Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista / Steam.exe Trojan Problem


  • Please log in to reply
14 replies to this topic

#1 njohnsen

njohnsen

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 17 July 2007 - 10:35 PM

Hello, I would have gone through every step of the prepost for errors, but due to the problem, the time it would take to DL all those programs would be rediculous.
Background:
I play a fair amount of CS:S through Steam.exe and I am logged on most the time. Recently Symantec Detected and blocked a trojan attempt while logging onto Steam. Now every time I try to connect to Steam, Symantec blocks a trojan attempt. I checked my firewall/ Windows Defender settings and Steam.exe is allowed on all ports.

Here are the symptoms of my problem:

Every time I connect to Steam, I get a trojan blocked message from Symantec/ NIS 2007
When browsing the internet, addons (flash, adobe, quicktime) work extremely slowly if at all
When downloading, download rate rarely exceeds 3kb/sec (i have DSL)
When downloading, download constantly loses connection and reconnects
In Network and Sharing options / Status, IPv6 connectivity is Limited

Oddities:

Normal browsing is still quick if no addons are needed
Normal browsing is uninterrupted even when downloads are disconnecting and reconnecting
Wifes Compy connected to same gateway modem right next to my compy has no problems whatsoever with connections
Symantec does not detect the Trojan under normal operation, only when I attempt to connect to Steam.exe

Here is the report generated by Hijackthis v1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 8:14:04 PM, on 7/17/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\netsh.exe
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - ° :P
:8-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - Čj:Č
: - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Word\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Word\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Hope this means more to yall than it does to me. I'm wary of taking actions on any of these items without knowledge of the consequences so any input on my problem would be appreciated.

If the logs from Symantec on the blocked attempts would help, let me know.

Thnx

Edited by njohnsen, 17 July 2007 - 10:38 PM.


BC AdBot (Login to Remove)

 


m

#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 24 July 2007 - 04:27 PM

Hello njohnsen, sorry for the delay. I'm just looking over your log and will get back to you soon.

#3 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 25 July 2007 - 06:55 AM

Hello njohnsen, my name is Rorschach and I'll be helping you with your problems.


We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on real-time protection (recommended)"
  • Remember to reactivate this feature when we have finished all our work.

Next please run HijackThis, click "Do a system scan only" and check these entries

O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - ° :P
:8-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - Čj:Č
: - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:


Close all windows except for HijackThis and click "Fix checked".


Recently Symantec Detected and blocked a trojan attempt while logging onto Steam. Now every time I try to connect to Steam, Symantec blocks a trojan attempt.

This seems to be a false positive by Symantec, and can easily be fixed by updating your Symantec program here
Once you update it, then you shouldn't get that trojan warning anymore.


So in your next reply please post back the following : a new HijackThis log, and tell me if you are still getting that Symantec message.

#4 njohnsen

njohnsen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 25 July 2007 - 08:55 AM

I have to reinstall and download steam.exe to see if the error keeps popping up. The steam error wasnt my main concern though. The main thing was the performance issues. The d/c r/c problems, slow and unresponsive addons, etc.

Heres the log with those changes made

Logfile of HijackThis v1.99.1
Scan saved at 7:46:19 AM, on 7/25/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\CTHELPER.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Word\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Word\Office12\ONBttnIE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

#5 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 25 July 2007 - 01:47 PM

Hello njohnsen


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

#6 njohnsen

njohnsen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 26 July 2007 - 01:34 AM

Im running Windows Vista Home Basic and it is not compatible with the program. Got anything else?

Edited by njohnsen, 26 July 2007 - 07:13 AM.


#7 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 26 July 2007 - 01:35 PM

Hello njohnsen, we need to get you the latest version of HijackThis, so please do this


CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


#8 njohnsen

njohnsen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 26 July 2007 - 11:28 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:46 PM, on 7/26/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Word\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Word\Office12\ONBttnIE.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 4784 bytes


Here it is =)

#9 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 28 July 2007 - 12:47 PM

Hello njohnsen


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)




Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click fsbl.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

So in your next reply please post the following : the two DSS texts in full, the Blacklight log, and the Kaspersky Webscanner report.

#10 njohnsen

njohnsen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 29 July 2007 - 11:45 AM

Heres the DSS log

Deckard's System Scanner v20070728.55
Run by NolanandWhitney on 2007-07-29 at 08:29:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as NolanandWhitney.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:28 AM, on 7/29/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Installation Files\dss.exe
D:\PROGRA~1\NOLANA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Word\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Word\Office12\ONBttnIE.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 4899 bytes

-- Files created between 2007-06-29 and 2007-07-29 -----------------------------

2007-07-29 08:25:07 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-07-29 08:25:05 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-07-24 12:15:50 0 d-------- C:\Program Files\World of Warcraft
2007-07-24 12:15:50 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-07-11 19:53:34 0 d-------- C:\Program Files\Windows Live Safety Center


-- Find3M Report ---------------------------------------------------------------

2007-07-24 12:15:50 0 d-------- C:\Program Files\Common Files
2007-07-17 20:12:30 0 d-------- C:\Users\NolanandWhitney\AppData\Roaming\WinRAR
2007-07-11 13:30:27 0 d-------- C:\Program Files\Windows Mail
2007-07-10 03:42:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-27 22:58:20 0 d-------- C:\Program Files\Google
2007-06-22 06:49:35 0 d-------- C:\Program Files\QuickTime
2007-06-06 16:48:29 0 d-------- C:\Program Files\Microsoft Works
2007-06-06 16:48:01 0 d-------- C:\Program Files\MSBuild
2007-06-06 16:46:15 0 d-------- C:\Program Files\Microsoft.NET
2007-06-06 16:42:08 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-06-05 21:24:55 0 d-------- C:\Users\NolanandWhitney\AppData\Roaming\PureEdge
2007-06-05 21:24:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-01 12:30:18 0 d-------- C:\Program Files\iPod
2007-05-22 16:50:38 0 --a------ C:\Windows\nsreg.dat
2007-05-10 22:37:15 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-10 22:37:15 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-10 22:37:15 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-10 22:37:15 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [12/19/2006 01:58 PM C:\Windows\System32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [12/19/2006 01:58 PM C:\Windows\System32\CTHELPER.EXE]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 11:59 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 06:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-07-29 at 08:29:57 ---------

Deckard's System Scanner v20070728.55
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.94 MiB / 569.27 MiB
Pagefile Memory (total/avail): 2297.96 MiB / 1580.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1947.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.34 GiB total, 8.52 GiB free.
D: is Fixed (NTFS) - 49.35 GiB total, 48.44 GiB free.
E: is CDROM (No Media)
F: is Fixed (FAT32) - 232.83 GiB total, 160.5 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled
AV: Norton Internet Security v2007 (Symantec Corporation) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Internet Security v2007 (Symantec Corporation) Disabled

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\NolanandWhitney\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NOLANANDWHIT-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\NolanandWhitney
LOCALAPPDATA=C:\Users\NolanandWhitney\AppData\Local
LOGONSERVER=\\NOLANANDWHIT-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\NOLANA~1\AppData\Local\Temp
TMP=C:\Users\NOLANA~1\AppData\Local\Temp
USERDOMAIN=NolanandWhit-PC
USERNAME=NolanandWhitney
USERPROFILE=C:\Users\NolanandWhitney
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

NolanandWhitney (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Audio Processing Object Interface Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
HijackThis 2.0.2 --> "D:\Program Files\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
OpenAL --> "C:\Program Files\OpenAL\OALInst.exe" /U
PureEdge Viewer 6.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0000650-0650-0650-0650-000000000650}\Setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Technical Support Web Controls --> MsiExec.exe /X{A0E27BA8-353A-4288-AB60-5DE8EDA18E16}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb936558) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B6B2802B-6631-4EBE-A062-44AE0C1F0BED}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
WinRAR archiver --> D:\Program Files\Winrar\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\Windows\cache\YINSTH~1.DLL


-- End of Deckard's System Scanner: finished at 2007-07-29 at 07:53:34 ---------


Heres the blacklight log

07/29/07 08:00:04 [Info]: BlackLight Engine 1.0.64 initialized
07/29/07 08:00:04 [Info]: OS: 6.0 build 6000 ()
07/29/07 08:00:04 [Note]: 7019 4
07/29/07 08:00:04 [Note]: 7005 0
07/29/07 08:00:12 [Note]: 7006 0
07/29/07 08:00:12 [Note]: 7027 0
07/29/07 08:00:12 [Note]: 7026 0
07/29/07 08:00:12 [Note]: 7026 0
07/29/07 08:00:16 [Note]: FSRAW library version 1.7.1022
07/29/07 08:02:09 [Note]: 4015 5
07/29/07 08:02:09 [Note]: 4027 5 327680
07/29/07 08:05:28 [Note]: 7007 0

[b]KS report


KASPERSKY ONLINE SCANNER REPORT
Sunday, July 29, 2007 10:44:25 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 29/07/2007
Kaspersky Anti-Virus database records: 369347


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 76575
Number of viruses found 2
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 01:09:33

Infected Object Name Virus Name Last Action
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.137.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.137.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy42.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA940.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA941.tmp Object is locked skipped

C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050025.log Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped

C:\ProgramData\Symantec\LiveUpdate\2007-07-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\02594A61.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\CC515E46.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007072920070730\index.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat{5f902588-d35e-11db-8129-00508d5647a0}.TM.blf Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat{5f902588-d35e-11db-8129-00508d5647a0}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat{5f902588-d35e-11db-8129-00508d5647a0}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

C:\Users\NolanandWhitney\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\NolanandWhitney\Desktop\wrar370.exe/data.rar/Default.SFX Infected: Trojan-Dropper.Win32.Agent.bng skipped

C:\Users\NolanandWhitney\Desktop\wrar370.exe/data.rar Infected: Trojan-Dropper.Win32.Agent.bng skipped

C:\Users\NolanandWhitney\Desktop\wrar370.exe RarSFX: infected - 2 skipped

C:\Users\NolanandWhitney\NTUSER.DAT Object is locked skipped

C:\Users\NolanandWhitney\ntuser.dat.LOG1 Object is locked skipped

C:\Users\NolanandWhitney\ntuser.dat.LOG2 Object is locked skipped

C:\Users\NolanandWhitney\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped

C:\Users\NolanandWhitney\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\NolanandWhitney\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\SQM\SQMLogger_2007-7-29-3-0-3_0.etl Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\{00000002-00000000-00000009-00001102-00000004-10071102}.CDF Object is locked skipped

D:\Program Files\Winrar\Default.SFX Infected: Trojan-Dropper.Win32.Agent.bng skipped

F:\Installation Files\Worms2-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

Scan process completed.

#11 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 29 July 2007 - 12:20 PM

Hello njohnsen, your logs are looking clean. I suspect your problems aren't due to malware..


Please delete this file in bold

F:\Installation Files\Worms2-dm.exe



Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.


So in your next reply please post the following : tell me how it went deleting that file, and post the GMER results.

#12 njohnsen

njohnsen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 29 July 2007 - 03:03 PM

KASPERSKY ONLINE SCANNER REPORT
Sunday, July 29, 2007 10:44:25 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 29/07/2007
Kaspersky Anti-Virus database records: 369347


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 76575
Number of viruses found 2
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 01:09:33

Infected Object Name Virus Name Last Action
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.137.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.137.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy42.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA940.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfA941.tmp Object is locked skipped

C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050025.log Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped

C:\ProgramData\Symantec\LiveUpdate\2007-07-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\02594A61.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\CC515E46.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007072920070730\index.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat{5f902588-d35e-11db-8129-00508d5647a0}.TM.blf Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat{5f902588-d35e-11db-8129-00508d5647a0}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows\UsrClass.dat{5f902588-d35e-11db-8129-00508d5647a0}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\NolanandWhitney\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

C:\Users\NolanandWhitney\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\NolanandWhitney\Desktop\wrar370.exe/data.rar/Default.SFX Infected: Trojan-Dropper.Win32.Agent.bng skipped

C:\Users\NolanandWhitney\Desktop\wrar370.exe/data.rar Infected: Trojan-Dropper.Win32.Agent.bng skipped

C:\Users\NolanandWhitney\Desktop\wrar370.exe RarSFX: infected - 2 skipped

C:\Users\NolanandWhitney\NTUSER.DAT Object is locked skipped

C:\Users\NolanandWhitney\ntuser.dat.LOG1 Object is locked skipped

C:\Users\NolanandWhitney\ntuser.dat.LOG2 Object is locked skipped

C:\Users\NolanandWhitney\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped

C:\Users\NolanandWhitney\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\NolanandWhitney\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\SQM\SQMLogger_2007-7-29-3-0-3_0.etl Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\{00000002-00000000-00000009-00001102-00000004-10071102}.CDF Object is locked skipped

D:\Program Files\Winrar\Default.SFX Infected: Trojan-Dropper.Win32.Agent.bng skipped

F:\Installation Files\Worms2-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

Scan process completed.


Could this be a hardware problem?

#13 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 29 July 2007 - 04:22 PM

Yes that is what we are thinking njohnsen
Please do the steps in my last post though, that will show us for sure whether it is or isn't malware related.

Edited by Rorschach, 29 July 2007 - 05:03 PM.


#14 njohnsen

njohnsen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 29 July 2007 - 08:29 PM

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-29 19:29:28
Windows 6.0.6000


---- System - GMER 1.0.13 ----

SSDT 925C9C30 ZwAlertResumeThread
SSDT 925C9D10 ZwAlertThread
SSDT 925C6288 ZwAllocateVirtualMemory
SSDT 926501B8 ZwConnectPort
SSDT 925C8F48 ZwCreateMutant
SSDT 925C9510 ZwCreateThread
SSDT 925F61D8 ZwFreeVirtualMemory
SSDT 925C9A70 ZwImpersonateAnonymousToken
SSDT 925C9B50 ZwImpersonateThread
SSDT 925F60D8 ZwMapViewOfSection
SSDT 925C8E68 ZwOpenEvent
SSDT 925F5088 ZwOpenProcessToken
SSDT 925C8270 ZwOpenThreadToken
SSDT 8402FBD8 ZwResumeThread
SSDT 925C8190 ZwSetContextThread
SSDT 925C8350 ZwSetInformationProcess
SSDT 925C80B0 ZwSetInformationThread
SSDT 925C8D88 ZwSuspendProcess
SSDT 925F63D8 ZwSuspendThread
SSDT 925F40D8 ZwTerminateProcess
SSDT 925C93F8 ZwTerminateThread
SSDT 925C8008 ZwUnmapViewOfSection
SSDT 925C6198 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!ZwQueryLicenseValue + D41 81C46339 1 Byte [ 06 ]
.text ntoskrnl.exe!_alloca_probe + 60 81C560B0 8 Bytes [ 30, 9C, 5C, 92, 10, 9D, 5C, ... ]
.text ntoskrnl.exe!_alloca_probe + 74 81C560C4 4 Bytes [ 88, 62, 5C, 92 ]
.text ntoskrnl.exe!_alloca_probe + 104 81C56154 4 Bytes [ B8, 01, 65, 92 ]
.text ntoskrnl.exe!_alloca_probe + 138 81C56188 4 Bytes [ 48, 8F, 5C, 92 ]
.text ntoskrnl.exe!_alloca_probe + 164 81C561B4 4 Bytes [ 10, 95, 5C, 92 ]
.text ...

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6B6088F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6B608B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6B608A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6B609815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6B609639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6B609BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6B6088F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6B608A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6B608C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6B6088F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6B608A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6B608B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6B60952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6B609AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6B609741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6B609815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6B602E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6B608A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6B602C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6B602A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6B60883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6B609A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6B609CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6B609815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6B609BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6B609639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6B609741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6B608A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6B608FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6B608F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6B60A275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6B609AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6B60952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6B609741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6B609C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6B609639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6B609815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6B609BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6B609CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6B609BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6B609DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6B609741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6B609639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6B609815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6B60883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6B608C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6B6088F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6B608B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6B608A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6B608FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6B608C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6B609815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6B609BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6B609639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6B609CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6B609A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6B609498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6B609DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6B60883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6B609741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6B608EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6B608C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6B608A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6B608FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6B609DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6B609639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6B609BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6B609815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6B60A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [73884618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6B609639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6B609BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\NolanandWhitney\Desktop\gmer.exe[424] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6B609815] C:\Windows\AppPatch\AcGenral.DLL

AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CLOSE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_READ [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_WRITE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_INFORMATION [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_INFORMATION [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_EA [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_EA [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_FLUSH_BUFFERS [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DEVICE_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SHUTDOWN [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_LOCK_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CLEANUP [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE_MAILSLOT [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_SECURITY [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_SECURITY [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_POWER [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SYSTEM_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DEVICE_CHANGE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_QUOTA [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_QUOTA [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CLOSE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_READ [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_WRITE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_INFORMATION [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_INFORMATION [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_EA [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_EA [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_FLUSH_BUFFERS [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DIRECTORY_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DEVICE_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SHUTDOWN [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_LOCK_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CLEANUP [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE_MAILSLOT [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_SECURITY [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_SECURITY [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_POWER [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SYSTEM_CONTROL [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DEVICE_CHANGE [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_QUOTA [92080370] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_QUOTA [92080370] SYMTDI.SYS
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE [853767F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [853767F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CLOSE [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_READ [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_WRITE [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_INFORMATION [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_INFORMATION [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_EA [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_EA [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_FLUSH_BUFFERS [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [85376DC8] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DEVICE_CONTROL [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SHUTDOWN [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_LOCK_CONTROL [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CLEANUP [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE_MAILSLOT [853767F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_SECURITY [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_SECURITY [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_POWER [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SYSTEM_CONTROL [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DEVICE_CHANGE [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_QUOTA [85364B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_QUOTA [85364B56] fltmgr.sys

---- EOF - GMER 1.0.13 ----

#15 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 30 July 2007 - 06:32 AM

Hi Njohnsen, your log looks clean. Just a few little things to do.


To disable Real-Time Protection:
  • Go to "Tools" | "General Settings"
  • Scroll down to "Real-time protection options"
  • Check "Turn on real-time protection (recommended)


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users