|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-26-2005, 07:36 AM
|
#21 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
After running the last batch, you should get a log.
If you didnt, it's located at C:\findlop.txt. Post the contents here.
__________________
Question - what have you done for the community today? Last edited by sUBs; 08-26-2005 at 07:55 AM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-26-2005, 08:27 AM
|
#22 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
Volume in drive C is 40 g comp #2
Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Administrator\Application Data 09/13/2002 02:52 PM <DIR> Adobe 09/13/2002 02:17 PM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 10/12/2003 08:57 AM <DIR> Share-to-Web Upload Folder 0 File(s) 0 bytes 4 Dir(s) 121,850,261,504 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\All Users\Application Data 04/30/2005 07:48 PM <DIR> Apple Computer 12/10/2003 08:41 PM <DIR> Fellowes 08/25/2005 07:49 PM <DIR> ITCHNAMEPROCDRIVE 06/17/2004 03:21 PM <DIR> MSN Messenger 6.2.0137 11/29/2002 03:33 PM <DIR> MSN6 12/02/2002 03:01 PM <DIR> QuickTime 09/18/2004 04:17 PM <DIR> Spybot - Search & Destroy 04/13/2005 07:50 AM <DIR> Symantec 04/26/2004 10:20 AM <DIR> Viewpoint 0 File(s) 0 bytes 9 Dir(s) 121,850,257,408 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Ann\Application Data 09/13/2002 02:52 PM <DIR> Adobe 08/25/2005 09:00 AM <DIR> DENT DATE 01/27/2004 01:23 PM <DIR> ICQ 09/13/2002 02:17 PM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 10/15/2004 12:13 PM <DIR> Lavasoft 06/16/2004 01:45 PM <DIR> Macromedia 08/21/2005 07:05 AM <DIR> MSN6 08/26/2005 05:47 AM <DIR> Purethelive 05/25/2004 12:14 PM <DIR> Real 06/24/2003 08:18 AM <DIR> Share-to-Web Upload Folder 04/13/2005 12:05 PM <DIR> Symantec 0 File(s) 0 bytes 12 Dir(s) 121,850,257,408 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Ray\Application Data 09/13/2002 02:52 PM <DIR> Adobe 04/30/2005 07:49 PM <DIR> Apple Computer 01/30/2005 07:16 PM <DIR> ArcSoft 05/23/2004 02:49 PM <DIR> EBookSys 02/27/2005 01:49 PM <DIR> EPSON 05/26/2005 06:06 PM <DIR> funkitron 11/23/2003 06:13 PM <DIR> Help 01/18/2004 06:49 PM <DIR> ICQ 11/30/2004 11:43 AM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 09/20/2004 07:23 AM <DIR> Lavasoft 12/10/2003 08:42 PM <DIR> Leadertech 01/18/2004 07:20 PM <DIR> Macromedia 06/29/2003 07:32 PM <DIR> Microsoft Web Folders 11/08/2004 02:30 PM <DIR> Mozilla 08/21/2005 07:05 AM <DIR> MSN6 05/23/2004 08:03 AM <DIR> Real 05/09/2003 11:00 PM <DIR> Share-to-Web Upload Folder 12/08/2004 08:08 AM <DIR> Smart Panel 04/13/2005 08:03 AM <DIR> Symantec 11/08/2004 02:30 PM <DIR> Talkback 11/29/2002 04:02 PM <DIR> Template 08/21/2005 08:53 PM <DIR> Trend Micro 06/05/2004 12:05 AM <DIR> Yahoo! Messenger 0 File(s) 0 bytes 24 Dir(s) 121,850,257,408 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Default User\Application Data 09/13/2002 02:52 PM <DIR> . 09/13/2002 02:52 PM <DIR> .. 09/13/2002 07:05 AM 62 desktop.ini 1 File(s) 62 bytes 2 Dir(s) 121,850,257,408 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\LocalService\Application Data Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues [TRACE] Activating job 'Norton AntiVirus - Scan my computer - Ray.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 00/00/0000 0:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_NOT_SCHEDULED ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 No triggers [TRACE] Activating job 'Norton AntiVirus - Scan my computer.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/19/2005 20:00:00 NextRun: 08/26/2005 20:00:00 StartError: S_OK ExitCode: 0x40010004 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 20:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Norton SystemWorks One Button Checkup.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Norton SystemWorks\OBC.exe' Parameters: ' /CUSTOM /SCHEDULE' WorkingDirectory: '' Comment: '' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 30 IdleDeadline: 0 MostRecentRun: 08/19/2005 17:30:00 NextRun: 08/26/2005 17:30:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 17:30 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec Drmc.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe' Parameters: ' /CUSTOM /SCHEDULE' WorkingDirectory: '' Comment: '' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 30 IdleDeadline: 0 MostRecentRun: 08/26/2005 0:00:00 NextRun: 08/27/2005 0:00:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec NetDetect.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE' Parameters: '' WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate' Comment: 'Symantec NetDetect' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/26/2005 6:48:00 NextRun: 08/26/2005 10:48:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 08/26/2005 EndDate: 00/00/0000 StartTime: 10:48 MinutesDuration: 1440 MinutesInterval: 240 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 |
|
|
|
|
08-26-2005, 08:41 AM
|
#23 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
If you have rebooted since your last Hijackthis log, let me know.
Please download & install CleanUp.exe 'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise. If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS Run a scan with HiJackThis & select/tick the following & click "Fix checked" : O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ann\APPLIC~1\DENTDA~1\Fork Loud.exe O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\BookGrim.exe = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab.
Locate and delete the following folders, if present:
Let me know if you cannot find these folders = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following:
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Reboot your computer & post fresh logs for HijackThis & Findlop.txt
__________________
Question - what have you done for the community today? |
|
|
|
|
08-26-2005, 02:05 PM
|
#24 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
Ray,
Do you have Messenger Plus installed on your machine? Please login as the user "Ann" & obtain a HijackThis log from there. This is in addition to the one done from your own user profile.
__________________
Question - what have you done for the community today? |
|
|
|
|
08-27-2005, 06:30 AM
|
#25 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
Sorry I had to leave town for a bit with familly med problem and I did not
compleated all the tasks you asked for. I have not re-booted the puter. Not sure what I should do at this point so I am going to run a HJT log from Ann. ((Please login as the user "Ann" & obtain a Hijack)) I see where you asked me to run clean up I will run that second?? Sorry I got out of the flow. Ray |
|
|
|
|
08-27-2005, 10:00 AM
|
#27 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
Trying again to send Ann's HJT log.
Logfile of HijackThis v1.98.2 Scan saved at 10:30:34 AM, on 8/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\System32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\Messenger\msmsgs.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\unzipped\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://welzspoqxcjvqa.org/hwSw1WeaT3...YZ/QL4H0Dw.cgi R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elbnwwlhupkyib.com/hwSw1W...qqGt3ruZI.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ray\APPLIC~1\DENTDA~1\Fork Loud.exe O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on COMPUTER-3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P38 "Auto EPSON Stylus CX5400 on COMPUTER-3" /O20 "\\COMPUTER-3\Printer" /M "Stylus CX5400" O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\UserFork.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Config Printer] webprint.exe O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ann\APPLIC~1\PURETH~1\keep mess.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://invite.mshow.com/(j1tw2345cus...ShowSetup5.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab |
|
|
|
|
08-27-2005, 10:26 AM
|
#28 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
Please do the fix I listed in post #23 for the user "Ray".
After that, reboot as user "Ann". Have HijackThis fix these entries: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://welzspoqxcjvqa.org/hwSw1WeaT...2YZ/QL4H0Dw.cgi R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elbnwwlhupkyib.com/hwSw1...rqqGt3ruZI.html O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ray\APPLIC~1\DENTDA~1\Fork Loud.exe O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\UserFork.exe O4 - HKCU\..\Run: [Config Printer] webprint.exe O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ann\APPLIC~1\PURETH~1\keep mess.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://invite.mshow.com/(j1tw2345cu.../ShowSetup5.cab The previous log for Ann was done using an older version of HijackThis. I require a new log from the newer version - v1.99.1. To avoid any future mix-ups, delete the older version.
__________________
Question - what have you done for the community today? |
|
|
|
|
08-27-2005, 11:20 AM
|
#29 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
Sorry for my errors in trying to follow your instr. to the letter. :(
I set-up Ann with 199 of HJT and deleted all old. Then DL cleanUp which is sitting on my deck top. Severial things have stopped me from your other instuctions on 23: #1 Under the Scan, the following words were there not what you wanted. O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ann\APPLIC~1\DENTDA~1\Fork Loud.exe (((Only find ray)))) O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\BookGrim.exe ((((User Fork.exe))))) Under Documents & Settings: The two statements would not delete, Itchnameprocdrive & Dent date Says that others are using puter,..... all programs in both Ray & Ann were closed pryor. I hope I am not out of the sequence of events that you need? If so please advise and I will stay with this through the day!! Trying to get better at this it really is very interesting and complacated to this novice!! Thanks. Ray |
|
|
|
|
08-27-2005, 11:25 AM
|
#30 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
At this very moment, I'm even more confused than you are.
 Since we have gone out of sequence, let's start afresh. Give me these logs (fresh).. HijackThis log - Ann & Ray Fl.bat's log
__________________
Question - what have you done for the community today? |
|
|
|
|
08-27-2005, 11:45 AM
|
#31 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
Ok Thank you.
Logfile of HijackThis v1.99.1 Scan saved at 12:43:58 PM, on 8/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\System32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\Messenger\msmsgs.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Ann\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://welzspoqxcjvqa.org/hwSw1WeaT3...YZ/QL4H0Dw.cgi R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elbnwwlhupkyib.com/hwSw1W...qqGt3ruZI.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ray\APPLIC~1\DENTDA~1\Fork Loud.exe O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on COMPUTER-3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P38 "Auto EPSON Stylus CX5400 on COMPUTER-3" /O20 "\\COMPUTER-3\Printer" /M "Stylus CX5400" O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\UserFork.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Config Printer] webprint.exe O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ann\APPLIC~1\PURETH~1\keep mess.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://invite.mshow.com/(j1tw2345cus...ShowSetup5.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
08-27-2005, 11:48 AM
|
#32 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
Second log is from Ray
Logfile of HijackThis v1.99.1 Scan saved at 12:47:35 PM, on 8/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\System32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Ray\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ohukwtbhwkusap.com/WB0RtG...ZxtnBdknx.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wtecfysrlkhbbeypu.uk/WB0R...E/sdJXDpEM.htm N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.pzphwgbxqakzapvxhb.com/WB0RtGMhrpLHu72boEtJ7pcQoJi3QeR4DE/sdJXDpEM.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\nst0z0rm.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\nst0z0rm.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ray\APPLIC~1\DENTDA~1\Fork Loud.exe O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on COMPUTER-3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P38 "Auto EPSON Stylus CX5400 on COMPUTER-3" /O20 "\\COMPUTER-3\Printer" /M "Stylus CX5400" O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\UserFork.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU" O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ray\APPLIC~1\PURETH~1\keep mess.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: Pop-Up Stopper.lnk = C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://invite.mshow.com/(j1tw2345cus...ShowSetup5.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
08-27-2005, 11:52 AM
|
#33 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
And last (3rd) FLbat.log (Ray)
Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Administrator\Application Data 09/13/2002 02:52 PM <DIR> Adobe 09/13/2002 02:17 PM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 08/26/2005 12:10 PM <DIR> Purethelive 10/12/2003 08:57 AM <DIR> Share-to-Web Upload Folder 0 File(s) 0 bytes 5 Dir(s) 118,043,299,840 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\All Users\Application Data 04/30/2005 07:48 PM <DIR> Apple Computer 12/10/2003 08:41 PM <DIR> Fellowes 08/26/2005 07:51 PM <DIR> ITCHNAMEPROCDRIVE 06/17/2004 03:21 PM <DIR> MSN Messenger 6.2.0137 11/29/2002 03:33 PM <DIR> MSN6 12/02/2002 03:01 PM <DIR> QuickTime 09/18/2004 04:17 PM <DIR> Spybot - Search & Destroy 04/13/2005 07:50 AM <DIR> Symantec 04/26/2004 10:20 AM <DIR> Viewpoint 0 File(s) 0 bytes 9 Dir(s) 118,043,295,744 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Ann\Application Data 09/13/2002 02:52 PM <DIR> Adobe 08/26/2005 12:10 PM <DIR> DENT DATE 01/27/2004 01:23 PM <DIR> ICQ 09/13/2002 02:17 PM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 10/15/2004 12:13 PM <DIR> Lavasoft 06/16/2004 01:45 PM <DIR> Macromedia 08/27/2005 07:32 AM <DIR> Mozilla 08/21/2005 07:05 AM <DIR> MSN6 08/26/2005 12:10 PM <DIR> Purethelive 05/25/2004 12:14 PM <DIR> Real 06/24/2003 08:18 AM <DIR> Share-to-Web Upload Folder 04/13/2005 12:05 PM <DIR> Symantec 08/27/2005 07:32 AM <DIR> Talkback 0 File(s) 0 bytes 14 Dir(s) 118,043,295,744 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Ray\Application Data 09/13/2002 02:52 PM <DIR> Adobe 04/30/2005 07:49 PM <DIR> Apple Computer 01/30/2005 07:16 PM <DIR> ArcSoft 08/26/2005 07:51 PM <DIR> DENT DATE 05/23/2004 02:49 PM <DIR> EBookSys 02/27/2005 01:49 PM <DIR> EPSON 05/26/2005 06:06 PM <DIR> funkitron 11/23/2003 06:13 PM <DIR> Help 01/18/2004 06:49 PM <DIR> ICQ 11/30/2004 11:43 AM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 09/20/2004 07:23 AM <DIR> Lavasoft 12/10/2003 08:42 PM <DIR> Leadertech 01/18/2004 07:20 PM <DIR> Macromedia 06/29/2003 07:32 PM <DIR> Microsoft Web Folders 11/08/2004 02:30 PM <DIR> Mozilla 08/21/2005 07:05 AM <DIR> MSN6 08/26/2005 07:51 PM <DIR> Purethelive 05/23/2004 08:03 AM <DIR> Real 05/09/2003 11:00 PM <DIR> Share-to-Web Upload Folder 12/08/2004 08:08 AM <DIR> Smart Panel 04/13/2005 08:03 AM <DIR> Symantec 11/08/2004 02:30 PM <DIR> Talkback 11/29/2002 04:02 PM <DIR> Template 08/21/2005 08:53 PM <DIR> Trend Micro 06/05/2004 12:05 AM <DIR> Yahoo! Messenger 0 File(s) 0 bytes 26 Dir(s) 118,043,295,744 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Default User\Application Data 09/13/2002 02:52 PM <DIR> . 09/13/2002 02:52 PM <DIR> .. 09/13/2002 07:05 AM 62 desktop.ini 1 File(s) 62 bytes 2 Dir(s) 118,043,295,744 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\LocalService\Application Data Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues [TRACE] Activating job 'B01A51559149C075.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\ann\applic~1\pureth~1\peak for show.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Ann' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/27/2005 12:00:00 NextRun: 08/27/2005 13:00:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/10/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'BAAFB52F93F0234B.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\ray\applic~1\pureth~1\peak for show.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/27/2005 12:00:00 NextRun: 08/27/2005 13:00:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/25/1995 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Norton AntiVirus - Scan my computer - Ray.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 00/00/0000 0:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_NOT_SCHEDULED ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 No triggers [TRACE] Activating job 'Norton AntiVirus - Scan my computer.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/26/2005 20:00:00 NextRun: 09/02/2005 20:00:00 StartError: S_OK ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 20:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Norton SystemWorks One Button Checkup.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Norton SystemWorks\OBC.exe' Parameters: ' /CUSTOM /SCHEDULE' WorkingDirectory: '' Comment: '' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 30 IdleDeadline: 0 MostRecentRun: 08/26/2005 17:30:00 NextRun: 09/02/2005 17:30:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 17:30 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec Drmc.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe' Parameters: ' /CUSTOM /SCHEDULE' WorkingDirectory: '' Comment: '' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 30 IdleDeadline: 0 MostRecentRun: 08/27/2005 0:00:00 NextRun: 08/28/2005 0:00:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec NetDetect.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE' Parameters: '' WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate' Comment: 'Symantec NetDetect' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/27/2005 10:48:00 NextRun: 08/27/2005 14:48:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 08/27/2005 EndDate: 00/00/0000 StartTime: 14:48 MinutesDuration: 1440 MinutesInterval: 240 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 |
|
|
|
|
08-27-2005, 12:30 PM
|
#34 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
Okay.. I will make this real easy.
Please save these intructions to Notepad. We cannot have your browsers opened. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Reboot to Safe Mode. Go to Start > Run - type cmd <Press Enter> type attrib -h -r -s C:\Windows\Tasks\*.* <Press Enter> type exit <Press Enter> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab.
Navigate to this directory - C:\Windows\Tasks\ Delete these : 'B01A51559149C075.job' 'BAAFB52F93F0234B.job' If you find anything that looks similar, delete them as well. These are legit: (dont delete them) 'Norton AntiVirus - Scan my computer - Ray.job' 'Norton AntiVirus - Scan my computer.job' 'Norton SystemWorks One Button Checkup.job' 'Symantec Drmc.job' Locate and delete these other folders:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following:
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = REBOOT TO NORMAL MODE - as Ann Do not open any browsers & have HijackThis fix these: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://welzspoqxcjvqa.org/hwSw1WeaT...2YZ/QL4H0Dw.cgi R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elbnwwlhupkyib.com/hwSw1...rqqGt3ruZI.html O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ray\APPLIC~1\DENTDA~1\Fork Loud.exe O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\UserFork.exe O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ann\APPLIC~1\PURETH~1\keep mess.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZPxdm182 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = REBOOT TO NORMAL MODE - as Ray Do not open any browsers & have HijackThis fix these: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ohukwtbhwkusap.com/WB0Rt...xtnBdknx.htm l R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wtecfysrlkhbbeypu.uk/WB0...DE/sdJXDpEM.htm N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.pzphwgbxqakzapvxhb.com/WB0RtGMhrpLHu72boEtJ7pcQoJi3QeR4DE/sdJXDpEM.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\n st0z0rm.slt\prefs.j O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ray\APPLIC~1\DENTDA~1\Fork Loud.exe O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\UserFork.exe O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ray\APPLIC~1\PURETH~1\keep mess.exe After you have done that, Perform an online scan with Internet Explorer with Panda ActiveScan
In your next reply, I would require these logs: Online scan HijackThis - Ann & Ray Fl.bat's log
__________________
Question - what have you done for the community today? Last edited by sUBs; 08-27-2005 at 12:31 PM. |
|
|
|
|
08-27-2005, 08:07 PM
|
#35 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
This is the Panda Activescan:
I will be doing the HJT Ann & Ray Next and FL.bat's log I am learning a ton! Thanks  Incident Status Location Spyware:spyware/cydoor No disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll Adware:adware/mywebsearch No disinfected C:\WINDOWS\SYSTEM32\f3pssavr.scr Adware:adware/adroar No disinfected C:\WINDOWS\artmmp.ini Adware:adware/ncase No disinfected C:\WINDOWS\msbb.exe.temp Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys Spyware:spyware/aveo-attune No disinfected C:\PROGRAM FILES\Aveo Spyware:spyware/dyfuca No disinfected C:\WINDOWS\STWSI Spyware:spyware/media-motor No disinfected Windows Registry Adware:Adware/Lop No disinfected C:\!Submit\FORK LOUD.0XE Virus:Trj/Downloader.BTF Disinfected C:\Program Files\SB\Smart-Browser\BHO.0.1.0.155.dll Adware:Adware/Lop No disinfected C:\unzipped\hijackthis\backups\backup-20050823-211428-257.dll Adware:Adware/Adroar No disinfected C:\WINDOWS\cpruninst.exe Adware:Adware/Lop No disinfected C:\WINDOWS\m7.exe Adware:Adware/MyDailyHoroscopeNo disinfected C:\WINDOWS\setup_silent_17304.exe Adware:Adware/Udpmod No disinfected C:\WINDOWS\udpmod.dll Adware:Adware/Adroar No disinfected D:\WINDOWS\cpruninst.exe Adware:Adware/Lop No disinfected D:\WINDOWS\m7.exe Adware:Adware/MyDailyHoroscopeNo disinfected D:\WINDOWS\setup_silent_17304.exe Adware:Adware/Udpmod No disinfected D:\WINDOWS\udpmod.dll Adware:Adware/Lop No disinfected D:\!Submit\FORK LOUD.0XE Spyware:Spyware/ISTBar No disinfected D:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\OPINK163\toolbar2[1].htm Spyware:Spyware/XXXToolbar No disinfected D:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\4TYZO1YR\CAOL61H2.HTM Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\15100f60.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\19a740e.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\25f1aea.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\2da480.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\727149.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\826cdbd.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c0eaa5e0.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c222cc9e.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c47bb8fb.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c5b3256e.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c70b4a87.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c8368c84.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c863b28b.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c872110a.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c874ee72.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c8942091.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c974176a.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c98e92e2.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c9bb3fff.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c9cc60a1.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\ca80917b.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cacd8032.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cb05ed05.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cbc974fc.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cc050a68.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cd1effa0.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cd5d560f.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\ce097a25.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\ce92e1a5.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\eb038ac.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\eb039f4.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\ee15718.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\eed1426.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\eed156e.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\efab31a.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\f76573f.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\iqpjxgwf.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\kxmooxbn.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\monkejbs.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\pchCA7.exe Virus:W32/Gaobot.batch Disinfected D:\Documents and Settings\Ray\Local Settings\Temp\r.bat Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\Rem1031.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\Rem13C1.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\Rem166B.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\Rem195.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\RemC4.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\RemD55.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\rmhtojmt.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta102.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta116.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta12A.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta17C.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta189.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta240.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta323.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta32E.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta8F6.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\staEA5.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\temp.fr1C29 Adware:Adware/TVMedia No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\TvmUpdater.exe Adware:Adware/TVMedia No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\tvm_bundle.exe Virus:Trj/Downloader.AWC Disinfected D:\Documents and Settings\Ray\Local Settings\Temp\wk_319.exe Adware:Adware/TVMedia No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\zsupdater.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\W79EWUNL\upAYB_unk[1].int Adware:Adware/Lop No disinfected D:\Documents and Settings\Ann\Local Settings\Temp\3445e3d.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ann\Local Settings\Temp\ibfucdur.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ann\Local Settings\Temp\lpcnbtsj.exe Spyware:Spyware/MarketScore No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016991.DLL Spyware:Spyware/MarketScore No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016992.DLL Spyware:Spyware/MarketScore No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016994.exe Adware:Adware/P2PNetworking No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016996.exe Adware:Adware/KeenValue No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016997.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017167.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017217.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017218.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017219.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017220.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017221.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017222.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017223.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017224.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017225.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017226.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017227.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017228.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017229.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017230.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017231.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017232.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017233.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017234.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017235.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017600.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017601.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017602.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017603.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017604.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017605.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017606.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017607.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017608.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017609.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017610.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017611.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017612.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017613.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017614.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017615.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017616.exe Virus:W32/Gaobot.batch Disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017626.bat Virus:Trj/Downloader.AWC Disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017627.exe |
|
|
|
|
08-27-2005, 08:21 PM
|
#36 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
HJT for Ann:
Logfile of HijackThis v1.99.1 Scan saved at 9:18:15 PM, on 8/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\System32\hphmon04.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\Documents and Settings\Ann\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on COMPUTER-3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P38 "Auto EPSON Stylus CX5400 on COMPUTER-3" /O20 "\\COMPUTER-3\Printer" /M "Stylus CX5400" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Config Printer] webprint.exe O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ann\APPLIC~1\PURETH~1\keep mess.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://invite.mshow.com/(j1tw2345cus...ShowSetup5.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
08-27-2005, 08:25 PM
|
#37 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
HJT for Ray:
Logfile of HijackThis v1.99.1 Scan saved at 9:22:21 PM, on 8/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\System32\hphmon04.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Ray\Desktop\HijackThis.exe N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\nst0z0rm.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\nst0z0rm.slt\prefs.js) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msnappau] C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on COMPUTER-3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P38 "Auto EPSON Stylus CX5400 on COMPUTER-3" /O20 "\\COMPUTER-3\Printer" /M "Stylus CX5400" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU" O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: Pop-Up Stopper.lnk = C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://invite.mshow.com/(j1tw2345cus...ShowSetup5.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
08-27-2005, 08:28 PM
|
#38 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
FL.Bat
Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Administrator\Application Data 09/13/2002 02:52 PM <DIR> Adobe 09/13/2002 02:17 PM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 10/12/2003 08:57 AM <DIR> Share-to-Web Upload Folder 0 File(s) 0 bytes 4 Dir(s) 121,111,527,424 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\All Users\Application Data 04/30/2005 07:48 PM <DIR> Apple Computer 12/10/2003 08:41 PM <DIR> Fellowes 06/17/2004 03:21 PM <DIR> MSN Messenger 6.2.0137 11/29/2002 03:33 PM <DIR> MSN6 12/02/2002 03:01 PM <DIR> QuickTime 09/18/2004 04:17 PM <DIR> Spybot - Search & Destroy 04/13/2005 07:50 AM <DIR> Symantec 04/26/2004 10:20 AM <DIR> Viewpoint 0 File(s) 0 bytes 8 Dir(s) 121,111,523,328 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Ann\Application Data 09/13/2002 02:52 PM <DIR> Adobe 01/27/2004 01:23 PM <DIR> ICQ 09/13/2002 02:17 PM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 10/15/2004 12:13 PM <DIR> Lavasoft 06/16/2004 01:45 PM <DIR> Macromedia 08/27/2005 07:32 AM <DIR> Mozilla 08/21/2005 07:05 AM <DIR> MSN6 05/25/2004 12:14 PM <DIR> Real 06/24/2003 08:18 AM <DIR> Share-to-Web Upload Folder 04/13/2005 12:05 PM <DIR> Symantec 08/27/2005 07:32 AM <DIR> Talkback 0 File(s) 0 bytes 12 Dir(s) 121,111,523,328 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Ray\Application Data 09/13/2002 02:52 PM <DIR> Adobe 04/30/2005 07:49 PM <DIR> Apple Computer 01/30/2005 07:16 PM <DIR> ArcSoft 05/23/2004 02:49 PM <DIR> EBookSys 02/27/2005 01:49 PM <DIR> EPSON 05/26/2005 06:06 PM <DIR> funkitron 11/23/2003 06:13 PM <DIR> Help 01/18/2004 06:49 PM <DIR> ICQ 11/30/2004 11:43 AM <DIR> Identities 09/13/2002 02:52 PM <DIR> InterTrust 09/20/2004 07:23 AM <DIR> Lavasoft 12/10/2003 08:42 PM <DIR> Leadertech 01/18/2004 07:20 PM <DIR> Macromedia 06/29/2003 07:32 PM <DIR> Microsoft Web Folders 11/08/2004 02:30 PM <DIR> Mozilla 08/21/2005 07:05 AM <DIR> MSN6 05/23/2004 08:03 AM <DIR> Real 05/09/2003 11:00 PM <DIR> Share-to-Web Upload Folder 12/08/2004 08:08 AM <DIR> Smart Panel 04/13/2005 08:03 AM <DIR> Symantec 11/08/2004 02:30 PM <DIR> Talkback 11/29/2002 04:02 PM <DIR> Template 08/21/2005 08:53 PM <DIR> Trend Micro 06/05/2004 12:05 AM <DIR> Yahoo! Messenger 0 File(s) 0 bytes 24 Dir(s) 121,111,523,328 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\Default User\Application Data 09/13/2002 02:52 PM <DIR> . 09/13/2002 02:52 PM <DIR> .. 09/13/2002 07:05 AM 62 desktop.ini 1 File(s) 62 bytes 2 Dir(s) 121,111,523,328 bytes free Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\LocalService\Application Data Volume in drive C is 40 g comp #2 Volume Serial Number is D82F-536A Directory of C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues [TRACE] Activating job 'B01A51559149C075.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\ann\applic~1\pureth~1\peak for show.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Ann' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/27/2005 13:00:00 NextRun: 08/27/2005 22:00:00 StartError: 0x80070003 ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/10/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'BAAFB52F93F0234B.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\ray\applic~1\pureth~1\peak for show.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/27/2005 13:00:00 NextRun: 08/27/2005 22:00:00 StartError: 0x80070003 ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/25/1995 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Norton AntiVirus - Scan my computer - Ray.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 00/00/0000 0:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_NOT_SCHEDULED ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 No triggers [TRACE] Activating job 'Norton AntiVirus - Scan my computer.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/26/2005 20:00:00 NextRun: 09/02/2005 20:00:00 StartError: S_OK ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 20:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Norton SystemWorks One Button Checkup.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Norton SystemWorks\OBC.exe' Parameters: ' /CUSTOM /SCHEDULE' WorkingDirectory: '' Comment: '' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 30 IdleDeadline: 0 MostRecentRun: 08/26/2005 17:30:00 NextRun: 09/02/2005 17:30:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 17:30 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec Drmc.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe' Parameters: ' /CUSTOM /SCHEDULE' WorkingDirectory: '' Comment: '' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 30 IdleDeadline: 0 MostRecentRun: 08/27/2005 0:00:00 NextRun: 08/28/2005 0:00:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 04/13/2005 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec NetDetect.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE' Parameters: '' WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate' Comment: 'Symantec NetDetect' Creator: 'Ray' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/27/2005 18:48:00 NextRun: 08/27/2005 22:48:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 08/27/2005 EndDate: 00/00/0000 StartTime: 14:48 MinutesDuration: 1440 MinutesInterval: 240 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 |
|
|
|
|
08-28-2005, 02:58 AM
|
#39 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,353
OS: N/A
|
No wonder you kept getting re-infected. You have a multiple OS system
Delete the contents of this directories - D:\Documents and Settings\Ann\Local Settings\Temp\ D:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\ If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab.
Locate and delete the following folders, if present:
Download KillBox v2.0.0.175.zip & save to Desktop Launch KillBox.exe & select the following options:
* Click on the dropdown menu next to Full Path of File to Delete field. * Verify that the filenames you pasted are found there * Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. Quote:
In your next post, please include fresh logs from: HijackThis - "Ray" Panda Online scan Fl.bat Let me know how the machine is behaving now.
__________________
Question - what have you done for the community today? |
|
|
|
|
|
08-28-2005, 07:44 AM
|
#40 (permalink) |
|
Member
Join Date: Oct 2004
Posts: 50
OS: xp
|
Panda Scan
In scanning all was well intill it reached the area of Ray\temp where it jumped from 9 in the spyware counter to 72. I don't know if this helps just thoughyt I'd let you know?? HJT ray FL.bat to follow, Thanks, Ray Incident Status Location Adware:adware/ncase No disinfected C:\WINDOWS\180Solutions Spyware:spyware/media-motor No disinfected Windows Registry Adware:Adware/Lop No disinfected C:\!Submit\FORK LOUD.0XE Adware:Adware/Lop No disinfected C:\unzipped\hijackthis\backups\backup-20050823-211428-257.dll Adware:Adware/Lop No disinfected D:\RECYCLED\Dd1.exe Adware:Adware/Lop No disinfected D:\RECYCLED\Dd40.exe Adware:Adware/Lop No disinfected D:\RECYCLED\Dd41.exe Spyware:Spyware/XXXToolbar No disinfected D:\RECYCLED\Dd43\CAOL61H2.HTM Spyware:Spyware/ISTBar No disinfected D:\RECYCLED\Dd44\toolbar2[1].htm Adware:Adware/Lop No disinfected D:\!Submit\FORK LOUD.0XE Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\15100f60.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\19a740e.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\25f1aea.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\2da480.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\727149.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\826cdbd.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c0eaa5e0.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c222cc9e.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c47bb8fb.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c5b3256e.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c70b4a87.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c8368c84.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c863b28b.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c872110a.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c874ee72.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c8942091.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c974176a.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c98e92e2.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c9bb3fff.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\c9cc60a1.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\ca80917b.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cacd8032.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cb05ed05.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cbc974fc.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cc050a68.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cd1effa0.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\cd5d560f.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\ce097a25.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\ce92e1a5.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\eb038ac.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\eb039f4.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\ee15718.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\eed1426.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\eed156e.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\efab31a.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\f76573f.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\iqpjxgwf.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\kxmooxbn.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\monkejbs.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\pchCA7.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\Rem1031.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\Rem13C1.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\Rem166B.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\Rem195.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\RemC4.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\RemD55.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\rmhtojmt.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta102.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta116.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta12A.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta17C.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta189.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta240.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta323.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta32E.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\sta8F6.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\staEA5.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\temp.fr1C29 Adware:Adware/TVMedia No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\TvmUpdater.exe Adware:Adware/TVMedia No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\tvm_bundle.exe Adware:Adware/TVMedia No disinfected D:\Documents and Settings\Ray\Local Settings\Temp\zsupdater.exe Adware:Adware/Lop No disinfected D:\Documents and Settings\Ann\Local Settings\Temporary Internet Files\Content.IE5\W79EWUNL\upAYB_unk[1].int Spyware:Spyware/MarketScore No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016991.DLL Spyware:Spyware/MarketScore No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016992.DLL Spyware:Spyware/MarketScore No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016994.exe Adware:Adware/P2PNetworking No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016996.exe Adware:Adware/KeenValue No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP282\A0016997.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017167.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017217.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017218.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017219.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017220.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017221.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017222.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017223.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017224.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017225.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017226.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017227.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017228.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017229.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017230.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017231.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017232.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017233.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017234.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017235.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017600.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017601.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017602.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017603.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017604.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017605.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017606.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017607.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017608.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017609.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017610.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017611.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017612.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017613.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017614.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017615.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP286\A0017616.exe Adware:Adware/Adroar No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP287\A0017641.exe Adware:Adware/Lop No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP287\A0017642.exe Adware:Adware/MyDailyHoroscopeNo disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP287\A0017643.exe Adware:Adware/Udpmod No disinfected D:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP287\A0017644.dll |
|
|
|
| Thread Tools | |
|
|
