Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Persistent Virus Issues
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-14-2007, 12:24 AM   #1 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 25
OS: xp


Persistent Virus Issues
Hi there
I have a couple of problems with my computer which relate to viruses and adware. I followed the necessary requirements of the HJT forum (ie. online virus scanning, suggested downloads, etc) but then had problems with the BSOD. I have been able to resolve that issue with a reload of ZoneAlarm but I still have the problems with viruses/trojans in the scanning programs.

I run AVG, AVG Antispyware, Spybot and Adware regularly. I use ZoneAlarm as my firewall. I have had viruses picked up with ZoneAlarm and AVG recently which they have been unable to fix and which has caused me to begin trying to clean my computer up. I ran online scanning with Kaspersky and BitDefender but am unable to attache the reports because they are already attached to my previous post. I have attached the Deckard Scanner Results (main and extra) within this posting.

Any help you might have in this regard would be great. I hope I have covered all the requirements for posting. I posted about 6 days ago in this forum but didn't receive a reply however, I had added a couple of my own replies with further information so technically had a thread which wasn't '0' replies.

Cheers
Michelle

I have used Belarc to profile my system:

Belarc Advisor Current Profile

Computer Profile Summary
Computer Name: Micknmark (in MSHOME)
Profile Date: Monday, 8 October 2007 9:15:13 AM
Advisor Version: 7.2k
Windows Logon: Em & Laura

Operating System System Model
Windows XP Home Edition Service Pack 2 (build 2600) Enclosure Type:
Desktop
Processor a Main Circuit Board b
1.60 gigahertz Intel Pentium 4
8 kilobyte primary memory cache
512 kilobyte secondary memory cache Board: SiS-645
Bus Clock: 100 megahertz
BIOS: Award Software International, Inc. 6.00 PG 02/21/2002
Drives Memory Modules c,d
40.01 Gigabytes Usable Hard Drive Capacity
17.70 Gigabytes Hard Drive Free Space

AOPEN 16XDVD-ROM/AMH [CD-ROM drive]
ATAPI CD-RW 48X16 [CD-ROM drive]
3.5" format removeable media [Floppy drive]

ST340016A [Hard drive] (40.02 GB) -- drive 0, s/n 3HS2D4KZ, rev
3.19, SMART Status: Healthy 768 Megabytes Installed Memory

Slot 'A0' has 256 MB
Slot 'A1' has 512 MB
Slot 'A2' is Empty
Slot 'A3' is Empty
Local Drive Volumes

c: (NTFS on drive 0)40.01 GB17.70 GB free

Network Drives
None detected
Users (mouse over user name for details) Printers
local user accountslast logon
admin10/8/2007 8:48:11 AM(admin)
Administrator10/8/2007 8:49:54 AM(admin)
Em & Laura10/8/2007 8:51:58 AM(admin)
Mark & Michelle10/8/2007 8:37:30 AM(admin)
local system accounts
Guestnever
HelpAssistantnever
SUPPORT_388945a0never


Marks a disabled account; Marks a locked account Fax
Lexmark 4200 Series Printeron Fax Lexmark 4200 Series
Lexmark 1020 Color Jetprinteron LPT1:
Lexmark 4200 Serieson USB001
PIC NT Fax Printeron PICFAX
PrimoPDFon PrimoPort:

Controllers Display
Standard floppy disk controller
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller]
SiS PCI IDE Controller NVIDIA GeForce2 MX/MX 400 [Display adapter]
Delta 15.7 [Monitor] (15.7"vis, May 2000)
Bus Adapters Multimedia
SiS 7001 PCI to USB Open Host Controller (2x) Avance AC97 Audio
MPU-401 Compatible MIDI Device
Standard Game Port
Unimodem Half-Duplex Audio Device
Communications Other Devices
56K PCI Voice Modem SF-1156IV+ R9A


D-Link DSL-302G Modem
primary Auto IP Address: 58.105.178.145 / 32
Gateway: 58.105.178.145
Dhcp Server: 10.1.1.2
Physical Address: 00:11:95:9A:5D:7E

Networking Dns Servers: 198.142.0.51
211.29.132.12
HID-compliant device
USB Human Interface Device (2x)
Lexmark 4200 Series
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
HID-compliant mouse
Generic USB Hub
USB Composite Device
USB Printing Support
USB Root Hub (2x)
Virus Protection [Back to Top]
ZoneAlarm Security Suite Antivirus Version 7.0.408.000
Realtime File Scanning On
AVG 7.5.488 Version 7.5.488
Realtime File Scanning On

Missing Microsoft Security Hotfixes [Back to Top]

All required security hotfixes (using the 04/10/2007 Microsoft
Security Bulletin Summary) have been installed.


Installed Microsoft Hotfixes [Back to Top]
DataAccess
Q823718 on 8/27/2003 (details...)
Q832483 on 1/21/2004 (details...)
KB870669 (details...)
DirectX
DX819696 (details...)
DX9
SP1:
KB839643-DIRECTX9 on 6/11/2004 (details...)
MSXML4SP2
Q827429 on 10/15/2006 (details...)
Q927978 on 11/17/2006 (details...)
Q936181 on 8/15/2007 (details...)
Office XP Professional
KB873379 on 8/17/2005 (details...)
KB894541 on 9/13/2006 (details...)
KB904018 on 11/12/2005 (details...)
KB905649 on 3/22/2006 (details...)
KB905758 on 3/17/2006 (details...)
KB911701 on 4/17/2006 (details...)
KB913471 on 3/20/2006 (details...)
KB914796 on 7/18/2006 (details...)
KB920816 on 2/18/2007 (details...)
KB920821 on 8/12/2006 (details...)
KB921594 on 1/10/2007 (details...)
KB923092 on 10/13/2006 (details...)
KB934394 on 5/10/2007 (details...)
KB934705 on 5/10/2007 (details...)
KB940601 on 8/15/2007 (details...)
WGA
SP0
KB892130 on 10/7/2007 (details...)
Windows Media Format 11 SDK
KB929399 (details...)
SP0
KB929399 on 3/13/2007 (details...)
Windows Media Format SDK
SP0
KB891122 on 1/14/2006 (details...)
Windows Media Player 10
KB911565 (details...)
KB917734_WMP10 (details...)
SP0
KB911565 on 2/17/2006 (details...)
KB917734_WMP10 on 6/14/2006 (details...)
Windows Media Player 11
KB936782_WMP11 (details...)
KB939683 (details...)
SP0
KB939683 on 9/5/2007 (details...)
SP2
KB936782_WMP11 on 8/15/2007 (details...)
Windows Media Player 6.4
KB925398_WMP64 (details...)
SP0
KB925398_WMP64 on 12/13/2006 (details...)
Windows Media Player
WM817787 (details...)
WM828026 (details...)
SP0
Q828026 on 10/5/2003 (details...)
KB911564 on 2/17/2006 (details...)
Windows XP
SP0
KB928090-IE7 on 2/17/2007 (details...)
KB929969 on 1/10/2007 (details...)
KB931768-IE7 on 5/9/2007 (details...)
KB933566-IE7 on 6/13/2007 (details...)
KB937143-IE7 on 8/15/2007 (details...)
KB938127-IE7 on 8/15/2007 (details...)
SP10
MSCOMPPACKV1 on 12/9/2006 (Microsoft Compression
Client Pack 1.0 for Windows XP)
SP2
KB811113[SP] on 10/3/2004 (details...)
SP3
KB834707 on 10/14/2004 (details...)
KB867282 on 2/11/2005 (details...)
KB873333 on 2/11/2005 (details...)
KB873339 on 12/15/2004 (details...)
KB883939 on 6/26/2005 (details...)
KB885250 on 2/11/2005 (details...)
KB885835 on 12/15/2004 (details...)
KB885836 on 12/15/2004 (details...)
KB885884 on 10/15/2004 (details...)
KB886185 on 12/15/2004 (details...)
KB887472 on 2/11/2005 (details...)
KB887742 on 2/23/2005 (details...)
KB887797 on 6/5/2005 (details...)
KB888113 on 2/11/2005 (details...)
KB888302 on 2/11/2005 (details...)
KB890046 on 6/24/2005 (details...)
KB890047 on 2/11/2005 (details...)
KB890175 on 1/11/2005 (details...)
KB890859 on 4/15/2005 (details...)
KB890923 on 4/15/2005 (details...)
KB891781 on 2/11/2005 (details...)
KB893066 on 4/15/2005 (details...)
KB893086 on 4/15/2005 (details...)
KB893756 on 9/2/2005 (details...)
KB893803 on 4/15/2005 (details...)
KB893803V2 on 5/19/2005 (details...)
KB894391 on 9/3/2005 (details...)
Windows XP
SP3 (continued)
KB896358 on 6/23/2005 (details...)
KB896422 on 6/22/2005 (details...)
KB896423 on 8/13/2005 (details...)
KB896424 on 11/12/2005 (details...)
KB896428 on 6/21/2005 (details...)
KB896688 on 11/12/2005 (details...)
KB896727 on 9/6/2005 (details...)
KB898461 on 6/30/2005 (details...)
KB899587 on 8/27/2005 (details...)
KB899588 on 8/25/2005 (details...)
KB899591 on 8/30/2005 (details...)
KB900485 on 4/26/2006 (details...)
KB900725 on 11/8/2005 (details...)
KB901017 on 10/29/2005 (details...)
KB901214 on 7/14/2005 (details...)
KB902400 on 11/12/2005 (details...)
KB903235 on 7/14/2005 (details...)
KB904706 on 10/30/2005 (details...)
KB904942 on 12/19/2006 (details...)
KB905414 on 10/16/2005 (details...)
KB905749 on 10/25/2005 (details...)
KB905915 on 12/24/2005 (details...)
KB908519 on 1/12/2006 (details...)
KB908531 on 4/16/2006 (details...)
KB910437 on 12/24/2005 (details...)
KB911280 on 6/14/2006 (details...)
KB911562 on 4/12/2006 (details...)
KB911567 on 4/13/2006 (details...)
KB911927 on 2/17/2006 (details...)
KB912812 on 4/16/2006 (details...)
KB912919 on 1/7/2006 (details...)
KB913446 on 2/17/2006 (details...)
KB913580 on 5/10/2006 (details...)
KB914388 on 7/18/2006 (details...)
KB914389 on 6/14/2006 (details...)
KB914440 on 12/19/2006 (details...)
KB915865 on 12/19/2006 (details...)
KB916281 on 6/14/2006 (details...)
KB916595 on 7/18/2006 (details...)
KB917159 on 7/18/2006 (details...)
KB917344 on 6/14/2006 (details...)
KB917422 on 8/12/2006 (details...)
KB917953 on 6/14/2006 (details...)
KB918118 on 2/17/2007 (details...)
KB918439 on 6/14/2006 (details...)
KB918899 on 8/12/2006 (details...)
KB919007 on 9/13/2006 (details...)
KB920213 on 11/17/2006 (details...)
KB920214 on 8/12/2006 (details...)
KB920670 on 8/12/2006 (details...)
KB920683 on 8/12/2006 (details...)
KB920685 on 9/13/2006 (details...)
KB920872 on 9/13/2006 (details...)
KB921398 on 8/12/2006 (details...)
KB921503 on 8/15/2007 (details...)
KB921883 on 8/9/2006 (details...)
KB922582 on 9/13/2006 (details...)
KB922616 on 8/12/2006 (details...)
KB922760 on 11/17/2006 (details...)
KB922819 on 10/13/2006 (details...)
KB923191 on 10/13/2006 (details...)
KB923414 on 10/13/2006 (details...)
KB923694 on 12/13/2006 (details...)
KB923980 on 11/17/2006 (details...)
KB924191 on 10/13/2006 (details...)
KB924270 on 11/17/2006 (details...)
KB924496 on 10/13/2006 (details...)
KB924667 on 2/17/2007 (details...)
KB925454 on 12/19/2006 (details...)
KB925486 on 9/27/2006 (details...)
KB925902 on 4/4/2007 (details...)
KB926239 on 12/9/2006 (details...)
KB926247 on 12/13/2006 (details...)
KB926255 on 12/13/2006 (details...)
KB926436 on 2/17/2007 (details...)
KB927779 on 2/17/2007 (details...)
KB927802 on 2/17/2007 (details...)
KB927891 on 5/23/2007 (details...)
KB928255 on 2/17/2007 (details...)
KB928843 on 2/17/2007 (details...)
KB929120 on 12/13/2006 (details...)
KB929123 on 6/13/2007 (details...)
KB929338 on 3/13/2007 (details...)
KB930178 on 4/11/2007 (details...)
KB930916 on 5/9/2007 (details...)
KB931261 on 4/11/2007 (details...)
KB931784 on 4/11/2007 (details...)
KB931836 on 2/17/2007 (details...)
KB932168 on 4/11/2007 (details...)
KB933360 on 8/29/2007 (details...)
KB935839 on 6/13/2007 (details...)
KB935840 on 6/13/2007 (details...)
KB936021 on 8/15/2007 (details...)
KB936357 on 7/13/2007 (details...)
KB938828 on 8/15/2007 (details...)
KB938829 on 8/15/2007 (details...)
Windows
SP1
IDNMITIGATIONAPIS on 12/20/2006 (Microsoft
Internationalized Domain Names Mitigation APIs)
NLSDOWNLEVELMAPPING on 12/19/2006 (Microsoft
National Language Support Downlevel APIs)

Marks a security hotfix (using the 04/10/2007 Microsoft
Security Bulletin Summary)
Marks a hotfix that verifies correctly
Marks a hotfix that fails verification (note that failing
hotfixes need to be reinstalled)
Unmarked hotfixes lack the data to allow verification


Software Licenses [Back to Top]

Ahead - InCD
Ahead - Nero - Burning Rom
Ahead - Nero Fast CD-Burning
Plug-in
Ahead - NeroVision
AskTBar - barNED66000YYCC
Belarc - Advisordbfcbd54
Macromedia - Dreamweaver
Microsoft - Internet Explorer
Microsoft - MediaPlayer
Microsoft - Office XP Professional
(Key: )
Microsoft - WebFldrs XP
Microsoft - Windows Defender(Key:
)
Microsoft - Windows XP Home Edition
(Key: )
Nico Mak Computing - WinZip00020000

Software Versions (mouse over * for details, click * for location)
[Back to Top]
Adaptec Inc. - ASPICHK.EXE Version 2, 0, 0, 0 *
Adobe Acrobat Version 7.0.5.2005092300 *
Adobe Reader Version 7.0.8.2006051600 *
AGFAnet Print Service Version 1.0 *
Ahead Software AG - Nero BackItUp Restore Version 1, 2, 0, 65 *
Ahead Software AG - Nero BackItUp Scheduler Version 1, 2, 0, 65 *
Ahead Software AG - Nero BackItUp Version 1, 2, 0, 65 *
Ahead Software AG - Nero Burning ROM Version 6, 6, 1, 15 *
Ahead Software AG - Nero ImageDrive Version 2, 27, 0, 7 *
Ahead Software AG - Nero MediaHome Version 1, 3, 0, 4 *
Ahead Software AG - Nero Photosnap image editor Version 1, 1, 0, 6 *

Ahead Software AG - Nero Photosnap Viewer Version 1, 1, 0, 6 *
Ahead Software AG - Nero Recode 2 Version 2, 2, 6, 17b *
Ahead Software AG - Nero StartSmart Version 2, 1, 0, 11 *
Alberto Martínez Pérez - AMP Font Viewer Version 1.0.0.0 *
Aniware AB - AniRez Version 1, 2, 0, 0 *
Aphid Application Version 1, 0, 0, 1 *
Apple Computer, Inc. - QuickTime QuickTime 7.1 *
Application PracticeEditor Version 1, 0, 0, 1 *
avg70free_298a417.exe *
Beach Head 2002 *
Belarc, Inc. - Advisor Version 7.2k *
Cerulean Studios Trillian Version 1, 0, 0, 1 *
Check Point, Inc. - ZoneAlarm Uninstaller Version 7.0.408.0 *
Cinematronics - 3D Pinball Version 5.1.2600.2180 *
ConquerWare - FontLister Version 3.4.9 *
Course Selection Editor Version 1.0.0.1 *
De Marque inc. - Application Gestion Version 1, 0, 0, 1 *
De Marque inc. - ClavierTT Version 2, 0, 0, 1 *
De Marque Inc. - Garfield's Typing Pal Version 5, 0, 0, 0 *
DivX Player 2.0 Alpha.exe *
DVD Shrink Version 3.2.0.15 *
Eastman Kodak Company - Kodak DC File System Driver (Win32) Version
4.4.0.0 *
eBay Inc. - Turbo Lister Turbo Lister (Build: 6.0.101.3) *
Electronic Arts Inc. - Medal of Honor Allied Assault Version 1, 0,
0, 1 *
EnDisService Application Version 4, 0, 0, 0 *
etax 2007 Version 2007 *
Fax Setup Utility *
GameSpy Arcade Version 1.08 Build 4300 *
Google Earth Version 3.0.762.0 *
GRISOFT s.r.o. - AVG Anti-Spyware Version 7, 5, 1, 43 *
GRISOFT, s.r.o. - AVG 7.5 Anti-Virus System Version 7.5.0.420 *
GRISOFT, s.r.o. - AVG Anti-Virus system Version 7.5.0.487 *
Humongous Entertainment Startup Application Version 2.0.0.0 *
IncrediMail, Ltd. - ImpCnt.exe Application Version 5, 6, 5, 3088 *
IncrediMail, Ltd. - Letter Creator Application Version 5, 6, 5, 3088
*
Inkjet Printer Version 1.0.0.0 *
InstallDriver Module Version 7.07 *
InstallShield Software Corporation - InstallDriver Module Version
9.01 *
Jasc Software Inc. - Animation Shop 2 Version 2.02 *
Jasc Software, Inc. - Paint Shop Pro 6 Version 6.02 *
Jasc Software, Inc. - Paint Shop Pro Version 6,0,0,2 *
KODAK EasyShare Software Version 5, 2, 0, 45 *
Kodak Live Update *
Lavasoft - Process Watch Version 1.0.0.0 *
Lavasoft AB - Ad-Aware 2007 Service Version 7, 0, 2, 3 *
Lavasoft AB - Ad-Aware 2007 Version 7.0.0.0 *
Lavasoft AB - Ad-Watch 7 Version 7.0 *
Lavasoft AB - Update Manager Version 1.0.0.0 *
Lavasoft Hosts File Edit Version 1.0.0.3 *
Les Logiciels de Marque inc. - Typing Pal Inspector Version 3, 0, 0,
0 *
Lexmark Fax Solutions *
Lexmark International Inc. - AIO exe Version 1.0.3.5 *
Lexmark International, Inc. - MarkVision for Windows (32 bit)
Version 9.41 * Lexmark Photo Editor Version 0.1.25.0 *
LIGHTNING UK! - DVD Decrypter Version 3.5.4.0 *
Macromedia Dreamweaver Version 3.0.644 *
Macromedia, Inc. - Director 8 Shockwave Studio Version 8.0 *
Macromedia, Inc. - Director 8.5 Shockwave Studio Version 8.5.1 *
Macromedia, Inc. - Director MX Version 9.0 *
Macromedia, Inc. - Shockwave Flash Version 6,0,21,0 *
Macrovision Corporation - InstallDriver Module Version 11.00 *
Macrovision Corporation - InstallShield (R) Version 11.00 *
MetaCard Version 2, 2, 3, 0 *
Microsoft (r) Windows Script Host Version 5.6.0.8820 *
Microsoft Application Error Reporting Version 10.0.2609 *
Microsoft Clip Organizer Version 10.0.6308 *
Microsoft Corporation - Internet Explorer Version 7.00.6000.16512 *
Microsoft Corporation - Messenger Version 4.7.3001 *
Microsoft Corporation - Messenger Version 8.1.0178 *
Microsoft Corporation - Windows Defender Version 1.1.1593.0 *
Microsoft Corporation - Windows Installer - Unicode Version
3.1.4000.1823 *
Microsoft Corporation - Windows Movie Maker Version 2.1.4026.0 *
Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
Microsoft Data Access Components Version 3.525.1117.0 *
Microsoft Office XP Version 10.0.6834 *
Microsoft Outlook Version 10.0.6822 *
Microsoft Photo Editor Version 10.0 *
Nero AG - Cover Designer Version 2, 3, 7, 0 *
Nero AG - InfoTool Application Version 4, 0, 3, 0 *
Nero AG - SpecialOffer Application Version 1, 0, 0, 3 *
Nero AG InCD Version 4, 3, 23, 2 *
Nero AG incdsrv Version 4, 3, 23, 2 *
Nero AG NeroCheck Version 1, 0, 0, 5 *
Nero CD - DVD Speed Version 4, 5, 1, 1 *
Nero DriveSpeed Version 3, 0, 6, 0 *
Nero ShowTime Version 2, 0, 1, 9 *
Nero SoundTrax Version 1, 0, 0, 57 *
Nero Wave Editor Version 2, 0, 0, 63 *
NeroVision Version 3,1,0,25 *
Nodtronics Pty Ltd - Eureka's Classic Games Version 1.00 *
Nodtronics Pty Ltd - Ultimate 101 Games For Windows XP Version 1.00
*
NVIDIA Driver Helper Service, Version 71.89 Version 6.14.10.7189 *
NVIDIA Stereo Supporting Application Version 6.13.10.3087 *
OptusNet Desktop Service Centre Version 1.2 *
Piriform Ltd - CCleaner Version 2, 1, 0, 507 *
Play Finding Nemo: Nemo's Underwater World of Fun! *
Play Yohoho! *
Printer Driver Uninstall Version 1.0.3.0 *
Safer Networking Limited - Spybot - Search & Destroy Version 1, 5,
0, 0 *
Safer Networking Limited - SpyBot-S&D Version 1, 5, 0, 0 *
SigmaTel MSCN Audio Player Version 139, 0, 526, 1 *
Soeperman Enterprises Ltd. - HijackThis Version 1.99.0001 *
SpywareBlaster AutoUpdate Version 3.05.0001 *
SpywareBlaster Version 3.05.0001 *
Steven R. Gould - Windows CleanUp! Version 4.5.2 *
Sun Microsystems, Inc. - Java(TM) 2 Platform Standard Edition 5.0
Update 10 Version 5.0.100.3 *
Sun Microsystems, Inc. - Java(TM) Platform SE 6 U1 Version 6.0.10.6
*
Sun Microsystems, Inc. - Java(TM) Platform SE 6 U2 Version 6.0.20.6
*
Superbikes 2001 (2) *
ToniArts - EasyCleaner Version 2.0.6 *
Typing Method Editor Version 1.0.0.1 *
UpdateIPR.exe *
Vietcong *
WinZip Version 8.1 (4331) *
Zone Labs, LLC - Internet Access Monitor Version 7.0.408.000 *
Zone Labs, LLC - TrueVector Service Version 7.0.408.000 *
ZoneAlarm Client Version 7.0.408.000 *

Deckard Scanner Results:
Deckard's System Scanner v20070905.67
Run by Em & Laura on 2007-10-09 0806
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-10-09 0022 UTC - RP1172 - Deckard's System Scanner Restore Point
3: 2007-10-08 0832 UTC - RP1171 - Configured EasyCleaner
2: 2007-10-07 23:57:54 UTC - RP1170 - Deckard's System Scanner Restore Point
1: 2007-10-07 22:45:26 UTC - RP1169 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-09 08:09:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusnet.com.au/?brand=ODSL&panel=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader () - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: Yahoo! Chat () - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...OGAControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123929597589
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...859.8797916667
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.goldenriviera.com.au/cabs/svideo3.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/downlo...4/clearadj.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...60/mcfscan.cab
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.digitaldm.com/Plug-in/myebk/c/DIGITALDM2.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{DC47F318-4D98-41C5-9D68-E38C7794DF6F}: NameServer = 130.95.42.5,130.95.128.2
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 Devx - c:\windows\system32\drivers\devx.sys
R2 VtPr - c:\windows\system32\drivers\vtpr.sys

S1 tvtool - c:\program files\tvtool 6.8\tvtool.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 TPP300 (USB Storage Adapter V3 (TPP)) - c:\windows\system32\drivers\tpp300.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 iPodService - c:\program files\ipod\bin\ipodservice.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-09 01:45:25 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2004-10-07 06:24:07 432 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-09-09 and 2007-10-09 -----------------------------

2007-10-08 15:57:46 0 dr-h----- C:\Documents and Settings\Mark & Michelle.MICKNMARK\Recent
2007-10-08 10:17:17 0 d-------- C:\Documents and Settings\Em & Laura\Contacts
2007-10-08 09:53:58 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-08 09:04:37 0 d-------- C:\Documents and Settings\Em & Laura\Application Data\MailFrontier
2007-10-08 07:34:57 583368 --a------ C:\dss.exe
2007-10-08 07:29:16 0 d-------- C:\Program Files\SpywareBlaster
2007-10-08 07:23:31 0 d-------- C:\Program Files\zonedout
2007-10-08 07:21:31 0 d-------- C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\Viewpoint
2007-10-08 07:20:07 0 d-------- C:\Program Files\Spyware Blaster
2007-10-07 14:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-07 14:27:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-03 22:39:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-29 12:00:06 12293879 -----n--- C:\AVG7QT.DAT
2007-09-28 16:44:07 339257 --a------ C:\CleanUp452.exe <CLEANU~1.EXE>
2007-09-28 16:23:31 483809 --a------ C:\ntregopt-setup.exe <NTREGO~1.EXE> <Not Verified; Lars Hederer; >
2007-09-28 11:55:42 0 d-------- C:\Decrypted DVDs <DECRYP~1>
2007-09-28 11:07:13 0 d-------- C:\Program Files\DVD Decrypter
2007-09-28 10:55:45 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-28 10:55:40 0 d-------- C:\Program Files\DVD Shrink
2007-09-28 10:53:58 1117491 --a------ C:\dvdshrink32setup.exe <DVDSHR~1.EXE> <Not Verified; DVD Shrink; >
2007-09-28 10:48:14 0 d-------- C:\Program Files\New Folder
2007-09-25 07:46:53 0 d-------- C:\Program Files\SonicWallES
2007-09-21 10:58:31 30315296 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-18 09:25:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage


-- Find3M Report ---------------------------------------------------------------

2007-10-08 16:22:52 0 d-------- C:\Documents and Settings\Em & Laura\Application Data\Macromedia
2007-10-08 16:01:17 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-08 07:39:32 1484 --a------ C:\delete.bat
2007-10-08 0708 0 d-------- C:\Program Files\Windows Defender
2007-10-08 07:04:31 0 d-------- C:\Program Files\OptusNet DSL Internet
2007-10-08 07:04:26 0 d-------- C:\Program Files\QuickTime
2007-10-08 07:03:58 0 d-------- C:\Program Files\Lexmark 4200 Series
2007-10-08 07:03:55 0 d-------- C:\Program Files\MSN Messenger
2007-10-07 14:14:10 0 d-------- C:\Program Files\Yahoo!
2007-10-03 22:43:59 0 d-------- C:\Program Files\Lavasoft
2007-10-03 22:38:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-03 22:09:16 0 d-------- C:\Program Files\CCleaner
2007-09-30 13:57:05 0 d-------- C:\Program Files\Paint Shop Pro 6
2007-09-28 12:28:04 0 d-------- C:\Program Files\hegames
2007-09-24 09:37:52 2056 --a------ C:\Program Files\TDBIDXL.DAT
2007-09-24 09:37:52 4879 --a------ C:\Program Files\NETRKDB.DAT
2007-09-24 09:37:52 3080 --a------ C:\Program Files\CDBIDXL.DAT
2007-09-17 16:56:47 0 d-------- C:\Program Files\IncrediMail
2007-08-15 10:54:57 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [09/06/2004 10:50 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/01/2005 04:16 PM]
"nwiz"="nwiz.exe" [04/01/2005 04:16 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/01/2005 04:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/08/2006 10:09 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/14/2007 09:13 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 03:40 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/23/2006 05:06 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"C-Media Mixer"=Mixer.exe /startup
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
"ToniArts EasyCleaner"="C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD

6622 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-10-09 08:14:34 ------------


I have been unable to upload extra.txt to this thread because it is already attached to my previous posting so I will list it here:

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 1.60GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 767.49 MiB / 301.84 MiB
Pagefile Memory (total/avail): 1491.31 MiB / 950.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1967.91 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 16.53 GiB free.
D: is CDROM (No Media)
W: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Security Suite Firewall v7.0.408.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.408.000 (Check Point, LTD.)
AV: AVG 7.5.488 v7.5.488 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Dreamweaver\\Dreamweaver.exe"="C:\\Program Files\\Dreamweaver\\Dreamweaver.exe:*:Enabled:Dreamweaver"
"C:\\Program Files\\QuickTime\\iTunes.exe"="C:\\Program Files\\QuickTime\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Mark & Michelle.MICKNMARK\\Local Settings\\Temporary Internet Files\\Content.IE5\\M96TF34S\\incredimail_install[1].exe"="C:\\Documents and Settings\\Mark & Michelle.MICKNMARK\\Local Settings\\Temporary Internet Files\\Content.IE5\\M96TF34S\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Em & Laura\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MICKNMARK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Em & Laura
LOGONSERVER=\\MICKNMARK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\EM&LAU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\EM&LAU~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=MICKNMARK
USERNAME=Em & Laura
USERPROFILE=C:\Documents and Settings\Em & Laura
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mark & Michelle.MICKNMARK (admin)
Em & Laura (admin)
admin (admin)
Administrator.MICKNMARK (admin)
Owner (admin)
Emily (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type10841 / Success
Event Submitted/Written: 10/08/2007 04:20:59 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type10839 / Warning
Event Submitted/Written: 10/08/2007 04:00:56 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type10838 / Warning
Event Submitted/Written: 10/08/2007 04:00:56 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type10835 / Warning
Event Submitted/Written: 10/08/2007 03:57:24 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type10834 / Warning
Event Submitted/Written: 10/08/2007 03:57:24 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8139 / Warning
Event Submitted/Written: 10/09/2007 08:10:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICKNMARK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICKNMARK27 can't undo changes that you allow.

For more information please see the following:
%MICKNMARK275

Scan ID: {31372C91-A1E9-4B3E-B23D-1DA499598748}

User: MICKNMARK\Em & Laura

Name: %MICKNMARK271

ID: %MICKNMARK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICKNMARK276

Alert Type: %MICKNMARK278

Detection Type: 1.1.1593.02

Event Record #/Type8138 / Warning
Event Submitted/Written: 10/09/2007 08:10:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICKNMARK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICKNMARK27 can't undo changes that you allow.

For more information please see the following:
%MICKNMARK275

Scan ID: {7974CEA0-0B64-4FD7-B1A0-432C3504E43D}

User: MICKNMARK\Em & Laura

Name: %MICKNMARK271

ID: %MICKNMARK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICKNMARK276

Alert Type: %MICKNMARK278

Detection Type: 1.1.1593.02

Event Record #/Type8137 / Warning
Event Submitted/Written: 10/09/2007 08:10:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICKNMARK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICKNMARK27 can't undo changes that you allow.

For more information please see the following:
%MICKNMARK275

Scan ID: {E8DADF15-00E8-4763-B960-6CDE9D3929F3}

User: MICKNMARK\Em & Laura

Name: %MICKNMARK271

ID: %MICKNMARK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICKNMARK276

Alert Type: %MICKNMARK278

Detection Type: 1.1.1593.02

Event Record #/Type8136 / Warning
Event Submitted/Written: 10/09/2007 08:10:28 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICKNMARK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICKNMARK27 can't undo changes that you allow.

For more information please see the following:
%MICKNMARK275

Scan ID: {D5820E83-2CDD-4933-AB9E-39591D69E7F3}

User: MICKNMARK\Em & Laura

Name: %MICKNMARK271

ID: %MICKNMARK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICKNMARK276

Alert Type: %MICKNMARK278

Detection Type: 1.1.1593.02

Event Record #/Type8135 / Warning
Event Submitted/Written: 10/09/2007 08:10:28 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICKNMARK27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICKNMARK27 can't undo changes that you allow.

For more information please see the following:
%MICKNMARK275

Scan ID: {1C0E7D36-BA64-491E-9E22-E3F0FAF2483D}

User: MICKNMARK\Em & Laura

Name: %MICKNMARK271

ID: %MICKNMARK272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICKNMARK276

Alert Type: %MICKNMARK278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2007-10-09 08:14:34 ------------
micknmark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-14-2007, 11:16 PM   #2 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: Persistent Virus Issues
There may be a few files left over from P2P Networking so we need to make sure they are gone.



Download the program HostsXpert

When it opens, click on the Restore Original Hosts button and then exit Hoster.
=================================

Please download the OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===================================

Please download Combofix from HERE

Save ComboFix to the desktop.


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:


Quote:


Registry::
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 05:05 AM   #3 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 25
OS: xp


Re: Persistent Virus Issues
Hi
I've downloaded HostsXpert and have restored the original hosts. I have downloaded OTMoveIt by OldTimer, moved the files as requested but it won't create a log and I get an error message. There was no request to reboot at this point. I downloaded Combofix and ran it. Reports for it and Hijack This follow:

ComboFix 07-10-14.5 - Mark & Michelle 2007-10-15 18:41:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.332 [GMT 8:00]
Running from: C:\Documents and Settings\Mark & Michelle.MICKNMARK\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark & Michelle.MICKNMARK\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-Moz\buddy.dat
C:\Program Files\download plugin\DlPlugin-Moz\vendor.txt
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\setup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip


((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-15 18:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 18:33 353,055 --a------ C:\HostsXpert.zip
2007-10-15 18:32 210,432 --a------ C:\OTMoveIt.exe
2007-10-15 07:16 <DIR> C:\Documents and Settings\Mark 2007-10-15 07:16 <DIR> Michelle.MICKNMARK\Recent
2007-10-10 07:56 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 10:11 125,809 --a------ C:\cc_20071009_1011.reg
2007-10-09 09:52 41,412,496 --a------ C:\zaZA_Setup_en.exe
2007-10-08 10:17 <DIR> C:\Documents and Settings\Em 2007-10-08 10:17 <DIR> Laura\Contacts
2007-10-08 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-08 07:56 <DIR> d-------- C:\Deckard
2007-10-08 07:34 583,368 --a------ C:\dss.exe
2007-10-08 07:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 07:23 <DIR> d-------- C:\Program Files\zonedout
2007-10-08 07:21 <DIR> C:\Documents and Settings\Mark 2007-10-08 07:21 <DIR> Michelle.MICKNMARK\Application Data\Viewpoint
2007-10-08 07:20 <DIR> d-------- C:\Program Files\Spyware Blaster
2007-10-07 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-07 14:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-03 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-29 12:00 12,293,879 --------- C:\AVG7QT.DAT
2007-09-28 11:55 <DIR> d-------- C:\Decrypted DVDs
2007-09-28 11:07 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-09-28 10:55 <DIR> d-------- C:\Program Files\DVD Shrink
2007-09-28 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-28 10:48 <DIR> d-------- C:\Program Files\New Folder
2007-09-25 07:46 <DIR> d-------- C:\Program Files\SonicWallES
2007-09-21 10:58 52,269,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-18 09:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-09-15 15:56 355,840 --a------ C:\HostsXpert.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 10:47 701,060 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-15 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-14 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 06:47 1,590 ----a-w C:\delete.bat
2007-10-10 03:33 --------- d-----w C:\Program Files\Windows Defender
2007-10-10 03:25 --------- d-----w C:\Program Files\QuickTime
2007-10-10 03:24 --------- d-----w C:\Program Files\OptusNet DSL Internet
2007-10-10 03:22 --------- d-----w C:\Program Files\Lexmark 4200 Series
2007-10-10 00:28 --------- d-----w C:\Program Files\Paint Shop Pro 6
2007-10-09 07:07 140,288 ----a-w C:\vcleaner.exe
2007-10-07 23:21 --------- d-----w C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\Viewpoint
2007-10-07 23:03 --------- d-----w C:\Program Files\MSN Messenger
2007-10-07 06:14 --------- d-----w C:\Program Files\Yahoo!
2007-10-04 07:52 --------- d-----w C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\MailFrontier
2007-10-03 14:43 --------- d-----w C:\Program Files\Lavasoft
2007-10-03 14:43 --------- d-----w C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\Lavasoft
2007-10-03 14:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-03 14:09 --------- d-----w C:\Program Files\CCleaner
2007-09-28 04:28 --------- d-----w C:\Program Files\hegames
2007-09-24 01:37 4,879 ----a-w C:\Program Files\NETRKDB.DAT
2007-09-24 01:37 3,080 ----a-w C:\Program Files\CDBIDXL.DAT
2007-09-24 01:37 2,056 ----a-w C:\Program Files\TDBIDXL.DAT
2007-09-18 01:23 537,152 ----a-w C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\GDIPFONTCACHEV1.DAT
2007-09-17 08:56 --------- d-----w C:\Program Files\IncrediMail
2007-09-06 08:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-08-15 02:54 --------- d-----w C:\Program Files\Java
2007-01-03 09:01 205,312 ----a-w C:\Documents and Settings\MARK&M~1\ebook.exe
2006-07-20 10:12 14,651,960 ----a-w C:\Program Files\eRecord_v5-1_Setup.EXE
2006-06-08 02:27 37,311,488 ----a-w C:\Program Files\iTunesSetup.exe
2006-05-26 13:00 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-05-26 12:40 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-05-26 12:40 1,455,784 ----a-w C:\Program Files\ccsetup129.exe
2006-05-26 12:35 488,144 ----a-w C:\Program Files\HJTsetup.exe
2006-02-24 06:41 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-01-23 02:38 2,225,728 ----a-w C:\Program Files\allofmp3_setup_2.exe
2005-12-26 02:09 2,356 ----a-w C:\Program Files\NECDB.DAT
2005-05-23 04:26 2,526,416 ----a-w C:\Program Files\Shockwave_Installer_Slim.exe
2005-04-24 10:59 6,526,608 ----a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2005-04-01 08:54 536,336 ----a-w C:\Documents and Settings\Em & Laura\Application Data\GDIPFONTCACHEV1.DAT
2004-08-24 09:27 32,060 ------w C:\WINDOWS\Fonts\punch.exe
2004-08-24 09:26 85,039 ------w C:\WINDOWS\Fonts\ropemf.exe
2003-11-23 12:59 8,676,536 ----a-w C:\Program Files\RealOnePlayerV2GOLD.exe
2003-09-29 04:00 7,874 ----a-w C:\Program Files\Rollover.wav
2003-09-29 04:00 1,736,704 ----a-w C:\Program Files\Ultimate 101 Games.exe
2003-09-29 04:00 1,623 ----a-w C:\Program Files\Butclick.wav
2002-09-13 05:20 3,547,884 ----a-w C:\Program Files\AGFAnet Print Service Client NT.exe
2001-10-05 04:53 21,866 ----a-w C:\Program Files\Common Files\tppupd2k.dll
2006-09-28 11:57:54 88 --sh--r C:\WINDOWS\system32\2F799D0B8F.sys
2006-10-05 08:56:36 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2004-09-06 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 09:13]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-08 10:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-09-28 16:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"C-Media Mixer"=Mixer.exe /startup
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
"ToniArts EasyCleaner"="C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -s -startup

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys
R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys
R3 glauiad;D-Link DSL-302G Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S1 tvtool;tvtool;\??\C:\Program Files\TVTool 6.8\tvtool.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 S3Inc;S3Inc;C:\WINDOWS\system32\DRIVERS\s3mt3d.sys
S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-15 10:52:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2004-10-06 22:24:07 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 18:50:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 18:54:26 - machine was rebooted
.
--- E O F ---


Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 19:05, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nsw.optushome.com.au:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123929597589
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} - http://www.goldenriviera.com.au/cabs/svideo3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...60/mcfscan.cab
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} - http://www.digitaldm.com/Plug-in/myebk/c/DIGITALDM2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC47F318-4D98-41C5-9D68-E38C7794DF6F}: NameServer = 130.95.42.5,130.95.128.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
micknmark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2007, 04:38 PM   #4 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: Persistent Virus Issues
That looks better.How are things your end.Just need to run an online scanner...



Go to http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.


  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan

        Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
Eddy
Last edited by Pancake; 10-15-2007 at 04:40 PM.
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 02:35 AM   #5 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 25
OS: xp


Re: Persistent Virus Issues
Hi,
I did a Kaspersky scan and a Panda Activescan; my own virus scanning using AVG, Spybot and Adaware scanned yesterday with no errors. Details herewith:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-10-16 16:30
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/10/2007
Kaspersky Anti-Virus database records: 409655
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
W:\

Scan Statistics:
Total number of scanned objects: 76105
Number of viruses found: 1
Number of infected objects: 0
Number of suspicious objects: 9
Duration of the scan process: 02:55:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\MailFrontier\reginfo.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2abed61020a445dea55ac63789d8c0f5_ca1b9280-1b20-431e-a89e-cf3db61dc666 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ca001f245ba38051cec3241b82ccfc6_ca1b9280-1b20-431e-a89e-cf3db61dc666 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41c682f00817352aec30fc5118fa8dc0_ca1b9280-1b20-431e-a89e-cf3db61dc666 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4421152a83bee8b3d33f7ff20487b23_ca1b9280-1b20-431e-a89e-cf3db61dc666 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b76e8b9f22819028b998f892b3de8323_ca1b9280-1b20-431e-a89e-cf3db61dc666 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbde830937646c3160c6ab9b644b0310_ca1b9280-1b20-431e-a89e-cf3db61dc666 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12212006-145119.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\Microsoft\Outlook\Farmer.NK2 Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\Microsoft\Outlook\Farmer.srs Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Julia Mitchell" <julia-maree@healyss.qld.edu.au>][Date Sat, 5 Oct 2002 05:35:40 +0800 (WST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Julia Mitchell" <julia-maree@healyss.qld.edu.au>][Date Sat, 5 Oct 2002 05:35:40 +0800 (WST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Melina Tati" <diva4you@wantree.com.au>][Date Mon, 7 Oct 2002 19:43:51 +1000 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Melina Tati" <diva4you@wantree.com.au>][Date Mon, 7 Oct 2002 19:43:51 +1000 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Chris & Sharyn O'Keefe" <tarjade@modernhomeimprovers.com.au>][Date Thu, 10 Oct 2002 19:54:29 +0800 (WST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Chris & Sharyn O'Keefe" <tarjade@modernhomeimprovers.com.au>][Date Thu, 10 Oct 2002 19:54:29 +0800 (WST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Peta" <pebbles1@satisfac.com.au>][Date Fri, 11 Oct 2002 14:41:08 +0930 (CST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Peta" <pebbles1@satisfac.com.au>][Date Fri, 11 Oct 2002 14:41:08 +0930 (CST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Identities\{750334C0-AD59-4F97-B91E-ACD9C20947DF}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 8 skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{39C29386-3BF2-4A71-93CD-E5282489ACB2} Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\History\History.IE5\MSHist012007101620071017\index.dat Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\Acr78E4.tmp Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\~DF4848.tmp Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\~DF4872.tmp Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\~DF5990.tmp Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\~DF59BA.tmp Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\~DFD6FD.tmp Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\~WRD0005.doc Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\~WRS0003.tmp Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mark & Michelle.MICKNMARK\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000005.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F59A6155-41EF-4504-A049-198FE1A35F71}\RP1180\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MICKNMARK.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CCD5EFE2-4435-432E-9B89-C25E12271F56}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ActiveScan\Panda ActiveScanPSK_NAMES Object is locked skipped
C:\WINDOWS\system32\ActiveScan\Panda ActiveScanPSK_NAMES2 Object is locked skipped
C:\WINDOWS\system32\asfiles.txt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_198.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0062e.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT00631.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Panda Activescan Results:

Incident Status Location

Adware:Adware/WebSearch Not disinfected C:\DOCUME~1\MARK&M~1.MIC\LOCALS~1\Temp\{7E51D~1\_extra\objects\cmdline.dll
Adware:Adware/WebSearch Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\EM&LAU~1\LOCALS~1\Temp\{3266AD3B-3A28-422B-A60F-E0D714B428AC}\_extra\objects\cmdline.dll
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mark & Michelle.MICKNMARK\Cookies\mark_&_michelle@statse.webtrendslive[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Mark & Michelle.MICKNMARK\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Mark & Michelle.MICKNMARK\Desktop\ComboFix.exe[nircmd.cfexe]
Adware:Adware/WebSearch Not disinfected C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\{7E51DC08-14D4-4BBB-831F-958D35DADBDE}\_extra\objects\cmdline.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\ahead\Nero-6.6.1.15a.exe[Toolbar.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Hacktool:Exploit/iFrame Not disinfected Local Folders\Deleted Items\Fwd: FW: For the girlies
Hacktool:Exploit/iFrame Not disinfected Local Folders\Deleted Items\Re: Hello from ED !!!
Hacktool:Exploit/iFrame Not disinfected Local Folders\Deleted Items\Re: Oliver Twist postage info
Hacktool:Exploit/iFrame Not disinfected Local Folders\Deleted Items\Re: upcoming meeting
Attached Files
File Type: txt Activescan.txt (4.7 KB, 1 views)
File Type: txt KASPERSKY REPORT.txt (29.6 KB, 1 views)
micknmark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 03:04 AM   #6 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: Persistent Virus Issues
Ok.That looks good.You should be fine now..




Now that you are clean,and If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..they can be done at your leisure.



THESE STEPS ARE VERY IMPORTANT

(ITEM 1)

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.



A To disable the System Restore feature:

1. Click on the Start button.
2. Go to My Computer icon on the desktop, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.
========================================
( ITEM 2)

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.



=========================================

Is your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version if required.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u3 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.

Click the
Download
button to the right.
Check the box that says:
Accept License Agreement.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.




========================================================

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster here here (http://majorgeeks.com/downloadget.ph...7615f4682b4cef)
SpywareBlaster tutorial (http://www.bleepingcomputer.com/forums/tutorial49.html)

Download iespyad
It puts many bad webpages on your restricted zones list. This means that you can still view the
bad
webpages, but the webpages cannot do certain things (such as use javascripts and cookies).

Download it here (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe)

hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok



Keep Anti Virus Software updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. See here (http://www.snapfiles.com/Freeware/security/fwvirus.html) to choose one.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
Here (http://www.snapfiles.com/Freeware/se...wfirewall.html) are some Vista compatible firewalls also.



Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.

Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).

Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:

Open Internet Explorer. Go to Tools > Internet Options….
On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected).
Under Security level for this zone, click Default Level. Set the slider to High.
Note: You may have to lower the security level to view certain Web sites.
Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium.
Click Apply, then OK to save the changes.


Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link:

http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:

http://www.spywarewarrior.com/asw-test-guide.htm



Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 07:51 AM   #7 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 25
OS: xp


Re: Persistent Virus Issues
Thanks Pancake, I have completed the steps as outlined in your last post however I would have thought that the following from Kaspersky might indicate I still have problems?

Scan Statistics:
Total number of scanned objects: 76105
Number of viruses found: 1
Number of infected objects: 0
Number of suspicious objects: 9
Duration of the scan process: 02:55:47

Cheers
Michelle
micknmark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 08:11 AM   #8 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 25
OS: xp


Re: Persistent Virus Issues
Hi Pancake, I just checked my AVG scanning results from today and I found that I have had a couple of Trojan's picked up:

Trojan Horse generic5.hma
C:\Install stuff\1942\V1.1 server\patch\fdx-bf1942s-v1.1-private-server.rar
Trojan Horse generic5.hma
C:\Install stuff\1942\V1.1 server\patch\fdx-bf1942s-v1.1-private-server.rar:\keygen\keygen.exe

Are these okay or do I need to do something about them?
Cheers
Michelle
micknmark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 04:40 PM   #9 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: Persistent Virus Issues
Did you have get a crack/keygen to run Battle Field 1942.If so then remove these because you are running an illegal program.



Please download the OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\Install stuff\1942\V1.1 server\patch\fdx-bf1942s-v1.1-private-server.rar
C:\Install stuff\1942\V1.1 server\patch\fdx-bf1942s-v1.1-private-server.rar:\keygen\keygen.exe
C:\Documents and Settings\Mark & Michelle.MICKNMARK\Local Settings\Temp\{7E51DC08-14D4-4BBB-831F-958D35DADBDE}\_extra\objects\cmdline.dll




Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 06:27 PM   #10 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 25
OS: xp


Re: Persistent Virus Issues
Thanks, I've done the OTMoveit as per your instructions. Can you tell me what this program does? I'm not familiar with it. Can I use it the same way if I get the same problem again? I don't remember downloading a keygen or crack for Battlefield 1942 but then just thought I'd remove it from the Add or Remove Programs screen and its not listed there either.
Is there anything else I need to do?
I'll run an AVG scan again this morning and see what comes out of it. In the meantime, I've posted a fresh HJT log fyi.
Cheers
Michelle

Logfile of HijackThis v1.99.1
Scan saved at 08:24, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nsw.optushome.com.au:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1123929597589
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} - http://www.goldenriviera.com.au/cabs/svideo3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...60/mcfscan.cab
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} - http://www.digitaldm.com/Plug-in/myebk/c/DIGITALDM2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC47F318-4D98-41C5-9D68-E38C7794DF6F}: NameServer = 130.95.42.5,130.95.128.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
micknmark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 06:37 PM   #11 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: Persistent Virus Issues
Your log is fine now.OTMoveit removes files and yes you can use it but just be carefull what files you remove.
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 06:51 PM   #12 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 25
OS: xp


Re: Persistent Virus Issues
Thanks Pancake. I'll lyk if AVG turns anything up and I'll run another Kaspersky scan today too.
Cheers
Michelle
micknmark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-16-2007, 10:31 PM   #13 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 25
OS: xp


Re: Persistent Virus Issues
Hi Pancake, the AVG scan turned up the same virus in the same files only located in the OTMoveit directory. I have rebooted the system. What now?
Cheers
Michelle
micknmark is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-17-2007, 01:09 AM   #14 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: Persistent Virus Issues
You are all finished..done.If you wish you can remove OTMoveIt.
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:12 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85