Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

007guard Infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 myradin

myradin

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 31 March 2008 - 11:31 AM

The www 007guard com has multiple established ports on my pc, I have discovered this with the use of the netstat -a command. A minimum of 2 but at times up to 14. This is very disruptive to internet and online gaming to say the least and I am concerned about information being stolen. I followed all the instructions for scanning my files for adware and trojans that were recommended but it has not found anything to correct.
I'm very glad I found your website and I saw that you helped someone else recover from this attack. I tried following the instructions for him but our file paths are different so here is the Hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:55 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Angela\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Tegrity-WebLearner-2632 - http://sessions.tegrityonline.com/Tegrity/...Class/TWebS.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_...nx.1.0.0.55.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135918656171
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C23B927-6AA1-439A-9C7B-86D21B425286}: NameServer = 24.247.24.53,24.247.24.52
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C23B927-6AA1-439A-9C7B-86D21B425286}: NameServer = 24.247.24.53,24.247.24.52
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C23B927-6AA1-439A-9C7B-86D21B425286}: NameServer = 24.247.24.53,24.247.24.52
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7789 bytes

BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 12 April 2008 - 02:05 AM

Hello myradin,

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log after you rename it as per my instructions below.
If we do not hear back from you within a couple of days we will need to close your topic.

Thank you for your patience.
----------------------------------------------
RENAME HIJACKTHIS

There is some infection hiding in your log.

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Documents and Settings\Angela\Desktop\HiJackThis.exe

Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 myradin

myradin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 12 April 2008 - 05:59 PM

Thank you for addressing my post, I really appreciate it. Since I posted this I have reformatted my harddrives. I felt this was the only solution since EVERY file folder on my drives contained a thumprint of the virus and was replicating over and over. I did painstakingly move each file I wanted saved onto DVD and checked it before I reformatted to verify the data. Somehow the "thumb.ini" managed to worm it's way onto that disk in spite of my efforts so I have been afraid to open the data since I reformatted. If you could make a suggestion on how I could safely move those files from the dvd-rom that I burned them onto as well as look at my new hijack-this log, I would greatly appreciate it. My netstat -a STILL shows established connections and I am not sure if they are necessary or persist because the attacker has ip information and was able to find me again. Here is the file. (Additionally, I connect to the internet through a linksys router on a home network and I have port-forwarding for running World of Warcraft)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:12 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Angela\Desktop\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207110843786
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4842 bytes

#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 13 April 2008 - 09:06 AM

Hello myradin,

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
As i am having some personal problem with my pc not booting, i will try to see if another helper can continue here.
Please post back the DSS report.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#5 myradin

myradin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 13 April 2008 - 02:11 PM

Deckard's System Scanner v20071014.68
Run by Angela on 2008-04-13 15:07:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
33: 2008-04-13 19:07:03 UTC - RP33 - Deckard's System Scanner Restore Point
32: 2008-04-13 03:14:42 UTC - RP32 - System Checkpoint
31: 2008-04-12 03:02:26 UTC - RP31 - System Checkpoint
30: 2008-04-11 02:57:36 UTC - RP30 - Software Distribution Service 3.0
29: 2008-04-10 14:08:20 UTC - RP29 - System Checkpoint


-- First Restore Point --
1: 2008-04-02 04:30:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Angela.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:02 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Angela\Desktop\dss.exe
C:\DOCUME~1\Angela\Desktop\Angela.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207110843786
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4490 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_810E1043&REV_00\3&267A616A&0&1B
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_810E1043&REV_00\3&267A616A&0&1B
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-11 22:29:15 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-09 09:27:26 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-09 09:21:03 0 d-------- C:\Program Files\Trillian
2008-04-08 14:27:13 0 d-------- C:\Program Files\Paint.NET
2008-04-07 18:37:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-04 03:02:04 0 d-------- C:\Program Files\MSXML 6.0
2008-04-03 21:31:36 0 d-------- C:\WINDOWS\nview
2008-04-03 08:44:18 0 d-------- C:\Program Files\MSBuild
2008-04-03 08:40:24 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-03 08:39:41 0 d-------- C:\Program Files\Reference Assemblies
2008-04-03 08:34:43 0 d-------- C:\WINDOWS\system32\URTTemp
2008-04-03 07:09:04 0 d-------- C:\Program Files\Intel Corporation
2008-04-02 22:41:59 0 d-------- C:\Documents and Settings\Angela\Application Data\Apple Computer
2008-04-02 22:41:46 0 d-------- C:\Program Files\iPod
2008-04-02 22:41:42 0 d-------- C:\Program Files\iTunes
2008-04-02 22:41:31 0 d-------- C:\Program Files\Bonjour
2008-04-02 22:41:03 0 d-------- C:\Program Files\QuickTime
2008-04-02 22:41:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-02 22:40:49 0 d-------- C:\Program Files\Apple Software Update
2008-04-02 22:40:43 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-02 22:40:31 0 d-------- C:\Program Files\Common Files\Apple
2008-04-02 22:40:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-02 20:43:23 1158 --a------ C:\WINDOWS\mozver.dat
2008-04-02 17:07:00 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-02 16:50:34 0 d-------- C:\fsaua.data
2008-04-02 16:48:04 0 d-------- C:\Program Files\PokerStars
2008-04-02 16:37:36 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-02 15:39:05 0 d-------- C:\Documents and Settings\Angela\Application Data\Ventrilo
2008-04-02 15:38:50 0 d-------- C:\Program Files\Ventrilo
2008-04-02 15:38:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-02 15:23:05 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-04-02 15:23:05 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-04-02 15:23:04 978944 --a------ C:\WINDOWS\SynthCoreA.Dll <Not Verified; Analog Devices, Inc.; SoundMAX Wavetable>
2008-04-02 15:23:04 380928 --a------ C:\WINDOWS\SynCor.exe <Not Verified; Analog Devices, Inc.; SynthCore>
2008-04-02 15:23:03 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll <Not Verified; Analog Devices, Inc.; Analog Devices, Inc. SynthCore11Resources>
2008-04-02 15:23:03 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2008-04-02 15:23:03 49152 --a------ C:\WINDOWS\system32\S11thk32.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2008-04-02 15:23:01 0 d-------- C:\WINDOWS\VirtualEar
2008-04-02 15:23:01 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-04-02 15:22:59 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-04-02 15:22:59 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-04-02 15:22:59 0 d-------- C:\Program Files\Analog Devices
2008-04-02 15:22:58 44 --a------ C:\WINDOWS\system32\msssc.dll
2008-04-02 15:22:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 15:17:53 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-02 15:14:38 0 d-------- C:\Documents and Settings\Angela\Application Data\Macromedia
2008-04-02 15:14:38 0 d-------- C:\Documents and Settings\Angela\Application Data\Adobe
2008-04-02 14:15:51 0 d-------- C:\WINDOWS\network diagnostic
2008-04-02 13:53:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-02 12:40:53 0 d-------- C:\Logs
2008-04-02 11:34:13 0 d-------- C:\Program Files\World of Warcraft
2008-04-02 07:00:25 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-02 04:29:22 0 d--hs---- C:\System Volume Information
2008-04-02 04:29:12 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-02 04:29:12 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-02 04:29:12 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-02 04:29:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-02 04:29:12 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-02 04:29:12 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-02 04:29:12 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-02 04:29:12 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-02 04:29:12 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-02 04:29:12 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-02 04:26:52 0 d-------- C:\WINDOWS\system32\xircom
2008-04-02 04:26:52 0 d-------- C:\Program Files\microsoft frontpage
2008-04-02 04:26:49 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-02 04:26:44 0 -rahs---- C:\MSDOS.SYS
2008-04-02 04:26:44 0 -rahs---- C:\IO.SYS
2008-04-02 04:26:44 0 --a------ C:\CONFIG.SYS
2008-04-02 04:26:44 0 --a------ C:\AUTOEXEC.BAT
2008-04-02 04:26:00 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-02 04:25:52 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-02 04:25:52 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-02 04:25:32 0 d-------- C:\WINDOWS\srchasst
2008-04-02 04:25:27 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-02 04:25:26 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-02 04:25:15 0 d-------- C:\Program Files\Movie Maker
2008-04-02 04:24:54 0 d-------- C:\WINDOWS\system32\Restore
2008-04-02 04:24:49 0 d-------- C:\WINDOWS\PCHEALTH
2008-04-02 04:24:44 0 d---s---- C:\WINDOWS\Tasks
2008-04-02 04:24:42 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-02 04:24:29 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-02 04:24:16 0 d-------- C:\WINDOWS\Registration
2008-04-02 04:23:53 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-02 04:23:53 0 d-------- C:\Program Files\Online Services
2008-04-02 04:23:49 0 d-------- C:\Program Files\Messenger
2008-04-02 04:23:41 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-02 04:23:33 0 d-------- C:\Program Files\Windows NT
2008-04-02 04:23:25 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-02 04:23:23 0 d-------- C:\WINDOWS\system32\Com
2008-04-02 02:02:46 0 d-------- C:\WoW-2.0.0-enUS-Installer
2008-04-02 02:02:34 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-02 01:54:24 0 d-------- C:\WINDOWS\pss
2008-04-02 01:49:09 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-04-02 01:49:03 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-04-02 01:48:52 0 d-------- C:\Documents and Settings\Angela\WINDOWS
2008-04-02 01:48:47 0 d-------- C:\Lexmark
2008-04-02 01:36:54 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-02 01:34:03 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-02 01:33:58 0 d-------- C:\NVIDIA
2008-04-02 01:30:34 0 d-------- C:\Documents and Settings\Angela\Application Data\SystemRequirementsLab
2008-04-02 01:30:27 0 d-------- C:\WINDOWS\Sun
2008-04-02 01:30:27 0 d-------- C:\Documents and Settings\Angela\Application Data\Sun
2008-04-02 01:29:54 0 d-------- C:\Program Files\Java
2008-04-02 01:29:33 0 d-------- C:\Program Files\Common Files\Java
2008-04-02 01:24:55 0 d-------- C:\Documents and Settings\Angela\Application Data\Talkback
2008-04-02 01:24:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-02 01:24:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-02 01:24:45 0 d-------- C:\Documents and Settings\Angela\Application Data\Mozilla
2008-04-02 01:24:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-02 01:24:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-02 01:22:48 0 d-------- C:\Program Files\Norton Security Scan
2008-04-02 01:22:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-02 01:22:35 0 d-------- C:\Program Files\Google
2008-04-02 01:06:13 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-02 01:05:26 0 d-------- C:\WINDOWS\Prefetch
2008-04-02 00:57:05 0 d-------- C:\WINDOWS\peernet
2008-04-02 00:57:04 0 d-------- C:\WINDOWS\provisioning
2008-04-02 00:56:03 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-02 00:53:38 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-02 00:51:49 0 d-------- C:\WINDOWS\EHome
2008-04-02 00:38:11 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-02 00:38:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-02 00:35:58 0 d-------- C:\WINDOWS\system32\bits
2008-04-02 00:34:10 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-02 00:33:52 0 d--hs---- C:\Documents and Settings\Angela\UserData
2008-04-02 00:30:48 0 d--hs---- C:\WINDOWS\Installer
2008-04-02 00:30:46 0 d-------- C:\Documents and Settings\Angela\Application Data\Identities
2008-04-02 00:30:38 0 d--h----- C:\Documents and Settings\Angela\Templates
2008-04-02 00:30:38 0 dr------- C:\Documents and Settings\Angela\Start Menu
2008-04-02 00:30:38 0 dr-h----- C:\Documents and Settings\Angela\SendTo
2008-04-02 00:30:38 0 dr-h----- C:\Documents and Settings\Angela\Recent
2008-04-02 00:30:38 0 d--h----- C:\Documents and Settings\Angela\PrintHood
2008-04-02 00:30:38 1310720 --ah----- C:\Documents and Settings\Angela\NTUSER.DAT
2008-04-02 00:30:38 0 d--h----- C:\Documents and Settings\Angela\NetHood
2008-04-02 00:30:38 0 dr------- C:\Documents and Settings\Angela\My Documents
2008-04-02 00:30:38 0 d--h----- C:\Documents and Settings\Angela\Local Settings
2008-04-02 00:30:38 0 dr------- C:\Documents and Settings\Angela\Favorites
2008-04-02 00:30:38 0 d-------- C:\Documents and Settings\Angela\Desktop
2008-04-02 00:30:38 0 d--hs---- C:\Documents and Settings\Angela\Cookies
2008-04-02 00:30:38 0 dr-h----- C:\Documents and Settings\Angela\Application Data
2008-04-01 20:15:11 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-01 20:15:08 0 dr------- C:\Program Files
2008-04-01 20:15:08 0 d-------- C:\Program Files\Common Files
2008-04-01 20:15:08 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-01 20:14:48 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-01 20:14:48 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-01 20:14:48 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-01 20:14:48 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-01 20:14:48 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-01 20:14:48 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-01 20:14:48 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-01 20:14:48 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-01 20:14:48 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-01 20:14:48 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-01 20:14:48 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2008-04-01 20:14:48 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-01 20:14:48 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-01 20:14:48 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-01 20:14:48 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-01 20:14:48 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-01 20:14:37 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-01 20:14:37 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-01 20:14:31 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-01 20:14:31 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-01 20:14:31 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-01 20:14:31 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-01 20:14:19 0 d-------- C:\Documents and Settings
2008-04-01 20:10:29 0 d-------- C:\WINDOWS
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\WinSxS
2008-04-01 20:10:29 0 dr------- C:\WINDOWS\Web
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\twain_32
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\wins
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\wbem
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\usmt
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\spool
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\Setup
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\ras
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\oobe
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\npp
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\mui
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\IME
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\ias
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\export
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\drivers
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-01 20:10:29 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\config
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\3076
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\2052
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\1054
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\1042
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\1041
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\1037
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\1033
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\1031
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\1028
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system32\1025
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\system
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\security
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\Resources
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\repair
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\mui
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\msapps
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\msagent
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\Media
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\java
2008-04-01 20:10:29 0 d--h----- C:\WINDOWS\inf
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\ime
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\Help
2008-04-01 20:10:29 0 dr--s---- C:\WINDOWS\Fonts
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\Driver Cache
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\Debug
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\Cursors
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\Config
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\AppPatch
2008-04-01 20:10:29 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-01 20:14:48 62 --ahs---- C:\Documents and Settings\Angela\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 08:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 03:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
"C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

*Newly Created Service* - ERASERUTILDRV10741
*Newly Created Service* - IDSVC



-- End of Deckard's System Scanner: finished at 2008-04-13 15:09:07 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1023.23 MiB / 683.09 MiB
Pagefile Memory (total/avail): 2462.11 MiB / 2252.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.64 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 56.24 GiB free.
D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is CDROM (No Media)
J: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD400BB-00GFA0 - 37.27 GiB - 1 partition
\PARTITION0 - Installable File System - 37.26 GiB - D:

\\.\PHYSICALDRIVE2 - USB 2.0 HS-CF USB Device

\\.\PHYSICALDRIVE3 - USB 2.0 HS-MS USB Device

\\.\PHYSICALDRIVE5 - USB 2.0 HS-SD/MMC USB Device

\\.\PHYSICALDRIVE4 - USB 2.0 HS-SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Angela\\Desktop\\ChipUtil.exe"="C:\\Documents and Settings\\Angela\\Desktop\\ChipUtil.exe:*:Enabled:ChipUtil"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Angela\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WICKED
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Angela
LOGONSERVER=\\WICKED
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Angela\LOCALS~1\Temp
TMP=C:\DOCUME~1\Angela\LOCALS~1\Temp
USERDOMAIN=WICKED
USERNAME=Angela
USERPROFILE=C:\Documents and Settings\Angela
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Angela (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Documents and Settings\Angela\Desktop\HijackThis.exe" /uninstall
Intel® Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark 1200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Paint.NET v3.22 --> MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type291 / Warning
Event Submitted/Written: 04/10/2008 10:59:33 PM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type240 / Warning
Event Submitted/Written: 04/04/2008 03:01:06 AM
Event ID/Source: 1020 / ASP.NET 1.1.4322.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type214 / Success
Event Submitted/Written: 04/03/2008 08:47:58 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: WindowsFormsIntegration, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Event Record #/Type212 / Success
Event Submitted/Written: 04/03/2008 08:47:57 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: UIAutomationClient, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Event Record #/Type210 / Success
Event Submitted/Written: 04/03/2008 08:47:57 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: UIAutomationClientsideProviders, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1897 / Error
Event Submitted/Written: 04/13/2008 07:38:41 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.1.100 on the
Network Card with network address 0015F2316B80.

Event Record #/Type1896 / Warning
Event Submitted/Written: 04/13/2008 07:38:41 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0015F2316B80. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1895 / Warning
Event Submitted/Written: 04/13/2008 07:38:15 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0015F2316B80. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1894 / Warning
Event Submitted/Written: 04/13/2008 07:36:47 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0015F2316B80. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1893 / Warning
Event Submitted/Written: 04/13/2008 07:34:00 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0015F2316B80. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-13 15:09:07 ------------

#6 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 14 April 2008 - 09:44 AM

Hello myradin,

Thanks for the report. I am sorry about this but please be a little patient, i am trying to find another helper to continue with your topic.

Due to my personal pc problems, i can't or have an available pc to check reports (they do need a certain time). I can't use my work pc for that. :thumbsup:

My apologies. I hope a helper will come soon for you.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#7 myradin

myradin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 14 April 2008 - 10:19 AM

I'm sorry you are having issues with your pc. I hope they are resolved soon. I'm replacing my graphics card today, since the poor thing is dying, so I feel your pain.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:29 AM

Posted 14 April 2008 - 12:04 PM

Hi, myradin :thumbsup:

I'll be acting as the DH on this topic.

Remove Java™ 6 Update 4 from your computer.

Clear the JAVA Cache:

Go to the Control Panel and click on the Java icon. Under Temporary Internet Files click on Settings, then on Delete Files. Click OK out of the properties window.

Please do an online scan with Kaspersky WebScanner (Use internet Explorer)

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 myradin

myradin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 14 April 2008 - 01:41 PM

KASPERSKY ONLINE SCANNER REPORT
Monday, April 14, 2008 2:38:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/04/2008
Kaspersky Anti-Virus database records: 704086
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 37728
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:53:29

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Angela\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\History\History.IE5\MSHist012008041420080415\index.dat Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Angela\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Angela\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Angela\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{83449E68-0435-4BCF-9CFC-F02FEE728EBB}\RP34\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:29 AM

Posted 17 April 2008 - 10:41 AM

Hi, myradin :thumbsup:

There is no sign of malware in those logs. Has the issue continued even after removing the Java Temp files?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 myradin

myradin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 17 April 2008 - 11:50 AM

well I had reformatted the computer after my original post, I let the previous helper know that and was just asking for a confirmation that I successfully purged the system. I appreciate both of your help and I am grateful for the site!

Thank you- Myradin

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:29 AM

Posted 18 April 2008 - 12:50 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users