Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Infection Dadobra-iw Trojan, Delf-ux Trojan, Agbogt Worm


  • Please log in to reply
10 replies to this topic

#1 tpokoy

tpokoy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 18 April 2008 - 06:21 PM

I have started having problems with my new laptop(> 2 mos old). it has problems coming out of sleep mode, it shuts down unexpectedly, and i have also found browser history files for websites i have never gone to. i ran Spybot search and destroy and found no spyware files, but when i looked at my startup, i found a blank registry fire that S&D said was connected with multiple trojans and worms including agbot-ku worm, mkmoose-a worm, delf-ux trojan, sdbot worm, and the dadobra-iw trojan. so now i am here. i have ran a hijack this program and also dekards system scanner. here is the results. any halp would be great, thank you.

Deckard's System Scanner v20071014.68
Run by Tim on 2008-04-18 19:02:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
29: 2008-04-18 15:02:42 UTC - RP69 - Windows Update
28: 2008-04-15 23:35:51 UTC - RP68 - Windows Update
27: 2008-04-13 15:19:00 UTC - RP67 - Windows Update
26: 2008-04-10 21:14:02 UTC - RP66 - Scheduled Checkpoint
25: 2008-04-09 07:00:26 UTC - RP65 - Windows Update


-- First Restore Point --
1: 2008-03-12 18:59:05 UTC - RP38 - Device Driver Package Install: ATI Technogies Inc System devices


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:14 PM, on 4/18/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYMO0RW6\dss[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tim\Desktop\Tim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-21-2991139629-2339596237-2678236182-1001\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Emily')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P10 /q C:\Users\Tim\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\0ENBJKSO\US_MAS~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P10 /q C:\Users\Tim\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\0ENBJKSO\US_MAS~1.SH! (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7320 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-12 14:22:36 328 --a------ C:\Windows\Tasks\McQcTask.job
2008-03-12 14:22:36 336 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-03-18 and 2008-04-18 -----------------------------

2008-04-18 18:21:14 0 d-------- C:\Users\All Users\Malwarebytes
2008-04-16 21:17:42 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-27 21:25:58 0 d-------- C:\Windows\system32\Adobe
2008-03-26 09:31:36 0 d-------- C:\Program Files\QuickTime
2008-03-24 23:28:19 0 d-------- C:\Users\All Users\WorldWinner.com


-- Find3M Report ---------------------------------------------------------------

2008-04-18 18:21:20 0 d-------- C:\Users\Tim\AppData\Roaming\Malwarebytes
2008-04-18 15:01:58 12 --a------ C:\Windows\bthservsdp.dat
2008-04-09 03:07:19 0 d-------- C:\Program Files\Windows Mail
2008-04-07 17:25:30 0 d-------- C:\Program Files\McAfee
2008-03-30 22:01:04 144 --a------ C:\Users\Tim\AppData\Roaming\wklnhst.dat
2008-03-30 21:52:57 0 d-------- C:\Users\Tim\AppData\Roaming\Template
2008-03-30 20:11:19 174 --ahs---- C:\Program Files\desktop.ini
2008-03-30 20:01:45 0 d-------- C:\Program Files\Windows Sidebar
2008-03-30 20:01:45 0 d-------- C:\Program Files\Windows Calendar
2008-03-30 20:01:44 0 d-------- C:\Program Files\Movie Maker
2008-03-30 20:01:41 0 d-------- C:\Program Files\Windows Collaboration
2008-03-30 20:01:39 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-30 20:01:39 0 d-------- C:\Program Files\Windows Journal
2008-03-30 20:01:29 0 d-------- C:\Program Files\Windows Defender
2008-03-30 18:46:31 0 d-------- C:\Users\Tim\AppData\Roaming\McAfee
2008-03-20 18:30:08 0 d-------- C:\Users\Tim\AppData\Roaming\MySpace
2008-03-16 22:23:05 0 d-------- C:\Program Files\MySpace
2008-03-14 21:34:26 0 d-------- C:\Users\Tim\AppData\Roaming\Adobe
2008-03-14 19:52:50 0 d-------- C:\Users\Tim\AppData\Roaming\CyberLink
2008-03-14 19:35:44 0 d-------- C:\Program Files\Dell
2008-03-14 18:21:44 0 d-------- C:\Program Files\Comcast
2008-03-14 17:10:40 0 d-------- C:\Program Files\support.com
2008-03-12 17:17:19 0 d-------- C:\Users\Tim\AppData\Roaming\Creative
2008-03-12 17:12:44 24064 --a------ C:\Users\Tim\AppData\Roaming\UserTile.png
2008-03-12 17:12:43 0 d-------- C:\Users\Tim\AppData\Roaming\PeerNetworking
2008-03-12 15:27:05 0 d-------- C:\Users\Tim\AppData\Roaming\Macromedia
2008-03-12 15:23:30 0 d-------- C:\Program Files\MSXML 4.0
2008-03-12 15:02:35 0 d-------- C:\Program Files\DellTPad
2008-03-12 14:57:54 0 d-------- C:\Program Files\ATI
2008-03-12 14:48:28 0 d-------- C:\Program Files\Cisco
2008-03-12 14:46:46 22729 --a------ C:\newkey
2008-03-12 14:46:43 0 d-------- C:\Users\Tim\AppData\Roaming\InstallShield
2008-03-12 14:10:38 0 d-------- C:\Program Files\Common Files\McAfee
2008-03-12 14:10:11 0 d-------- C:\Program Files\McAfee.com
2008-03-12 14:09:56 0 d-------- C:\Program Files\Common Files
2008-03-11 18:25:04 0 d-------- C:\Users\Tim\AppData\Roaming\Roxio
2008-03-11 17:33:43 0 --a------ C:\Windows\PowerReg.dat
2008-03-11 17:32:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-11 17:32:27 0 d-------- C:\Program Files\Infogrames Interactive
2008-03-11 15:41:50 0 d-------- C:\Program Files\Google
2008-03-11 15:28:59 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-11 15:15:50 0 d-------- C:\Users\Tim\AppData\Roaming\ATI
2008-03-11 15:15:10 0 d-------- C:\Users\Tim\AppData\Roaming\Identities
2008-01-18 11:49:14 137 --a------ C:\Windows\system32\DeleteOcx.cmd <DELETE~1.CMD>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 03:38 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [10/25/2007 01:31 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [12/08/2007 02:34 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 02:35 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 01:37 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 05:06 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 01:35 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 11:24 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [11/12/2007 07:07 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 11:23 AM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 12:37 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P10 /q C:\Users\Tim\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\0ENBJKSO\US_MAS~1.SH!

C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [3/11/2008 5:33:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=C:\Windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
"C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
"C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
C:\Windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\MediaDirect\PCMService.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d7bc520-f068-11dc-bf7a-806e6f6e6963}]
AutoRun\command- E:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8387 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-18 19:07:57 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1917.27 MiB / 1052.05 MiB
Pagefile Memory (total/avail): 4079.1 MiB / 3006.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.37 MiB

C: is Fixed (NTFS) - 220.58 GiB total, 172.09 GiB free.
D: is Fixed (NTFS) - 9.77 GiB total, 5.36 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - SAMSUNG HM250JI ATA Device - 232.88 GiB - 4 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 - Installable File System - 9.77 GiB - D:
\PARTITION2 (bootable) - Installable File System - 220.58 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Tim\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Tim
LOCALAPPDATA=C:\Users\Tim\AppData\Local
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Tim\AppData\Local\Temp
TMP=C:\Users\Tim\AppData\Local\Temp
USERDOMAIN=Home
USERNAME=Tim
USERPROFILE=C:\Users\Tim
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Tim
Emily


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Catalyst Control Center - Branding --> MsiExec.exe /I{D93ADCCA-3BFD-4440-836D-4E4841EBD2A8}
Cisco EAP-FAST Module --> MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module --> MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module --> MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Getting Started Guide --> MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Desktop Doctor --> MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2 --> "C:\Users\Tim\Desktop\HijackThis.exe" /uninstall
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator --> C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0 --> C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Music, Photos & Videos Launcher --> MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet --> MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Scrabble Complete --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B36649A3-D0DD-4706-B042-F5B384529C7A}\Setup.exe" -l0x9
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2579 / Warning
Event Submitted/Written: 04/18/2008 05:58:36 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2991139629-2339596237-2678236182-1000_Classes:
Process 996 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2991139629-2339596237-2678236182-1000_CLASSES

Event Record #/Type2578 / Warning
Event Submitted/Written: 04/18/2008 05:58:35 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2991139629-2339596237-2678236182-1000:
Process 996 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2991139629-2339596237-2678236182-1000

Event Record #/Type2563 / Success
Event Submitted/Written: 04/18/2008 05:45:57 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type2562 / Success
Event Submitted/Written: 04/18/2008 05:45:56 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type2560 / Success
Event Submitted/Written: 04/18/2008 05:45:50 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20333 / Error
Event Submitted/Written: 04/15/2008 07:31:38 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 7:29:57 PM on 4/15/2008 was unexpected.

Event Record #/Type20328 / Error
Event Submitted/Written: 04/14/2008 05:41:13 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 5:39:46 PM on 4/14/2008 was unexpected.

Event Record #/Type20312 / Warning
Event Submitted/Written: 04/14/2008 05:39:18 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D09363C49. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type20302 / Error
Event Submitted/Written: 04/14/2008 05:37:45 PM
Event ID/Source: 10010 / DCOM
Event Description:
{6A972E27-93E2-4F98-8367-4101B2073814}

Event Record #/Type20301 / Error
Event Submitted/Written: 04/14/2008 05:37:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
BCM42RLY%%2



-- End of Deckard's System Scanner: finished at 2008-04-18 19:07:57 ------------

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:49 PM

Posted 01 May 2008 - 04:24 PM

Hello tpokoy :thumbsup: , welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in the effort to clean up your computer.

Please allow me some time to study your log and I will get back to you. In the meantime if you have ran any additional tools to try and do repairs or made any other changes to your computer since you first posted the DSS log, please let me know.

I would also ask that you refrain from running any additional tools unless I ask you to while we are in the process of cleaning everything up. It is necessary that we as helpers know what is being done on the system and any time in order to best formulate a fix.





Thank You ,


thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:49 PM

Posted 02 May 2008 - 08:21 PM

Please advise me if you are still seeking assistance here in the HijackThis Log and Analysis forum.

Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#4 tpokoy

tpokoy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 05 May 2008 - 05:18 PM

yes please, i am sorry i was out of town for the weekend and did not have access to my computer thank

you for any help.

#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:49 PM

Posted 05 May 2008 - 08:07 PM

OK, Please be patient as it takes some time to analyze the logs and I will get back to you just as soon as possible. :thumbsup:
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:49 PM

Posted 07 May 2008 - 04:55 PM

Hi tpokoy,



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 tpokoy

tpokoy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 08 May 2008 - 08:54 PM

Thank you for getting back with me. I downloaded the scanner and i will run it tommorow and post the results

#8 tpokoy

tpokoy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 09 May 2008 - 05:33 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 09, 2008 6:32:02 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/05/2008
Kaspersky Anti-Virus database records: 750036
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 93453
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:01:11

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\Windows\temp\ASPNETSetup_00000.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\DMI202C.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\ehprivjob.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\ehprivjob1.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-151045-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-151056-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-152845-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-152924-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-161334-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080312-161359-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080314-193450-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080314-193504-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080317-095434-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080317-095447-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080317-183606-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080317-183622-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080318-123902-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080318-123922-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080322-164915-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080322-164927-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_0U8C5WK5UljHweF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_6crbALnS5hpjQJl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_9yP14FWWAMxKsmy Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_q35LVOKcKPWiKf5 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcafee_wZrfYp5HdFGhbS9 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_6b2y5TbwNwNKbbF Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_6VltHnP5mcJDnRn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_8EaYyqje1WG3CSp Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_bYFYEenmBLwHcT7 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_cAFgQd8wnnIsKRL Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_FsXBj8JfH8bqGXA Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_ftWBzrDifVn4NoW Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_FvyC9FhGLbgWD0I Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_I8bYp22zY6WJUfH Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_kLaHUHYQpUnIlqn Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_pNbys0rOIzn3SfQ Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_R6NBh4itQlKAePr Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_rq8bXCj7vGfM9Ey Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_vfefHXvOB0leZx2 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\mcmsc_yD3NUioF8H7FoE3 Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MSI6d22c.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SetupAV.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\SetupAVC.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_DX.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_KernelLog.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\WinSAT_StorageAsmt.etl Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\wmsetup.log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MPF\data\log.edb Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{0C6F02A7-9B3A-4888-8170-F4B76E741BD0}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{4A47E8A2-3AA8-4139-9ECA-8368E5DA5009}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFR7B27.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d170e603afd15cc2442279af79cb9c32_c25c96c2-2918-4a79-a279-d72eb5e9f7c5 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Emily.dat Object is locked skipped
C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050920080510\index.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008050920080510\index.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\UsrClass.dat{da421fbc-efa6-11dc-ae83-001d09363c49}.TM.blf Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\UsrClass.dat{da421fbc-efa6-11dc-ae83-001d09363c49}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows\UsrClass.dat{da421fbc-efa6-11dc-ae83-001d09363c49}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Tim\AppData\Local\Microsoft\Windows Defender\FileTracker\{BF648871-F1E0-4A64-9173-4E92E7FE79FB} Object is locked skipped
C:\Users\Tim\AppData\Local\SupportSoft\DellSupportCenter\Tim\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Tim\NTUSER.DAT Object is locked skipped
C:\Users\Tim\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Tim\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Tim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Tim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Tim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\setupact.log Object is locked skipped
C:\Windows\Panther\setuperr.log Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.bld Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WindowsMobile\WcesLog.etl.001 Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.bld Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Broadcom Wireless LAN.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\mcafee_Lw2hOLMCycscPNI Object is locked skipped
C:\Windows\Temp\mcmsc_ef3QS2wD0NKxCLF Object is locked skipped
C:\Windows\Temp\mcmsc_kGRpGSKvS3FSz44 Object is locked skipped
C:\Windows\Temp\mcmsc_sv2yr7PjvYtJFCQ Object is locked skipped
C:\Windows\Temp\mcmsc_t7Rap0s6neIappq Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped
D:\Windows\security\database\secedit.sdb Object is locked skipped

Scan process completed.

#9 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:49 PM

Posted 10 May 2008 - 11:10 AM

tpokoy,


So far I have not been able to find any Malware present on your computer. Neither DSS or Kaspersky are showing up anything.

I have been advised by one of the coaches that the following is a bug within Spybot S&D itself.

i found a blank registry fire that S&D said was connected with multiple trojans and worms including agbot-ku worm, mkmoose-a worm, delf-ux trojan, sdbot worm, and the dadobra-iw trojan.




DSS is telling me that Spybot S&D is disabled. Did you disable it for a reason?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#10 tpokoy

tpokoy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 12 May 2008 - 04:43 PM

Ok, thank you for your help looking over my reports. spybot s&d on startup was interfeering with windows defender at first so i disabled it on startup but i figured it out now and its enabled and runs fine. thank you again

Tpokoy

#11 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:49 PM

Posted 12 May 2008 - 08:12 PM

Glad I was able to help :thumbsup: and if there any other problems related to your computer please feel free to post them in the appropriate forum.



The following tutorial is a good guide for maintaining a healthy computer:


Simple and easy ways to keep your computer safe on the internet






thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users