Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Message Was Popping Up Says I Have Looksky 32. Norton Doesnt Identify It I Also Had Adware Infesting My Pc


  • This topic is locked This topic is locked
16 replies to this topic

#1 carri

carri

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:01:32 AM

Posted 09 October 2007 - 05:23 PM

Hi, I really hope I can get some help here please. A few days ago my pc got infected with trojan viruses and viscious adware from a group supposedly advertising spyware cleaner from names such as 'ultimate defender' 'virusprotectiononline' and 'ucleaner' to name a few of the products sites that ie was redirected to. One of the the names that I saw in the infection list was something like Virtumonde, there was also a grey box that kept popping up saying I had Looksky.32 trojan virus and i should download a cleaner to get rid of it. I am a TOTAL novice so it all was just one big massive headache.

I followed Grinler's instructions on what to do that are posted as a sticky topic, it wasn't easy for me as I had great trouble trying to install ad-aware se and i had to use the download facility of firefos to dl and open the application. I have done as instructed BUT I have been locked out of control panel by this infection and it now keeps telling me that I have to contact my administrator- I am the administrator, so i cant do automatic updates which was previously on prior to the infection. According to the log my pc is now clean, but I am concerned about my fire wall which is part of a norton package as it seems to have been altered to low settings i have put it to medium settings and I would be happy if you can advise me re: getting my control panel access back. Will i have to do a restore using the applications cd that came with my pc? Also I had norton set to scan at logon and it wont do that any more I have to scan manually =\ Sorry to be so long winded and Thanks for your help and support :thumbsup:

Heres the Hijack this log:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:02 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: MSVPS System - {0D5227BF-0C5B-4EA8-833C-FE09F1496F39} - C:\WINDOWS\div32.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Norton Internet Security\cfgwiz.exe" /GUID {C056623F-ACED-449a-B11E-2375AD200992} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Security Center] wscsvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161615750578
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162888684000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www.btnetprotect.co.uk/BTNetprotect...ld/SymDlBrg.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O21 - SSODL: mssql - {79A98AED-9E1D-4495-9821-6E24C2FB49C5} - C:\WINDOWS\mssql.dll (file missing)
O21 - SSODL: syscore - {5D3429F5-E8AB-4F35-A25D-4282F91DB32A} - C:\WINDOWS\syscore.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14816 bytes
Posted Image
Hug someone today and get on their nerves!

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:01:32 AM

Posted 10 October 2007 - 08:08 PM

Hello carri and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

Please follow the steps below exactly in the order they are written:

Step #1

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Step #2

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

NOTE: If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


NOTE: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
In your next post please include the following reports:
  • SmitfraudFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.

Regards
SNOWHITE
Posted Image

#3 carri

carri
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:01:32 AM

Posted 11 October 2007 - 05:20 AM

Hi Snowhite :thumbsup:

Thanks for your advice and help which I have now followed, and here are the results:

SmitFraudFix v2.236

Scan done at 10:36:48.32, Thu 10/11/2007
Run from C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\div32.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user1.HOME-74HWRP5P07


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\USER1~1.HOM\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\sulimo.dat"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{524339FC-82EB-4832-9E0C-1784985DB65A}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{524339FC-82EB-4832-9E0C-1784985DB65A}: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Deckard's System Scanner v20070905.67
Run by user1 on 2007-10-11 10:46:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2007-10-11 09:46:46 UTC - RP19 - Deckard's System Scanner Restore Point
17: 2007-10-11 02:02:05 UTC - RP18 - Software Distribution Service 3.0
16: 2007-10-09 13:08:33 UTC - RP17 - System Checkpoint
15: 2007-10-07 14:03:50 UTC - RP16 - Removed Ad-Aware 2007
14: 2007-10-06 15:44:46 UTC - RP15 - Ad-Aware Restore Point 2007-10-06 16:44:26


-- First Restore Point --
1: 2007-10-02 02:29:03 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user1.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:13 AM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\dss.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user1.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: MSVPS System - {0D5227BF-0C5B-4EA8-833C-FE09F1496F39} - C:\WINDOWS\div32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Norton Internet Security\cfgwiz.exe" /GUID {C056623F-ACED-449a-B11E-2375AD200992} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Security Center] wscsvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161615750578
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162888684000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www.btnetprotect.co.uk/BTNetprotect...ld/SymDlBrg.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O21 - SSODL: mssql - {79A98AED-9E1D-4495-9821-6E24C2FB49C5} - C:\WINDOWS\mssql.dll (file missing)
O21 - SSODL: syscore - {5D3429F5-E8AB-4F35-A25D-4282F91DB32A} - C:\WINDOWS\syscore.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14878 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-11 09:47:07 562 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - user1.job
2007-08-17 10:00:52 564 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - user1.job


-- Files created between 2007-09-11 and 2007-10-11 -----------------------------

2007-10-07 19:02:37 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Lavasoft
2007-10-06 13:22:10 0 d-------- C:\Program Files\Lavasoft
2007-10-05 01:52:00 0 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2007-10-05 01:51:36 12288 --a------ C:\WINDOWS\mraerea.exe
2007-10-05 01:51:13 113152 --a------ C:\WINDOWS\mteadea.exe
2007-10-04 16:32:26 0 d-------- C:\Program Files\CCleaner
2007-10-03 23:09:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-10-03 23:08:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-03 23:08:28 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\SUPERAntiSpyware.com
2007-10-03 23:07:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-03 02:30:57 0 d-------- C:\Program Files\Trend Micro
2007-10-02 18:11:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-01 13:25:22 557056 --a------ C:\Documents and Settings\user1.HOME-74HWRP5P07\GoToAssist_phone__317_en.exe <Not Verified; Citrix Online; GoToAssist>
2007-10-01 01:34:45 1156 --a------ C:\WINDOWS\mozver.dat
2007-09-30 14:23:27 0 d-------- C:\Program Files\a-squared Anti-Malware
2007-09-30 13:28:11 0 d-------- C:\Program Files\Enigma Software Group
2007-09-29 23:54:56 0 d-------- C:\WINDOWS\pss
2007-09-29 22:48:19 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-29 15:38:37 253952 --a------ C:\WINDOWS\div32.dll <Not Verified; ; div32>
2007-09-27 12:01:13 0 d-------- C:\Program Files\PopCap Games
2007-09-24 07:19:48 0 d-------- C:\Documents and Settings\user2\Application Data\Windows Desktop Search
2007-09-22 10:35:35 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Windows Desktop Search
2007-09-21 18:52:36 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Identities
2007-09-21 18:51:22 0 d-------- C:\Program Files\Windows Desktop Search
2007-09-21 18:48:44 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-21 18:24:45 0 d-------- C:\Program Files\Windows Live
2007-09-21 18:24:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-09-15 10:13:20 0 d-------- C:\Documents and Settings\user2\Application Data\Google
2007-09-14 19:55:01 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2007-10-11 10:49:50 0 d-------- C:\Program Files\Common Files\symantec shared
2007-10-11 10:39:48 4928 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-11 02:18:05 0 d-------- C:\Program Files\SwiftSwitch
2007-10-10 11:15:23 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Skype
2007-10-08 05:21:20 0 d-------- C:\Program Files\mIRC
2007-10-06 21:05:15 0 d-------- C:\Program Files\Norton Internet Security
2007-10-03 23:07:14 0 d-------- C:\Program Files\Common Files
2007-10-03 22:13:37 0 d-------- C:\Program Files\Symantec
2007-10-01 10:19:56 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Yahoo!
2007-10-01 09:59:26 0 d-------- C:\Program Files\Yahoo!
2007-10-01 09:58:58 0 d-------- C:\Program Files\Common Files\Scanner
2007-09-30 23:14:04 0 d-------- C:\Program Files\MSN Messenger
2007-09-30 23:12:10 0 d-------- C:\Program Files\Macrogaming
2007-09-27 03:35:32 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\teamspeak2
2007-09-21 23:55:22 0 d-------- C:\Program Files\xchat
2007-09-16 09:55:30 0 d-------- C:\Program Files\BT Broadband Desktop Help
2007-09-16 09:53:26 0 d-------- C:\Program Files\Common Files\Motive
2007-09-16 09:50:47 0 d-------- C:\Program Files\Motive
2007-09-16 09:28:38 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\LimeWire
2007-09-14 19:53:57 0 d-------- C:\Program Files\Google
2007-09-12 00:37:05 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Adobe
2007-09-09 18:37:42 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\MSN6
2007-09-09 16:18:44 0 d-------- C:\Program Files\BT Broadband Talk Softphone
2007-09-09 16:18:28 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\BT
2007-09-05 10:11:41 0 d-------- C:\Program Files\BT Home Hub
2007-09-01 12:54:09 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-31 02:35:03 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Mozilla
2007-08-31 00:24:50 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\X-Chat 2
2007-08-28 17:01:40 0 d-------- C:\Program Files\LimeWire
2007-08-24 02:10:53 0 d-------- C:\Program Files\Windows Live Safety Center
2007-08-21 01:41:50 2494464 --a------ C:\WINDOWS\advrcntr2.dll <Not Verified; Nero AG; AdvrCntr Module>
2007-08-20 11:55:28 0 d-------- C:\Program Files\Conquer 2.0
2007-08-15 15:04:48 578560 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
2007-08-15 01:24:39 16163 --a------ C:\bugs
2007-08-15 01:22:14 16163 --a------ C:\bugs1
2007-08-13 12:22:15 0 d-------- C:\Program Files\FileZilla
2007-08-12 16:33:17 0 d-------- C:\Program Files\Napster
2007-08-12 16:32:26 0 d-------- C:\Program Files\Common Files\Napster Shared
2007-08-12 16:31:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-12 03:03:16 0 d-------- C:\Program Files\MSXML 4.0
2007-08-11 12:49:56 0 d-------- C:\Program Files\Movie Maker
2007-08-11 12:24:54 0 d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Media Player Classic


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D5227BF-0C5B-4EA8-833C-FE09F1496F39}]
09/29/2007 02:33 PM 253952 --a------ C:\WINDOWS\div32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [02/02/2006 12:10 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [08/31/2007 08:24 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"Windows Security Center"="wscsvc.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/2004 05:59 PM]
"SoundMan"="SOUNDMAN.EXE" [06/18/2002 05:44 PM C:\WINDOWS\SOUNDMAN.EXE]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [10/23/2006 10:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/23/2006 10:08 PM]
"nwiz"="nwiz.exe" [10/22/2006 01:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [01/12/2007 07:36 PM]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe" [11/17/2006 02:21 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [11/30/2006 11:51 AM]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [08/22/2007 01:34 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [01/10/2007 12:06 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 05:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [08/31/2005 05:11 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [10/13/2006 05:20 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [08/16/2007 04:19 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [9/16/2007 9:51:03 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mssql"= {79A98AED-9E1D-4495-9821-6E24C2FB49C5} - C:\WINDOWS\mssql.dll [ ]
"syscore"= {5D3429F5-E8AB-4F35-A25D-4282F91DB32A} - C:\WINDOWS\syscore.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\sulimo.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-10-11 10:52:39 ------------


Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 511.49 MiB / 130.61 MiB
Pagefile Memory (total/avail): 1250.37 MiB / 706.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.82 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 56.64 GiB total, 32.4 GiB free.
D: is Fixed (NTFS) - 52.73 GiB total, 51.98 GiB free.
E: is Fixed (FAT32) - 2.41 GiB total, 1.03 GiB free.
F: is CDROM (No Media)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3120023A - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 56.64 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 55.15 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Norton Internet Security v2006 (Symantec Corporation)
AV: Norton Internet Security v2006 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\AOL 9.0b\\waol.exe"="C:\\Program Files\\AOL 9.0b\\waol.exe:*:Enabled:AOL 9.0b"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:World Switcher for RuneScape"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Services"
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user1.HOME-74HWRP5P07
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp
TMP=C:\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=user1
USERPROFILE=C:\Documents and Settings\user1.HOME-74HWRP5P07
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

user1.HOME-74HWRP5P07 (admin)
user2


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\Motive\btbb\UninstallHelper.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Anti-Malware 3.0 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
BT Broadband Desktop Help --> C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Broadband Talk Softphone 2.0 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Caesar 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Caesar3\Uninst.isu
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
Conquer 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}\setup.exe" -l0x9
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
ImageShack Toolbar for Internet Explorer --> MsiExec.exe /X{48C97477-1D55-4B51-86BF-822677C04164}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.6) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{B4094407-2F69-44bb-9DD7-9470FBD9F521}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{B4094407-2F69-44bb-9DD7-9470FBD9F521}.exe" /X
Norton Internet Security Essentials --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sierra Utilities --> .\sutil32.exe uninstall
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ulead Drop Spot 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BCC5640-5360-11D4-A44A-0000E86D2305}\setup.exe"
Ulead Photo Express 4.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe" -l0x9
Ulead PhotoImpact 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B7D1750-582F-11D5-BEAF-0010B5557565}\setup.exe"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
Windows Live Mail --> MsiExec.exe /I{EDB619FD-4E71-403C-8E99-DFC9CF9DD345}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery Beta --> MsiExec.exe /X{AA436FBD-2595-479B-8DDE-E9C36F50D99D}
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Live Writer --> MsiExec.exe /X{1F973A7F-3FE4-4D11-A9A2-E869C2899A7D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XChat 2 (remove only) --> "C:\Program Files\xchat\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type34009 / Success
Event Submitted/Written: 10/11/2007 10:24:45 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type34005 / Error
Event Submitted/Written: 10/11/2007 09:51:31 AM / 10/11/2007 09:51:33 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application skype.exe, version 2.5.0.151, faulting module skype.exe, version 2.5.0.151, fault address 0x00004302.
Processing media-specific event for [skype.exe!ws!]

Event Record #/Type33987 / Warning
Event Submitted/Written: 10/11/2007 03:31:05 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type33972 / Error
Event Submitted/Written: 10/10/2007 11:28:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type33965 / Error
Event Submitted/Written: 10/10/2007 03:17:32 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 483363415.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type45062 / Error
Event Submitted/Written: 10/11/2007 10:43:04 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding

Event Record #/Type45061 / Error
Event Submitted/Written: 10/11/2007 10:43:03 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding

Event Record #/Type45060 / Error
Event Submitted/Written: 10/11/2007 10:43:03 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding

Event Record #/Type45057 / Error
Event Submitted/Written: 10/11/2007 10:24:10 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding

Event Record #/Type45056 / Error
Event Submitted/Written: 10/11/2007 10:24:10 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}"
Happened while starting this command:
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" -Embedding



-- End of Deckard's System Scanner: finished at 2007-10-11 10:52:39 ------------
Posted Image
Hug someone today and get on their nerves!

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:01:32 AM

Posted 11 October 2007 - 05:51 AM

Hello carri :thumbsup:


Please follow the steps below exactly in the order they are written:

Step #1

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Step #2

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next post please include the following reports:
  • SmitfraudFix report
  • ComboFix report
  • New HijackThis log (run after ComboFix has finished its work.)
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#5 carri

carri
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:01:32 AM

Posted 12 October 2007 - 09:32 AM

Thanks Snow,

I did as instructed and yay i got my control panel access and admin access back ty ty ty :thumbsup: Here are the results of the scans and reports below. One thing happened though that was quite alarming today and I have added a copy of the information on it. My antivirus programme in addititon to a2 anti-malware programme both identified a trojan virus and adware that it said was downloaded with dds.exe according to my norton av programme :blink:

It says it has been repaired but its kind of worrying and confusing to me as I don't understand how something thats supposed to help me could have a virus. I believe I downloaded it from the link you gave me :S Everything seems ok on my pc now and it seems to be behaving, but I am concerned that I may still be vulnerable to information leaks. I have a firewall but since this attack I feel disappointed with norton and am wondering if I need to change it or am I doing something wrong in the configuration?


Many thanks for your prompt help and support Snow :wacko:


I seem to have lost the smitfraud fix log =\ I thought that it had saved automatically as it did last time but I now can't find a ny file relating to the last scan

I will post the other stuff and keep searching for the file. Sorry to be so stupid


ComboFix 07-10-12.4 - user1 2007-10-12 13:50:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.97 [GMT 1:00]
Running from: C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\4344.exe
C:\Documents and Settings\user1.HOME-74HWRP5P07\err.log
C:\Documents and Settings\user2\err.log
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\drivers\symavc32.sys

.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-12 13:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 10:45 <DIR> d-------- C:\Deckard
2007-10-10 11:26 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 19:02 <DIR> d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Lavasoft
2007-10-06 13:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-05 01:51 113,152 --a------ C:\WINDOWS\mteadea.exe
2007-10-05 01:51 12,288 --a------ C:\WINDOWS\mraerea.exe
2007-10-04 16:32 <DIR> d-------- C:\Program Files\CCleaner
2007-10-03 23:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-10-03 23:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-03 23:08 <DIR> d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\SUPERAntiSpyware.com
2007-10-03 23:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-03 02:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-02 18:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-01 13:25 557,056 --a------ C:\Documents and Settings\user1.HOME-74HWRP5P07\GoToAssist_phone__317_en.exe
2007-10-01 01:34 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-30 14:23 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-09-30 13:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-29 23:54 <DIR> d-------- C:\WINDOWS\pss
2007-09-29 22:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-27 12:01 <DIR> d-------- C:\Program Files\PopCap Games
2007-09-24 07:19 <DIR> d-------- C:\Documents and Settings\user2\Application Data\Windows Desktop Search
2007-09-22 10:35 <DIR> d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Windows Desktop Search
2007-09-21 18:57 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-21 18:51 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-09-21 18:48 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-21 18:24 <DIR> d-------- C:\Program Files\Windows Live
2007-09-21 18:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 13:17 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Skype
2007-10-12 12:31 4,928 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-12 11:09 --------- d-----w C:\Program Files\Common Files\symantec shared
2007-10-12 03:48 --------- d-----w C:\Program Files\SwiftSwitch
2007-10-08 04:21 --------- d-----w C:\Program Files\mIRC
2007-10-06 20:05 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-03 21:13 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:13 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 21:13 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 21:13 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 21:13 --------- d-----w C:\Program Files\Symantec
2007-10-01 09:19 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Yahoo!
2007-10-01 09:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2007-10-01 08:59 --------- d-----w C:\Program Files\Yahoo!
2007-10-01 08:58 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-30 22:14 --------- d-----w C:\Program Files\MSN Messenger
2007-09-30 22:12 --------- d-----w C:\Program Files\Macrogaming
2007-09-27 02:35 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\teamspeak2
2007-09-21 22:55 --------- d-----w C:\Program Files\xchat
2007-09-16 08:55 --------- d-----w C:\Program Files\BT Broadband Desktop Help
2007-09-16 08:53 --------- d-----w C:\Program Files\Common Files\Motive
2007-09-16 08:50 --------- d-----w C:\Program Files\Motive
2007-09-16 08:28 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\LimeWire
2007-09-14 18:53 --------- d-----w C:\Program Files\Google
2007-09-09 17:37 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\MSN6
2007-09-09 15:18 --------- d-----w C:\Program Files\BT Broadband Talk Softphone
2007-09-09 15:18 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\BT
2007-09-05 09:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SwiftSwitch
2007-09-05 09:11 --------- d-----w C:\Program Files\BT Home Hub
2007-09-05 08:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix
2007-09-05 08:47 61,480 ----a-w C:\Documents and Settings\user1.HOME-74HWRP5P07\GoToAssistDownloadHelper.exe
2007-09-01 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-30 23:24 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\X-Chat 2
2007-08-28 16:01 --------- d-----w C:\Program Files\LimeWire
2007-08-27 16:13 97,672 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 16:13 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-08-27 16:13 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 16:13 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 16:13 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 16:13 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 16:13 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-08-27 16:13 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-08-24 01:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:41 2,494,464 ----a-w C:\WINDOWS\advrcntr2.dll
2007-08-20 10:55 --------- d-----w C:\Program Files\Conquer 2.0
2007-08-16 15:17 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-08-15 14:04 578,560 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-08-13 11:22 --------- d-----w C:\Program Files\FileZilla
2007-08-12 15:33 --------- d-----w C:\Program Files\Napster
2007-08-12 15:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
2007-08-12 15:32 --------- d-----w C:\Program Files\Common Files\Napster Shared
2007-08-12 15:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-12 02:03 --------- d-----w C:\Program Files\MSXML 4.0
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-06-20 18:49 33,000 -c--a-w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\GDIPFONTCACHEV1.DAT
2006-09-23 22:08 6,656 -csha-w C:\Program Files\Thumbs.db
2006-07-17 10:39 41,104 -c--a-w C:\Documents and Settings\user1\Application Data\GDIPFONTCACHEV1.DAT
2001-09-04 10:12 548,864 -c--a-w C:\Documents and Settings\Plugin\type_eff.dll
2001-08-31 18:44 1,474,560 ----a-w C:\Documents and Settings\anygif\u32Prod.dll
2001-08-29 15:02 1,773,568 ----a-w C:\Documents and Settings\anygif\ga_main.exe
2001-08-29 03:41 57,344 ----a-w C:\Documents and Settings\anygif\u32Cfg.dll
2001-08-28 23:53 40,960 ----a-w C:\Documents and Settings\anygif\uINet.dll
2001-08-28 21:44 335,872 ----a-w C:\Documents and Settings\Plugin\crystal.dll
2001-08-28 21:41 24,576 -c--a-w C:\Documents and Settings\Plugin\upeCrvG.dll
2001-08-28 21:39 380,928 ----a-w C:\Documents and Settings\Plugin\lighting.dll
2001-08-28 21:39 188,416 ----a-w C:\Documents and Settings\Plugin\particle.dll
2001-08-28 21:38 335,872 -c--a-w C:\Documents and Settings\Plugin\animation.dll
2001-08-28 21:37 32,768 ----a-w C:\Documents and Settings\Plugin\save_ani.dll
2001-08-28 21:36 57,344 ----a-w C:\Documents and Settings\Plugin\ulkFMgx.dll
2001-08-28 21:36 249,856 -c--a-w C:\Documents and Settings\Plugin\uBAEng.dll
2001-08-28 21:18 57,344 ----a-w C:\Documents and Settings\Fio\u32Prj.dll
2001-08-28 21:15 73,728 ----a-w C:\Documents and Settings\Fio\u32zlib.dll
2001-08-28 21:14 32,768 ----a-w C:\Documents and Settings\Fio\uFioUtil.dll
2001-08-28 21:14 151,552 ----a-w C:\Documents and Settings\Fio\uTifLib.dll
2001-08-28 21:09 40,960 ----a-w C:\Documents and Settings\anygif\UAboutbox.dll
2001-08-28 20:51 95,232 ----a-w C:\Documents and Settings\Fio\JPEGLIB.DLL
2001-08-28 20:51 495,616 ----a-w C:\Documents and Settings\Fio\Fpxlib.dll
2001-08-28 20:50 32,768 ----a-w C:\Documents and Settings\anygif\u32Aps.dll
2001-08-28 02:13 53,248 -c--a-w C:\Documents and Settings\anygif\UFCCOMM.dll
2001-08-28 02:13 36,864 -c--a-w C:\Documents and Settings\anygif\UFCCOLOR.dll
2001-08-28 02:12 32,768 -c--a-w C:\Documents and Settings\anygif\UFCBUF.dll
2001-08-28 02:10 32,768 ----a-w C:\Documents and Settings\anygif\Vepb40.dll
2001-08-28 02:10 28,672 ----a-w C:\Documents and Settings\anygif\Vcvrt32.dll
2001-08-28 02:10 122,880 ----a-w C:\Documents and Settings\anygif\Veui32.dll
2001-08-28 02:05 81,920 -c--a-w C:\Documents and Settings\anygif\anigen.exe
2001-08-28 02:05 294,912 -c--a-w C:\Documents and Settings\anygif\IdxEd.exe
2001-08-28 02:04 45,056 ----a-w C:\Documents and Settings\anygif\USSGifsa.dll
2001-08-28 02:04 172,032 ----a-w C:\Documents and Settings\anygif\UssCvt.dll
2001-08-28 02:00 28,672 -c--a-w C:\Documents and Settings\anygif\VFX32.dll
2001-08-28 01:59 311,296 -c--a-w C:\Documents and Settings\anygif\Tge.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [2006-02-02 00:10]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"Windows Security Center"="wscsvc.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 17:59]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 17:44 C:\WINDOWS\SOUNDMAN.EXE]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-23 22:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-23 22:08]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 19:36]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe" [2006-11-17 14:21]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 11:51]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 13:34]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-09-16 09:51:03]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-08-17 09:00:52 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - user1.job"
"2007-10-12 13:09:52 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - user1.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 14:11:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 14:23:54 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:07 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\HiJackThis.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Norton Internet Security\cfgwiz.exe" /GUID {C056623F-ACED-449a-B11E-2375AD200992} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Windows Security Center] wscsvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161615750578
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162888684000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www.btnetprotect.co.uk/BTNetprotect...ld/SymDlBrg.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14591 bytes


This is the name of the file identified as a virus today :
a-squared Malware-Info
Name: Trojan-Downloader.Win32.Zlob.cpx
Description:
Posted Image
Hug someone today and get on their nerves!

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:01:32 AM

Posted 12 October 2007 - 07:50 PM

Hello carri,

Many thanks for your prompt help and support Snow :blink:


You are welcome :thumbsup:

My antivirus programme in addititon to a2 anti-malware programme both identified a trojan virus and adware that it said was downloaded with dds.exe according to my norton av programme


Many antivirus programs flag some of the tools we use mistakenly as infections but these are false positives, so no worries :wacko:

I seem to have lost the smitfraud fix log


SmitfraudFix report should be at this location C:\rapport.txt <-- you should be able to find it using Windows Explorer (to get there right-click your Start button and go to "Explore")

Please follow the steps below exactly in the order they are written:

Step #1

Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Windows Security Center] wscsvc.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Step #2

Open notepad and copy/paste the text in the quotebox below into it:

Collect::[29]
C:\WINDOWS\mteadea.exe

Suspect::[29]
C:\WINDOWS\mraerea.exe


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. Additonally, ComboFix will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
ComboFix may need to reboot to finish its work. Let it.

When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

If CF-Submit.htm is detected, ComboFix will generate this message box:

Posted Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Posted Image

Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"
Once the file has been submitted, please DELETE both files on your desktop.

Post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log (run after ComboFix has finished its work.)
Regards,
SNOWHITE
Posted Image

#7 carri

carri
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:01:32 AM

Posted 13 October 2007 - 06:03 AM

Ok Snow, I did as you instructed here are the results - thanks for explaining about where to find my 'lost' smitfraud fix report. I found it and I have added it so you have a complete picture of what you are dealing with :thumbsup:


ComboFix 07-10-12.4 - user1 2007-10-13 11:09:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT 1:00]
Running from: C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mteadea.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-12 13:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 10:45 <DIR> d-------- C:\Deckard
2007-10-10 11:26 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 19:02 <DIR> d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Lavasoft
2007-10-06 13:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-05 01:51 12,288 --a------ C:\WINDOWS\mraerea.exe
2007-10-04 16:32 <DIR> d-------- C:\Program Files\CCleaner
2007-10-03 23:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-10-03 23:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-03 23:08 <DIR> d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\SUPERAntiSpyware.com
2007-10-03 23:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-03 02:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-02 18:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-01 13:25 557,056 --a------ C:\Documents and Settings\user1.HOME-74HWRP5P07\GoToAssist_phone__317_en.exe
2007-10-01 01:34 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-30 14:23 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-09-30 13:28 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-29 23:54 <DIR> d-------- C:\WINDOWS\pss
2007-09-29 22:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-27 12:01 <DIR> d-------- C:\Program Files\PopCap Games
2007-09-24 07:19 <DIR> d-------- C:\Documents and Settings\user2\Application Data\Windows Desktop Search
2007-09-22 10:35 <DIR> d-------- C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Windows Desktop Search
2007-09-21 18:57 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-21 18:51 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-09-21 18:48 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-21 18:24 <DIR> d-------- C:\Program Files\Windows Live
2007-09-21 18:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 09:34 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Skype
2007-10-13 09:03 --------- d-----w C:\Program Files\Common Files\symantec shared
2007-10-12 12:31 4,928 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-12 03:48 --------- d-----w C:\Program Files\SwiftSwitch
2007-10-08 04:21 --------- d-----w C:\Program Files\mIRC
2007-10-06 20:05 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-03 21:13 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:13 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 21:13 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 21:13 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 21:13 --------- d-----w C:\Program Files\Symantec
2007-10-01 09:19 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Yahoo!
2007-10-01 09:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2007-10-01 08:59 --------- d-----w C:\Program Files\Yahoo!
2007-10-01 08:58 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-30 22:14 --------- d-----w C:\Program Files\MSN Messenger
2007-09-30 22:12 --------- d-----w C:\Program Files\Macrogaming
2007-09-27 02:35 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\teamspeak2
2007-09-21 22:55 --------- d-----w C:\Program Files\xchat
2007-09-16 08:55 --------- d-----w C:\Program Files\BT Broadband Desktop Help
2007-09-16 08:53 --------- d-----w C:\Program Files\Common Files\Motive
2007-09-16 08:50 --------- d-----w C:\Program Files\Motive
2007-09-16 08:28 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\LimeWire
2007-09-14 18:53 --------- d-----w C:\Program Files\Google
2007-09-09 17:37 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\MSN6
2007-09-09 15:18 --------- d-----w C:\Program Files\BT Broadband Talk Softphone
2007-09-09 15:18 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\BT
2007-09-05 09:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SwiftSwitch
2007-09-05 09:11 --------- d-----w C:\Program Files\BT Home Hub
2007-09-05 08:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Citrix
2007-09-05 08:47 61,480 ----a-w C:\Documents and Settings\user1.HOME-74HWRP5P07\GoToAssistDownloadHelper.exe
2007-09-01 11:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-30 23:24 --------- d-----w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\X-Chat 2
2007-08-28 16:01 --------- d-----w C:\Program Files\LimeWire
2007-08-27 16:13 97,672 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 16:13 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-08-27 16:13 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 16:13 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 16:13 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 16:13 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 16:13 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-08-27 16:13 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-08-24 01:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:41 2,494,464 ----a-w C:\WINDOWS\advrcntr2.dll
2007-08-20 10:55 --------- d-----w C:\Program Files\Conquer 2.0
2007-08-16 15:17 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-08-15 14:04 578,560 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-08-13 11:22 --------- d-----w C:\Program Files\FileZilla
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-06-20 18:49 33,000 -c--a-w C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\GDIPFONTCACHEV1.DAT
2006-09-23 22:08 6,656 -csha-w C:\Program Files\Thumbs.db
2006-07-17 10:39 41,104 -c--a-w C:\Documents and Settings\user1\Application Data\GDIPFONTCACHEV1.DAT
2001-09-04 10:12 548,864 -c--a-w C:\Documents and Settings\Plugin\type_eff.dll
2001-08-31 18:44 1,474,560 ----a-w C:\Documents and Settings\anygif\u32Prod.dll
2001-08-29 15:02 1,773,568 ----a-w C:\Documents and Settings\anygif\ga_main.exe
2001-08-29 03:41 57,344 ----a-w C:\Documents and Settings\anygif\u32Cfg.dll
2001-08-28 23:53 40,960 ----a-w C:\Documents and Settings\anygif\uINet.dll
2001-08-28 21:44 335,872 ----a-w C:\Documents and Settings\Plugin\crystal.dll
2001-08-28 21:41 24,576 -c--a-w C:\Documents and Settings\Plugin\upeCrvG.dll
2001-08-28 21:39 380,928 ----a-w C:\Documents and Settings\Plugin\lighting.dll
2001-08-28 21:39 188,416 ----a-w C:\Documents and Settings\Plugin\particle.dll
2001-08-28 21:38 335,872 -c--a-w C:\Documents and Settings\Plugin\animation.dll
2001-08-28 21:37 32,768 ----a-w C:\Documents and Settings\Plugin\save_ani.dll
2001-08-28 21:36 57,344 ----a-w C:\Documents and Settings\Plugin\ulkFMgx.dll
2001-08-28 21:36 249,856 -c--a-w C:\Documents and Settings\Plugin\uBAEng.dll
2001-08-28 21:18 57,344 ----a-w C:\Documents and Settings\Fio\u32Prj.dll
2001-08-28 21:15 73,728 ----a-w C:\Documents and Settings\Fio\u32zlib.dll
2001-08-28 21:14 32,768 ----a-w C:\Documents and Settings\Fio\uFioUtil.dll
2001-08-28 21:14 151,552 ----a-w C:\Documents and Settings\Fio\uTifLib.dll
2001-08-28 21:09 40,960 ----a-w C:\Documents and Settings\anygif\UAboutbox.dll
2001-08-28 20:51 95,232 ----a-w C:\Documents and Settings\Fio\JPEGLIB.DLL
2001-08-28 20:51 495,616 ----a-w C:\Documents and Settings\Fio\Fpxlib.dll
2001-08-28 20:50 32,768 ----a-w C:\Documents and Settings\anygif\u32Aps.dll
2001-08-28 02:13 53,248 -c--a-w C:\Documents and Settings\anygif\UFCCOMM.dll
2001-08-28 02:13 36,864 -c--a-w C:\Documents and Settings\anygif\UFCCOLOR.dll
2001-08-28 02:12 32,768 -c--a-w C:\Documents and Settings\anygif\UFCBUF.dll
2001-08-28 02:10 32,768 ----a-w C:\Documents and Settings\anygif\Vepb40.dll
2001-08-28 02:10 28,672 ----a-w C:\Documents and Settings\anygif\Vcvrt32.dll
2001-08-28 02:10 122,880 ----a-w C:\Documents and Settings\anygif\Veui32.dll
2001-08-28 02:05 81,920 -c--a-w C:\Documents and Settings\anygif\anigen.exe
2001-08-28 02:05 294,912 -c--a-w C:\Documents and Settings\anygif\IdxEd.exe
2001-08-28 02:04 45,056 ----a-w C:\Documents and Settings\anygif\USSGifsa.dll
2001-08-28 02:04 172,032 ----a-w C:\Documents and Settings\anygif\UssCvt.dll
2001-08-28 02:00 28,672 -c--a-w C:\Documents and Settings\anygif\VFX32.dll
2001-08-28 01:59 311,296 -c--a-w C:\Documents and Settings\anygif\Tge.dll
2001-08-28 01:56 139,264 -c--a-w C:\Documents and Settings\anygif\Vft32.dll
2001-08-28 01:54 110,592 ----a-w C:\Documents and Settings\anygif\wUfoComp.dll
2001-08-28 01:53 143,360 ----a-w C:\Documents and Settings\anygif\ussjpgen.dll
2001-08-28 01:52 32,768 ----a-w C:\Documents and Settings\anygif\ManageAd.dll
2001-08-28 01:51 36,864 ----a-w C:\Documents and Settings\anygif\uwUpdate.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-12_14.20.28.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-13 09:34:54 35,850,603 ----a-w C:\WINDOWS\Temp\a2cache_5DAA4A66.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [2006-02-02 00:10]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 17:59]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 17:44 C:\WINDOWS\SOUNDMAN.EXE]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-23 22:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-23 22:08]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 19:36]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe" [2006-11-17 14:21]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 11:51]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 13:34]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-09-16 09:51:03]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-08-17 09:00:52 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - user1.job"
"2007-10-13 09:28:07 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - user1.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 11:18:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-13 11:21:24
C:\ComboFix2.txt ... 2007-10-12 14:23
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:51 AM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Norton Internet Security\cfgwiz.exe" /GUID {C056623F-ACED-449a-B11E-2375AD200992} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161615750578
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162888684000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www.btnetprotect.co.uk/BTNetprotect...ld/SymDlBrg.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13992 bytes


and here is the file I lost yesterday :blink:

SmitFraudFix v2.236

Scan done at 13:31:38.06, Fri 10/12/2007
Run from C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\div32.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{524339FC-82EB-4832-9E0C-1784985DB65A}: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Thanks.
Posted Image
Hug someone today and get on their nerves!

#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:01:32 AM

Posted 15 October 2007 - 12:36 PM

Hello carri :thumbsup:

Please follow the steps below exactly in the order they are written:

Step #1

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\mraerea.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step #2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

    • J2SE Runtime Environment 5.0 Update 10
      J2SE Runtime Environment 5.0 Update 11
      J2SE Runtime Environment 5.0 Update 9
      Java™ 6 Update 2
      Java™ SE Runtime Environment 6 Update 1
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Step #3

Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.
Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents. Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.
Select the item you wish to remove and click on RED 'X' icon to delete it. This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.
Repeat for any other quarantined files you want to remove.
When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window.

Step #4

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.
Please post back with OTMoveIt report, Kaspersky scan report, new Hijackthis log, also let me know have you disabled WindowsUpdate.

Regards,
SNOWHITE
Posted Image

#9 carri

carri
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:01:32 AM

Posted 16 October 2007 - 11:55 AM

Ok Snow I did as you asked me to and here are the reports. I have not disabled the updates for windows.

C:\WINDOWS\mraerea.exe moved successfully.

Created on 10/16/2007 11:23:24

KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 16, 2007 5:42:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/10/2007
Kaspersky Anti-Virus database records: 436594
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 137409
Number of viruses found: 25
Number of infected objects: 88
Number of suspicious objects: 2
Duration of the scan process: 04:42:48

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat ZIP: infected - 6 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\SAB5FB.ZIP/div32.dll Infected: not-a-virus:AdWare.Win32.Agent.lg skipped
C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\SAB5FB.ZIP ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\6aab2087ec7583edc1657b6c5b51910e_efec54e6-03d5-4ba2-8a45-18f0f4f6b018 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4279161f5fb8de7bdaccdd4d0055bde9_efec54e6-03d5-4ba2-8a45-18f0f4f6b018 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip/install.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE2192B.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE86D24.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B6F2804.exe Infected: Backdoor.Win32.MSNMaker.w skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.26.Crwl Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.26.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wsb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl56.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy40.gthr Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3.tmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_4b8.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2007-10-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user1\Desktop\BBDesktopHelpInstall.exe/WISE0011.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\user1\Desktop\BBDesktopHelpInstall.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\user1\Desktop\BBDesktopHelpInstall.exe WiseSFX Dropper: infected - 1 skipped
C:\Documents and Settings\user1\Desktop\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Documents and Settings\user1\Desktop\mirc617.exe mIRC: infected - 1 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\BBDesktopHelpInstallDV.exe/WISE0012.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\BBDesktopHelpInstallDV.exe/WISE0046.BIN/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\BBDesktopHelpInstallDV.exe/WISE0046.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\BBDesktopHelpInstallDV.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\BBDesktopHelpInstallDV.exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\Unused Desktop Shortcuts\BBDesktopHelpInstall.exe/WISE0011.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\Unused Desktop Shortcuts\BBDesktopHelpInstall.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\Unused Desktop Shortcuts\BBDesktopHelpInstall.exe WiseSFX Dropper: infected - 1 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\Unused Desktop Shortcuts\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\Unused Desktop Shortcuts\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\Unused Desktop Shortcuts\mirc621.exe NSIS: infected - 2 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Temp\Perflib_Perfdata_9ac.dat Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Temp\~DF1641.tmp Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Temp\~DF165A.tmp Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Temporary Internet Files\Content.IE5\I01IDTM6\c[1].gif Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\My Documents\BBDesktopHelpInstallDV.exe/WISE0012.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\My Documents\BBDesktopHelpInstallDV.exe/WISE0047.BIN/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\My Documents\BBDesktopHelpInstallDV.exe/WISE0047.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\My Documents\BBDesktopHelpInstallDV.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\My Documents\BBDesktopHelpInstallDV.exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user1.HOME-74HWRP5P07\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\350ECF66F3E6C514F85F68FC1F299E5607321150.a2q/program files/mywebsearch/srchastt/1.bin/MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\350ECF66F3E6C514F85F68FC1F299E5607321150.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\3B55A4DF269A79DEF939897E4D8C60CFEA907F0A.a2q/program files/mywebsearch/bar/3.bin/F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\3B55A4DF269A79DEF939897E4D8C60CFEA907F0A.a2q/program files/mywebsearch/bar/3.bin/MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\3B55A4DF269A79DEF939897E4D8C60CFEA907F0A.a2q/program files/mywebsearch/SrchAstt/1.bin/MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\3B55A4DF269A79DEF939897E4D8C60CFEA907F0A.a2q ZIP: infected - 3 skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\4C9410B4D9B4CCD03A8AB0C84A6167B32E279C43.a2q/program files/mywebsearch/bar/3.bin/F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\4C9410B4D9B4CCD03A8AB0C84A6167B32E279C43.a2q/program files/mywebsearch/bar/3.bin/MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\4C9410B4D9B4CCD03A8AB0C84A6167B32E279C43.a2q ZIP: infected - 2 skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\87C40D0216BA2780F1E105FF99D8DAC58345C91E.a2q/program files/mywebsearch/srchastt/1.bin/MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\87C40D0216BA2780F1E105FF99D8DAC58345C91E.a2q ZIP: infected - 1 skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\F9E46EC957BF1F732A7A3589A1E5894EEE999494.a2q/program files/mywebsearch/bar/3.bin/F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\F9E46EC957BF1F732A7A3589A1E5894EEE999494.a2q/program files/mywebsearch/bar/3.bin/MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\F9E46EC957BF1F732A7A3589A1E5894EEE999494.a2q/program files/mywebsearch/SrchAstt/1.bin/MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\F9E46EC957BF1F732A7A3589A1E5894EEE999494.a2q ZIP: infected - 3 skipped
C:\Program Files\BT Broadband Desktop Help\log\mad.log Object is locked skipped
C:\Program Files\BT Broadband Desktop Help\log\mpbtn.log Object is locked skipped
C:\Program Files\BT Broadband Desktop Help\vendors\btbb\wwwcache\wt\deviceview\private\content\driven_dev\upgrade\McciContextUpgrade.exe/WISE0007.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Program Files\BT Broadband Desktop Help\vendors\btbb\wwwcache\wt\deviceview\private\content\driven_dev\upgrade\McciContextUpgrade.exe WiseSFX: infected - 1 skipped
C:\Program Files\Common Files\symantec shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\symantec shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\symantec shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\symantec shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Motive\Common\log\MotiveDirectory.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0426NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0973NAV~.TMP Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071013-105859-283.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\RECYCLER\S-1-5-21-220523388-448539723-839522115-1004\Dc2.zip/mraerea.exe.vir Infected: Trojan.Win32.Small.sh skipped
C:\RECYCLER\S-1-5-21-220523388-448539723-839522115-1004\Dc2.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP15\A0002026.dll Infected: not-a-virus:AdWare.Win32.Agent.lg skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP15\A0002027.dll Infected: not-a-virus:AdWare.Win32.Agent.lg skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP16\A0002198.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP19\A0003583.dll Infected: not-a-virus:AdWare.Win32.Agent.lg skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000080.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000081.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000082.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000124.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000124.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000124.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000125.exe/file17 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000125.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP2\A0000132.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004562.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004563.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004564.com Infected: Trojan-Downloader.Win32.Injecter.n skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004565.com Infected: Trojan-Downloader.Win32.Injecter.n skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004566.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004567.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004568.exe Infected: Trojan-Downloader.Win32.Agent.crz skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004569.exe Infected: Trojan-Downloader.Win32.Agent.crz skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004570.exe Infected: Trojan-Downloader.Win32.Agent.dnt skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004571.exe Infected: Trojan-Downloader.Win32.Agent.dnt skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004572.com Infected: Trojan-Downloader.Win32.Injecter.n skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\A0004573.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped
C:\System Volume Information\_restore{063F9373-3927-494C-8EDD-D543AA5AAF12}\RP28\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\Motive\btbb\UninstallHelper.exe/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\WINDOWS\Motive\btbb\UninstallHelper.exe WiseSFX: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.20071005-045357.backup Infected: Trojan.Win32.Qhost.my skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\startup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.bb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\a2cache_6375818D.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\mraerea.exe Infected: Trojan.Win32.Small.sh skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:54 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Norton Internet Security\cfgwiz.exe" /GUID {C056623F-ACED-449a-B11E-2375AD200992} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161615750578
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162888684000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www.btnetprotect.co.uk/BTNetprotect...ld/SymDlBrg.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14500 bytes


Thanks :thumbsup:
Posted Image
Hug someone today and get on their nerves!

#10 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:01:32 AM

Posted 17 October 2007 - 07:59 PM

Hello carri :thumbsup:

Please follow the steps below exactly in the order they are written:

Step #1

First we'll need to backup registry:

Start -> Run -> type: regedit -> press OK button. Then click on My Computer to highlight it, right click on it and select Export. Give it a name and press Save.

Scroll down into this post and you will see attachment named fixme.reg, click on the link and download it at your desktop.

Locate fixme.reg on your Desktop and double-click on it. It should look like this -> Posted Image
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Step #2
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\Downloaded Program Files\popcaploader.dll
    C:\WINDOWS\system32\startup.exe
    C:\WINDOWS\system32\drivers\etc\hosts.20071005-045357.backup

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Step #3

1. Go to this website: www.virustotal.com
2. Upload this file by copy/pasting it in to the file box: C:\WINDOWS\system32\SearchIndexer.exe
3. Submit the file and copy/paste the results back into this thread.


Step #4

Please run this online scan too:

Panda ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the OTMoveIt report, Virus Total report, Panda scan report, along with a new HijackThis Log, let me know how is the computer running.

Regards,

Attached Files


Edited by SNOWHITE, 17 October 2007 - 07:59 PM.

SNOWHITE
Posted Image

#11 carri

carri
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:01:32 AM

Posted 18 October 2007 - 02:44 PM

Hi again Snow ;)
My pc seems to be back to normal now. thanks so much snow. i just need to see now if my antivirus scans will come back ononce set now.





Here are the reports:


File/Folder C:\WINDOWS\Downloaded Program Files\popcaploader.dll not found.
C:\WINDOWS\system32\startup.exe moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20071005-045357.backup moved successfully.

Created on 10/18/2007 10:56:18

Antivirus Version Last Update Result
AhnLab-V3 2007.10.18.0 2007.10.17 -
AntiVir 7.6.0.23 2007.10.18 -
Authentium 4.93.8 2007.10.17 -
Avast 4.7.1051.0 2007.10.17 -
AVG 7.5.0.488 2007.10.17 -
BitDefender 7.2 2007.10.18 -
CAT-QuickHeal 9.00 2007.10.18 -
ClamAV 0.91.2 2007.10.17 -
DrWeb 4.44.0.09170 2007.10.18 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5220 2007.10.18 -
Ewido 4.0 2007.10.17 -
FileAdvisor 1 2007.10.18 -
Fortinet 3.11.0.0 2007.10.18 -
F-Prot 4.3.2.48 2007.10.18 -
F-Secure 6.70.13030.0 2007.10.18 -
Ikarus T3.1.1.12 2007.10.18 -
Kaspersky 7.0.0.125 2007.10.18 -
McAfee 5143 2007.10.17 -
Microsoft 1.2908 2007.10.18 -
NOD32v2 2599 2007.10.17 -
Norman 5.80.02 2007.10.17 -
Panda 9.0.0.4 2007.10.18 -
Prevx1 V2 2007.10.18 -
Rising 19.45.32.00 2007.10.18 -
Sophos 4.22.0 2007.10.18 -
Sunbelt 2.2.907.0 2007.10.18 -
TheHacker 6.2.9.097 2007.10.18 -
VBA32 3.12.2.4 2007.10.17 -
VirusBuster 4.3.26:9 2007.10.17 -
Webwasher-Gateway 6.6.1 2007.10.18 -
Additional information
File size: 300032 bytes
MD5: 2ec497aa4b728d1b1a368acf2e309e8b
SHA1: d88a127a212391b82204b52f8bc9f1d7aefd6026
File SearchIndexer.exe received on 10.18.2007 11:58:45 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/31 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.10.18.0 2007.10.17 -
AntiVir 7.6.0.23 2007.10.18 -
Authentium 4.93.8 2007.10.17 -
Avast 4.7.1051.0 2007.10.17 -
AVG 7.5.0.488 2007.10.17 -
BitDefender 7.2 2007.10.18 -
CAT-QuickHeal 9.00 2007.10.18 -
ClamAV 0.91.2 2007.10.17 -
DrWeb 4.44.0.09170 2007.10.18 -
eSafe 7.0.15.0 2007.10.15 -
eTrust-Vet 31.2.5220 2007.10.18 -
Ewido 4.0 2007.10.17 -
FileAdvisor 1 2007.10.18 -
Fortinet 3.11.0.0 2007.10.18 -
F-Prot 4.3.2.48 2007.10.18 -
F-Secure 6.70.13030.0 2007.10.18 -
Ikarus T3.1.1.12 2007.10.18 -
Kaspersky 7.0.0.125 2007.10.18 -
McAfee 5143 2007.10.17 -
Microsoft 1.2908 2007.10.18 -
NOD32v2 2599 2007.10.17 -
Norman 5.80.02 2007.10.17 -
Panda 9.0.0.4 2007.10.18 -
Prevx1 V2 2007.10.18 -
Rising 19.45.32.00 2007.10.18 -
Sophos 4.22.0 2007.10.18 -
Sunbelt 2.2.907.0 2007.10.18 -
TheHacker 6.2.9.097 2007.10.18 -
VBA32 3.12.2.4 2007.10.17 -
VirusBuster 4.3.26:9 2007.10.17 -
Webwasher-Gateway 6.6.1 2007.10.18 -
Additional information
File size: 300032 bytes
MD5: 2ec497aa4b728d1b1a368acf2e309e8b
SHA1: d88a127a212391b82204b52f8bc9f1d7aefd6026



Incident Status Location

Virus:Trj/Agent.GOT Disinfected C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat[ac8zt2/main_uninstaller.exe]
Virus:Trj/Downloader.QGI Disinfected C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat[ac8zt2/msmdev.dll]
Adware:Adware/NewMediaCodec Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat[ac8zt2/msmhost.dll]
Virus:Generic Trojan Disinfected C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat[ac8zt2/nsduo.dll]
Virus:Trj/Agent.GOT Disinfected C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\ac8zt2.dat[ac8zt2/rmv.exe]
Adware:Adware/WinAntiVirus2007 Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\jar_cache49876.tmp
Adware:Adware/Lop Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\USER1~1.HOM\LOCALS~1\Temp\SAB5FB.ZIP[div32.dll]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\default\8mhv87t4.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.spylog.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[hc2.humanclick.com/hc/32786341]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user1\Application Data\Mozilla\Profiles\Default User\8p2i1ge7.slt\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\user1\Cookies\user1@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Application Data\Mozilla\Firefox\Profiles\nmgeje8r.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Cookies\user1@2o7[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Cookies\user1@atdmt[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Cookies\user1@perf.overture[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix\restart.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\SmitfraudFix.exe
Adware:Adware/VideoActiveXEnhancement Not disinfected C:\Documents and Settings\user1.HOME-74HWRP5P07\My Documents\RegCureSetup_1_4.exe
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\user2\Cookies\user2@systemdoctor[1].txt
Spyware:Cookie/Buzztone Not disinfected C:\Documents and Settings\user2\Cookies\user2@www.buzztone[1].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\350ECF66F3E6C514F85F68FC1F299E5607321150.a2q[program files/mywebsearch/srchastt/1.bin/MWSSRCAS.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\3B55A4DF269A79DEF939897E4D8C60CFEA907F0A.a2q[program files/mywebsearch/bar/3.bin/F3HTMLMU.DLL]
Virus:Generic Malware Disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\3B55A4DF269A79DEF939897E4D8C60CFEA907F0A.a2q[program files/mywebsearch/bar/3.bin/MWSBAR.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\3B55A4DF269A79DEF939897E4D8C60CFEA907F0A.a2q[program files/mywebsearch/SrchAstt/1.bin/MWSSRCAS.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\4C9410B4D9B4CCD03A8AB0C84A6167B32E279C43.a2q[program files/mywebsearch/bar/3.bin/F3HTMLMU.DLL]
Virus:Generic Malware Disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\4C9410B4D9B4CCD03A8AB0C84A6167B32E279C43.a2q[program files/mywebsearch/bar/3.bin/MWSBAR.DLL]
Virus:Generic Malware Disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\85DCAEB88C8EA61A0B07D045E2FDF82767A0C5EE.a2q[program files/gamespy arcade/Services/_common/PortraitLoader.dll]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\87C40D0216BA2780F1E105FF99D8DAC58345C91E.a2q[program files/mywebsearch/srchastt/1.bin/MWSSRCAS.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\F9E46EC957BF1F732A7A3589A1E5894EEE999494.a2q[program files/mywebsearch/bar/3.bin/F3HTMLMU.DLL]
Virus:Generic Malware Disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\F9E46EC957BF1F732A7A3589A1E5894EEE999494.a2q[program files/mywebsearch/bar/3.bin/MWSBAR.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\a-squared Anti-Malware\Quarantine\F9E46EC957BF1F732A7A3589A1E5894EEE999494.a2q[program files/mywebsearch/SrchAstt/1.bin/MWSSRCAS.DLL]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe
Virus:Generic Trojan Disinfected C:\RECYCLER\S-1-5-21-220523388-448539723-839522115-1004\Dc2.zip[mteadea.exe]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\System Volume Information\_restore{6ED90CDB-11CC-4B91-A5CD-4C29309E367E}\RP262\A0109395.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\System Volume Information\_restore{6ED90CDB-11CC-4B91-A5CD-4C29309E367E}\RP262\A0109397.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\System Volume Information\_restore{6ED90CDB-11CC-4B91-A5CD-4C29309E367E}\RP262\A0109401.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\System Volume Information\_restore{6ED90CDB-11CC-4B91-A5CD-4C29309E367E}\RP262\A0109410.MANIFEST
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:Adware/WinAntiVirus2007 Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\etc\hosts.20071005-045357.backup
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\startup.exe




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:11 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\SwiftSwitch\SwiftSwitch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user1.HOME-74HWRP5P07\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Norton Internet Security\cfgwiz.exe" /GUID {C056623F-ACED-449a-B11E-2375AD200992} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177261102\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161615750578
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162888684000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www.btnetprotect.co.uk/BTNetprotect...ld/SymDlBrg.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14681 bytes
Posted Image
Hug someone today and get on their nerves!

#12 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:01:32 AM

Posted 19 October 2007 - 07:20 PM

Hello carri :thumbsup:

The next file was flagged by Panda ActiveScan as Adware:Adware/VideoActiveXEnhancement, so delete it, using Windows Explorer (to get there right-click your Start button and go to "Explore"), delete this file (if present):
C:\Documents and Settings\user1.HOME-74HWRP5P07\My Documents\RegCureSetup_1_4.exe <-- this file

Close Windows Explorer.

Next, double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompt by your firewall that OTMoveIt tries to contact internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes.

NOTE: This will remove some of the tools we used so far, including OTMoveIt.

* Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm.


* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
The reports look good, we need to clean the system restore point because it is infected, i will give you instructions for cleaning it in next post. Please post back and let me are there still problems.

Regards,
SNOWHITE
Posted Image

#13 carri

carri
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:01:32 AM

Posted 22 October 2007 - 08:03 AM

Hey Snow,

I did as instructed and my pc is behaving quite well thanks to you! I do want to reset my antivirus software back to its scheduled tasks. The login scan that I set was somehow stopped at the same time I acqured the infections as was the weekly scan. I have checked and the scans are still showing as sceduled but for some reasion don't happen. I wonder if you have any idea why please if not don't worry I will see if the Norton people can help me. Other than that I have no other concerns. Thanks for all the help :thumbsup:
Posted Image
Hug someone today and get on their nerves!

#14 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:01:32 AM

Posted 22 October 2007 - 04:23 PM

Hello carri :wacko:

Hey Snow,

I did as instructed and my pc is behaving quite well thanks to you! I do want to reset my antivirus software back to its scheduled tasks. The login scan that I set was somehow stopped at the same time I acqured the infections as was the weekly scan. I have checked and the scans are still showing as sceduled but for some reasion don't happen. I wonder if you have any idea why please if not don't worry I will see if the Norton people can help me. Other than that I have no other concerns. Thanks for all the help :thumbsup:


I don't have experience with Norton, so i believe it will be for the best if you contact Norton people.

I will keep your thread open for a couple of days, if the malware problem reappear feel free to post here.

Should you have any questions, please feel free to ask. ;)
  • DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
  • Untick - Show hidden files and folder
  • Tick - Hide file extensions for known types
  • Tick - Hide protected operating system files
Click Yes to confirm & then click OK
  • CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
  • Tick on the checkbox - Turn off System Restore on all drives
  • Click Apply
Turn it back 'On' by unticking the same checkbox & click OK
  • SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Select the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Select Custom Level .
  • Change 'Download signed ActiveX controls' to Prompt
  • Change 'Download unsigned ActiveX controls' to Disable
  • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
  • Change 'Installation of desktop items' to Prompt
  • Change 'Launching programs and files in an IFRAME' to Prompt
  • Change 'Navigate sub-frames across different domains' to Prompt
  • When all these changes have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
[*] Select OK to exit the Internet Properties page.
[/list]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see this link:
Understanding and Using Firewalls



SPYWAREBLASTER
SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here:
http://www.bleepingcomputer.com/forums/tutorial49.html


IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here:
http://www.spywarewarrior.com/uiuc/resource.htm


COMODO BOClean
BOClean runs automatically in the background without interfering with your work and kills malwares INSTANTLY the moment they activate without giving them the chance to invade your machine. A tutorial on installing this product can be found here:
http://www.comodo.com/boclean/boclean.html


WINPATROL
Download and install the free version of Winpatrol. A tutorial for this product is located here:
http://www.winpatrol.com/features.html

A-SQUARED Anti-Dialer
This is a free program that provides defense against Dialers, scans the harddisk and provides a permanent background guard protection against new Dialer infections.
"Dialers are small programs that change the Internet access number of a modem-equipped computer to a much more expensive number"
To understand this treat better read this article The Dialer-Problem in Detail. a-squared Anti-Dialer can be downloaded at the following link:
http://download5.emsisoft.com/a2AntiDialerSetup.exe

A-SQUARED Free
This program is completely free of charge for private use, it removes infections of Trojans, Spyware, Adware, Worms, Keyloggers, Rootkits, Dialers and other malicious programs. It can be downloaded at the following link:
http://www.emsisoft.com/en/software/free

SUPERAntiSpyware Home Edition
Another effective program for helping remove some of the more difficult infections.
http://www.superantispyware.com/downloadfile.html
  • More Secure Browser - Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, and Opera
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

See these links for more information:

Foistware & How To Avoid It
Browser Hijacking & How to Stop It
Rogue/Suspect Anti-Spyware Products & Web Sites
So how did I get infected in the first place?

Stand Up and Be Counted ---> Posted Image <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Happy surfing and stay clean! :blink:

Please respond to this thread once more so we can mark this thread as resolved.



Best regards,
SNOWHITE
Posted Image

#15 carri

carri
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:01:32 AM

Posted 26 October 2007 - 05:49 AM

Hi Snow :thumbsup:


I thought i would wait a couple of days to see that all is ok, and my PC is behaving now thank you so very very much <3 I have taken your advice in the last post and am just so grateful for this site and your help. You have a fan for life :blink:
Posted Image
Hug someone today and get on their nerves!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users