmby.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\sbbhclpx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\semxbhfs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\skhgoqxq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\tdsfkygl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\tnhrwqxg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\twiomldw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uamnikor.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ufiudxdk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uootbioq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uqwxeqhn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vaawaubs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vgjebxfe.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vkcchgrx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\waixyoal.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wcpblhvf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wddphlmx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wknlwilq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wyjeibsi.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xfjifrgp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xipiossy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xxsxpduu.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ybiaxomk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ycxhmjjb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\WINNT\CSC\00000001 Object is locked skipped
G:\WINNT\Debug\ipsecpa.log Object is locked skipped
G:\WINNT\Debug\oakley.log Object is locked skipped
G:\WINNT\Debug\PASSWD.LOG Object is locked skipped
G:\WINNT\p37bLkH.dll Infected: Trojan-Downloader.Win32.Lemmy.r skipped
G:\WINNT\SchedLgU.Txt Object is locked skipped
G:\WINNT\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
G:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
G:\WINNT\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
G:\WINNT\SoftwareDistribution\EventCache\{D7132AAD-EA3D-40B5-B63F-02E206598E3D}.bin Object is locked skipped
G:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
G:\WINNT\Sti_Trace.log Object is locked skipped
G:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
G:\WINNT\system32\config\default Object is locked skipped
G:\WINNT\system32\config\default.LOG Object is locked skipped
G:\WINNT\system32\config\SAM Object is locked skipped
G:\WINNT\system32\config\SAM.LOG Object is locked skipped
G:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
G:\WINNT\system32\config\SECURITY Object is locked skipped
G:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
G:\WINNT\system32\config\software Object is locked skipped
G:\WINNT\system32\config\software.LOG Object is locked skipped
G:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
G:\WINNT\system32\config\system Object is locked skipped
G:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
G:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.


Finally, HijackThis log just before typing this:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:18:24 AM, on 10/5/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
G:\WINNT\System32\smss.exe
G:\WINNT\system32\csrss.exe
G:\WINNT\system32\winlogon.exe
G:\WINNT\system32\services.exe
G:\WINNT\system32\lsass.exe
G:\WINNT\system32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\WINNT\system32\LEXBCES.EXE
G:\WINNT\system32\spoolsv.exe
G:\WINNT\system32\LEXPPS.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINNT\System32\svchost.exe
G:\WINNT\system32\hidserv.exe
G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
G:\WINNT\system32\regsvc.exe
G:\WINNT\System32\SCardSvr.exe
G:\WINNT\system32\MSTask.exe
G:\Program Files\Spyware Doctor\svcntaux.exe
G:\WINNT\System32\WBEM\WinMgmt.exe
G:\WINNT\System32\mspmspsv.exe
G:\WINNT\system32\svchost.exe
G:\WINNT\Explorer.EXE
G:\WINNT\system32\mobsync.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
G:\WINNT\system32\pctspk.exe
G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
G:\Program Files\Microsoft Office\Office\OSA.EXE
G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
G:\WINNT\system32\wuauclt.exe
G:\WINNT\system32\svchost.exe
G:\Program Files\internet explorer\iexplore.exe
G:\Program Files\Spyware Doctor\swdsvc.exe
G:\Prudential\Torrents\HiJackThis_v2.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [StrgSync.exe] G:\Storage Sync\StrgSync.exe -w
O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/...tiveX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINNT\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINNT\system32\gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - G:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6906 bytes

There were no problems encountered while performing these. And the machine seems to be working well too!!

Thanks once again for the ongoing help.
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-05-2007, 06:50 AM   #18 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,409
OS: N/A


Re: Machine Slow Down and Popups galore
Quote:
Scan Settings:
Scan using the following antivirus database: standard
You used incorrect settings for Kaspersky. A standard scan will not find what's required.

Please refer to the guide for the correct settings > Online Scanner
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-05-2007, 09:45 AM   #19 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
My apologies..I will rerun the same from home later tonight and post the log. This takes a long long time!
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-05-2007, 09:36 PM   #20 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 13
OS: WIN 2000


Re: Machine Slow Down and Popups galore
Hi,

Here's the Kaspersky log file.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 05, 2007 10:20:44 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 6/10/2007
Kaspersky Anti-Virus database records: 428073
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 112587
Number of viruses found: 37
Number of infected objects: 196
Number of suspicious objects: 5
Duration of the scan process: 03:31:31

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM\exdl.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\free_sex_viewer.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\sex_viewer.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\free_sex_viewer.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\WINDOWS\Downloaded Program Files\free_sex_viewer.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\WINDOWS\Downloaded Program Files\sex_viewer.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\WINDOWS\Temporary Internet Files\Content.IE5\SADLMAYU\exitpoplight[1].html Infected: Trojan.JS.NoClose.i skipped
C:\WINDOWS\browserxtras\pn\remove.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\WINDOWS\browserxtras\pn\remove.exe NSIS: infected - 1 skipped
C:\Program Files\eDonkey2000\incoming\eDonkey59.exe/data0005 Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Program Files\eDonkey2000\incoming\eDonkey59.exe NSIS: infected - 1 skipped
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN/stream/data0005/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0018.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0018.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0018.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
C:\Program Files\Opera7\download\kiwialphafree.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
C:\Program Files\Opera7\download\kiwialphafree.exe WiseSFX: infected - 14 skipped
C:\Program Files\BullsEye Network\Uninstall.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\Program Files\BullsEye Network\Uninstall.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\Program Files\BullsEye Network\Uninstall.exe NSIS: infected - 2 skipped
G:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007100520071006\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
G:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip/asmend.exe Suspicious: Password-protected-EXE skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet1.zip ZIP: suspicious - 1 skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/optimize.exe Suspicious: Password-protected-EXE skipped
G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip ZIP: suspicious - 1 skipped
G:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
G:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.EZula skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Default User\My Documents\Data\all_files4.exe NSIS: infected - 4 skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.EZula skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe NSIS: infected - 4 skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.EZula skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Thomas\My Documents\Data\all_files4.exe NSIS: infected - 4 skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.EZula skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
G:\Documents and Settings\Thomas\My Documents\Data\Data\all_files4.exe NSIS: infected - 4 skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.180Solutions skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN/stream/data0005/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.i skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0018.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0018.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0018.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
G:\Downloads\Programs\kiwialphafree.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
G:\Downloads\Programs\kiwialphafree.exe WiseSFX: infected - 14 skipped
G:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
G:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
G:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
G:\Program Files\Norton AntiVirus\Quarantine\07036A79 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\08FE0E2C.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\0B590470 Infected: Trojan.Java.Nocheat skipped
G:\Program Files\Norton AntiVirus\Quarantine\0CD55D56 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\0DC346A9 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\120A342A.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\15C938EE.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\18204346 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18A324FF Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18A978F7 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18AC22F4 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\18B04CF0 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\1ADF6F29 Infected: Trojan.Win32.Destiny skipped
G:\Program Files\Norton AntiVirus\Quarantine\1B631305.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C564B8B Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C8A6B52 Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C8E154E Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\1C913F4B Infected: Net-Worm.Win32.Nimda skipped
G:\Program Files\Norton AntiVirus\Quarantine\241E56FB Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\2FD666D1 Infected: Trojan.Java.Nocheat skipped
G:\Program Files\Norton AntiVirus\Quarantine\2FE12D4D Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\300649EC.htm Suspicious: Exploit.HTML.Mht skipped
G:\Program Files\Norton AntiVirus\Quarantine\33E03589.html Infected: Trojan-Downloader.JS.Small.d skipped
G:\Program Files\Norton AntiVirus\Quarantine\360E5600 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\389850F9 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\43D67B12.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\52576547 Infected: Trojan.Java.Femad skipped
G:\Program Files\Norton AntiVirus\Quarantine\529E0D9A Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E/exploit.htm Infected: Trojan-Downloader.VBS.Psyme.y skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E CHM: infected - 1 skipped
G:\Program Files\Norton AntiVirus\Quarantine\58630C8E CryptFF: infected - 1 skipped
G:\Program Files\Norton AntiVirus\Quarantine\5BE66F90 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\5DE82146 Infected: Exploit.Java.ByteVerify skipped
G:\Program Files\Norton AntiVirus\Quarantine\618E7BE7 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\654A1892.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\695425E1 Infected: Email-Worm.VBS.LoveLetter skipped
G:\Program Files\Norton AntiVirus\Quarantine\6C09396E.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\7910043A.exe Infected: Trojan.Win32.Small.k skipped
G:\Program Files\Norton AntiVirus\Quarantine\7C323566.htm Infected: Email-Worm.Win32.Mimail.r skipped
G:\Program Files\Norton AntiVirus\Quarantine\7CF25A49 Infected: Trojan.Java.Nocheat skipped
G:\qoobox\Quarantine\catchme2007-10-04_ 12533.94.zip/yayyxyy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
G:\qoobox\Quarantine\catchme2007-10-04_ 12533.94.zip ZIP: infected - 1 skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\exul.exe.dat.vir/WINDOWS/SYSTEM/exul.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\exul.exe.dat.vir ZIP: infected - 1 skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\msbe.dll.dat.vir/WINDOWS/SYSTEM/msbe.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\msbe.dll.dat.vir ZIP: infected - 1 skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\saaphook.dll.dat.vir/Program Files/Kiwi Alpha/Partner/saaphook.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\saaphook.dll.dat.vir ZIP: infected - 1 skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat.vir/Program Files/SysAI/SysAI.exe Infected: Trojan-Downloader.Win32.Apropo.c skipped
G:\qoobox\Quarantine\G\Program Files\Enigma Software Group\SpyHunter\Backup\sysai.exe.dat.vir ZIP: infected - 1 skipped
G:\qoobox\Quarantine\G\Program Files\NewDotNet\newdotnet6_90.dll_tobedeleted_tobedeleted_tobedeleted.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
G:\qoobox\Quarantine\G\WINNT\NDNuninstall4_80.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\qoobox\Quarantine\G\WINNT\NDNuninstall4_88.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\qoobox\Quarantine\G\WINNT\NDNuninstall4_94.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\qoobox\Quarantine\G\WINNT\NDNuninstall5_64.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\qoobox\Quarantine\G\WINNT\system32\aahprvxw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\agdnfjpl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\amqubrji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
G:\qoobox\Quarantine\G\WINNT\system32\biedmegh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\cbxumbgr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ciortobg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\cobruira.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ddebxecp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\dmqtkljh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\dygekctf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\efcfgobv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\egtuvvmb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\elygqacg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ewjkjifk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\fknhunpt.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\gdtmeftx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\gkawthji.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hflofjtb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hitieyjs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hnucidix.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\hvhaxoau.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\idfjfyvv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\iggvneky.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\immwpalk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\iyytkidg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\jmenfmao.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\kdmtcupp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped
G:\qoobox\Quarantine\G\WINNT\system32\kkwhonga.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\klwnnumn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lmfbncvv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lqljjkbs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lvklcpgr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\lvlwbfxx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
G:\qoobox\Quarantine\G\WINNT\system32\lwjlhtip.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\nkhwlqfj.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\nmtdfxxx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\odrmnqjg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ogffwqce.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\oifhkssa.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\oohxrbbk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\qcbyfcbt.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\qhaoqhrm.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rfvpkpbv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rlkapqor.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\rrmrgkpa.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ruwmjmby.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\sbbhclpx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\semxbhfs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\shjetdxq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
G:\qoobox\Quarantine\G\WINNT\system32\skhgoqxq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\skwuvaqi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
G:\qoobox\Quarantine\G\WINNT\system32\tdsfkygl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\tjifdbkb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
G:\qoobox\Quarantine\G\WINNT\system32\tnhrwqxg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\twiomldw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uadwkuvh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
G:\qoobox\Quarantine\G\WINNT\system32\uamnikor.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ufiudxdk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uootbioq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\uqwxeqhn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vaawaubs.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vgjebxfe.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\vkcchgrx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\waixyoal.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wcpblhvf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wddphlmx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wknlwilq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\wurcysvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
G:\qoobox\Quarantine\G\WINNT\system32\wyjeibsi.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xfjifrgp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xipiossy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\xxsxpduu.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ybiaxomk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\qoobox\Quarantine\G\WINNT\system32\ycxhmjjb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
G:\WINNT\CSC\00000001 Object is locked skipped
G:\WINNT\Debug\ipsecpa.log Object is locked skipped
G:\WINNT\Debug\oakley.log Object is locked skipped
G:\WINNT\Debug\PASSWD.LOG Object is locked skipped
G:\WINNT\p37bLkH.dll Infected: Trojan-Downloader.Win32.Lemmy.r skipped
G:\WINNT\SchedLgU.Txt Object is locked skipped
G:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
G:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
G:\WINNT\system32\config\default Object is locked skipped
G:\WINNT\system32\config\default.LOG Object is locked skipped
G:\WINNT\system32\config\SAM Object is locked skipped
G:\WINNT\system32\config\SAM.LOG Object is locked skipped
G:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
G:\WINNT\system32\config\SECURITY Object is locked skipped
G:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
G:\WINNT\system32\config\software Object is locked skipped
G:\WINNT\system32\config\software.LOG Object is locked skipped
G:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
G:\WINNT\system32\config\system Object is locked skipped
G:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
G:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks!!
mohanlal2000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:34 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85