Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help-it's Getting Worse By The Minute


  • Please log in to reply
4 replies to this topic

#1 srcvlk

srcvlk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 12 July 2008 - 06:44 PM

Hi,
Somehow I am being blocked from creating any log files and from running the suggested program "DSS.exe". My browser has been hyjacked. Things are progressivly getting worse. I ran the scan with Hyjackthis and I was able to save a copy that I sent to Trend for a comparasion to other users but I was not able to save it to a log file and I was not able to fix the log file because I could not see the text to erase it plus I could not save the file with another name. Here it is === I sure hope you can help. Victoria




Index % of PCs with item Code Data
1 0.2% O1 ::1 localhost

2 0.2% O13 java script:void(0)

3 0.0% O16 {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

4 0.0% O17 NameServer = 205.188.146.145

5 0.8% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

6 0.5% O2 Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

7 0.2% O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

8 0.1% O2 (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

9 0.0% O2 Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

10 0.8% O23 LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

11 0.5% O23 Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

12 0.3% O23 LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

13 0.2% O23 Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

14 0.2% O23 Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

15 0.2% O23 Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

16 0.2% O23 Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

17 0.1% O23 COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

18 0.1% O23 hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

19 0.1% O23 Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

20 0.1% O23 LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

21 0.1% O23 LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

22 0.0% O23 stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

23 0.0% O23 AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

24 0.0% O23 XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

25 0.0% O23 RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

26 0.0% O23 AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

27 0.0% O23 HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

28 0.0% O23 InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

29 0.0% O23 CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

30 0.0% O23 CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

31 0.0% O23 SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

32 0.0% O23 Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

33 0.5% O3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

34 0.1% O3 Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

35 0.8% O4 [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

36 0.6% O4 [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

37 0.2% O4 [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

38 0.1% O4 [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

39 0.1% O4 [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

40 0.1% O4 [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

41 0.1% O4 [ehTray.exe] C:\Windows\ehome\ehTray.exe

42 0.1% O4 [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

43 0.1% O4 [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

44 0.0% O4 [Launcher] %WINDIR%\SMINST\launcher.exe

45 0.0% O4 [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

46 0.0% O4 [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b

47 0.0% O4 [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

48 0.0% O4 [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

49 0.1% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

50 0.1% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

51 0.1% O9 Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

52 0.0% O9 Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

53 0.0% O9 S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

54 0.0% O9 (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

55 0.0% O9 Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

56 7.0% P01 C:\WINDOWS\Explorer.EXE

57 0.8% P01 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

58 0.7% P01 C:\Program Files\Windows Defender\MSASCui.exe

59 0.6% P01 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

60 0.4% P01 C:\Windows\ehome\ehtray.exe

61 0.4% P01 C:\Windows\ehome\ehmsas.exe

62 0.3% P01 C:\Program Files\Windows Media Player\wmpnscfg.exe

63 0.2% P01 C:\Windows\system32\taskeng.exe

64 0.2% P01 C:\Windows\system32\Dwm.exe

65 0.2% P01 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

66 0.1% P01 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

67 0.1% P01 C:\Program Files\HP\QuickPlay\QPService.exe

68 0.0% P01 C:\Program Files\AOL 9.0\waol.exe

69 0.0% P01 C:\Program Files\AOL 9.0\shellmon.exe

70 0.0% P01 C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

71 0.0% P01 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

72 0.0% P01 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

73 0.0% P01 C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

74 0.0% P01 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

75 0.0% P01 C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe

76 0.0% P01 C:\PROGRA~1\COMPAQ~1\3572475\Program\COMPAQ~1.EXE

77 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

78 0.0% P01 C:\Program Files\Common Files\aol\1205724633\ee\aolsoftware.exe

79 0.5% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

80 0.4% R0 HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

81 0.4% R0 HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

82 0.3% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

83 0.1% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

84 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop

85 2.6% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

86 2.5% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

87 0.3% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

88 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop

BC AdBot (Login to Remove)

 


#2 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 03 August 2008 - 09:12 PM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#3 srcvlk

srcvlk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 08 August 2008 - 12:43 AM

Hi,
I posted a few weeks ago but didn't think anyone would answer. When I finally recieved a reply and I responded it seems the post was too old. Anyway, I'll try again. I've been having my browser redirected and shut down for no reason. At some web sites that have repair information I am shut down as soon as I get there. I've had changes made to my registry that I did not OK. My log files are all blank so I cannot read them. Here are the results the scans I was able to run: Deckard's was no good it said "file corrupt". For some reason HJT says that it was denied access to the host file and if a virus is there it cannot be fixed. I hope to hear from someone. Thanks, srcvlk

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:51, on 7/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1205724633\ee\aolsoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Trend Micro\HijackThis\iseeu.com.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18C6E8BC-BD07-47E6-B087-0B6C104694EF}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC0AE6B-896E-4677-BA61-0E1A6DB86DC0}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDAC9F25-00C7-49CA-9248-40273F90E4E4}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDCF4ACF-2835-49F8-A8D5-CA8CEE8B2B28}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{18C6E8BC-BD07-47E6-B087-0B6C104694EF}: NameServer = 205.188.146.145
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8049 bytes


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 6, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 07, 2008 04:00:32
Records in database: 1064731
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 98809
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:24:56


File name / Threat name / Threats count
C:\Program Files\AOL 9.0\download\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Program Files\AOL 9.0\download\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\WINDOWS\System32\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1

The selected area was scanned.






Panda Worldwide About Panda Contact


Common name: MS07-069
Technical name: MS07-069
Threat level: Medium
Alias: Cumulative Security Update for Internet Explorer, Actualización de seguridad acumulativa para Internet Explorer
Type: Vulnerability
Effects:
It is a group of vulnerabilities in Internet Explorer versions 5.01 and 6 SP1 in Windows 2000, 6 on Windows 2003/XP computers and 7 in Windows Vista/2003/XP, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.

Affected platforms: Other

First detected on: Dec. 12, 2007
Detection updated on: Dec. 12, 2007
Statistics No
Brief Description
MS07-069 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in Internet Explorer on Windows Vista/2003/XP/2000 computers, which allows arbitrary code to be remotely executed in the vulnerable computer. Affected versions of Internet Explorer are 5.01, 6 SP1, 6, and 7.

If exploited successfully, MS07-069 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights , the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.

These vulnerabilities are usually exploited by creating a specially crafted web page and enticing users into accessing it. The link to the website can be distributed using several methods, such as email, instant messaging programs, etc.

If you have any of the vulnerable versions of Internet Explorer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch. However, provided that this is a cumulative patch, make sure that you download the latest security patch available.


Common name: MS07-027
Technical name: MS07-027
Threat level: Medium
Alias: Cumulative Security Update for Internet Explorer, Actualización de seguridad acumulativa para Internet Explorer
Type: Vulnerability
Effects: It is a group of vulnerabilities in Internet Explorer versions 5.01 on Windows 2000, 6 on Windows 2003/XP/2000 computers and 7 on Windows Vista/2003/XP, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.

Affected platforms: Other

First detected on: May 9, 2007
Detection updated on: May 9, 2007
Statistics No
Brief Description
MS07-027 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in Internet Explorer on Windows Vista/2003/XP/2000 computers, which allows arbitrary code to be remotely executed in the vulnerable computer. Affected versions of Internet Explorer are 5.01, 6 and 7.

If exploited successfully, MS07-027 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights , the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.

These vulnerabilities are usually exploited by creating a specially crafted web page and enticing users into accessing it. The link to the website can be disributed using several methods, such as email, instant messaging programs, etc.



If you have a Windows Vista/2003/XP/2000 computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch. However, provided that this is a cumulative patch, make sure that you download the latest security patch available.



Common name: MS08-001
Technical name: MS08-001
Threat level: Medium
Alias: Vulnerabilities in TCP/IP, Vulnerabilidades en TCP/IP
Type: Vulnerability
Effects: It is a group of critical vulnerabilities in TCP/IP on Windows Vista/2003/XP/2000 computers, which allows hackers to gain remote control of the affected computer and denial of service attacks to be launched.

Affected platforms: Windows 2003/XP/2000

First detected on: Jan. 9, 2008
Detection updated on: Jan. 9, 2008
Statistics No
Brief Description
MS08-001 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in TCP/IP on Windows Vista/2003/XP/2000 computers, which allows arbitrary code to be remotely executed in the vulnerable computer and denial of service attacks to be launched.

TCP/IP is the suite of communication protocols used for sending data over networks.

The addressed vulnerabilities are:

Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability: a remote code execution vulnerability that allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.
Windows Kernel TCP/IP/ICMP Vulnerability: a denial of service vulnerability that could cause the affected system to stop responding and automatically restart.
This vulnerability is usually exploited by creating a specially crafted packet and sending it to a vulnerable computer.



If you have a Windows Vista/2003/XP/2000 computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.

Moreover, bear in mind that this bulletin replaces a previous one, called MS06-032.




Common name: MS07-033
Technical name: MS07-033
Threat level: Medium
Alias: Cumulative Security Update for Internet Explorer, Actualización de seguridad acumulativa para Internet Explorer
Type: Vulnerability
Effects:
It is a group of vulnerabilities in Internet Explorer versions 5.01 on Windows 2000, 6 on Windows 2003/XP/2000 computers and 7 on Windows Vista/2003/XP, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.

Affected platforms: Other

First detected on: June 13, 2007
Detection updated on: June 13, 2007
Statistics No
Brief Description
MS07-033 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in Internet Explorer on Windows Vista/2003/XP/2000 computers, which allows arbitrary code to be remotely executed in the vulnerable computer. Affected versions of Internet Explorer are 5.01, 6 and 7.

The addressed vulnerabilities are:

COM Object Instantiation Memory Corruption vulnerability.
CSS Tag Memory Corruption vulnerability.
Language Pack Installation vulnerability.
Uninitialized Memory Corruption vulnerability.
Navigation Cancel Page Spoofing vulnerability.
Speech Control Memory Corruption vulnerability.


If exploited successfully, MS07-033 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights , the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.

These vulnerabilities are usually exploited by creating a specially crafted web page and enticing users into accessing it. The link to the website can be distributed using several methods, such as email, instant messaging programs, etc.



If you have a Windows Vista/2003/XP/2000 computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch. However, provided that this is a cumulative patch, make sure that you download the latest security patch available.






Nombre común: MS07-057
Nombre técnico: MS07-057
Peligrosidad: Media
Alias: Cumulative Security Update for Internet Explorer
Tipo: Vulnerabilidad
Efectos: It is a group of vulnerabilities in Internet Explorer versions 5.01 and 6 SP1 in Windows 2000, 6 on Windows 2003/XP computers and 7 in Windows Vista/2003/XP, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.

Plataformas que infecta: Otros

Fecha de detección: 10/10/2007
Detección actualizada: 10/10/2007
Estadísticas No
Brief Description

MS07-057 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in Internet Explorer on Windows Vista/2003/XP/2000 computers, which allows arbitrary code to be remotely executed in the vulnerable computer. Affected versions of Internet Explorer are 5.01, 6 SP1, 6, and 7.

If exploited successfully, MS07-057 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights , the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.

These vulnerabilities are usually exploited by creating a specially crafted web page and enticing users into accessing it. The link to the website can be distributed using several methods, such as email, instant messaging programs, etc.

If you have any of the vulnerable versions of Internet Explorer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch. However, provided that this is a cumulative patch, make sure that you download the latest security patch available.






Common name: MS07-045
Technical name: MS07-045
Threat level: Medium
Alias: Cumulative Security Update for Internet Explorer, Actualización de seguridad acumulativa para Internet Explorer
Type: Vulnerability
Effects:
It is a group of vulnerabilities in Internet Explorer versions 5.01 on Windows 2000, 6 on Windows 2003/XP computers and 7 on Windows Vista/2003/XP, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.

Affected platforms: Windows XP; Other

First detected on: Aug. 15, 2007
Detection updated on: Aug. 17, 2007
Statistics No
Brief Description
MS07-045 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in Internet Explorer on Windows Vista/2003/XP/2000 computers, which allows arbitrary code to be remotely executed in the vulnerable computer. Affected versions of Internet Explorer are 5.01, 6 and 7.

The addressed vulnerabilities are:

CSS Memory Corruption vulnerability.
ActiveX Object vulnerability.
ActiveX Object Memory Corruption vulnerability.
If exploited successfully, MS07-045 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights , the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.

These vulnerabilities are usually exploited by creating a specially crafted web page and enticing users into accessing it. The link to the website can be distributed using several methods, such as email, instant messaging programs, etc.

If you have a Windows Vista/2003/XP/2000 computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch. However, provided that this is a cumulative patch, make sure that you download the latest security patch available.


Last updated: 17/08/2007




Avira AntiVir Personal
Report file date: Wednesday, August 06, 2008 08:55

Scanning for 1536287 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: Dr. Corbin
Computer name: DRCORBIN-PC

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 7/11/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 17:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 22:54:15
ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 8/4/2008 14:43:57
ANTIVIR3.VDF : 7.0.5.216 75264 Bytes 8/5/2008 14:31:46
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 17:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 8/4/2008 14:49:15
AESCN.DLL : 8.1.0.23 119156 Bytes 8/4/2008 14:48:45
AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 17:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 8/4/2008 14:48:17
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 8/4/2008 14:47:28
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 8/4/2008 14:47:03
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 17:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 8/4/2008 14:44:38
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/4/2008 14:43:57
AECORE.DLL : 8.1.1.8 172406 Bytes 8/4/2008 14:43:57
AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 17:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 8/4/2008 14:43:57
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, August 06, 2008 08:55

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'COMPAQ~1.EXE' - '1' Module(s) have been scanned
Scan process 'SSDK04.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AppSvc32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '42' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!


End of the scan: Wednesday, August 06, 2008 09:30
Used time: 34:38 Minute(s)

The scan has been done completely.

13431 Scanning directories
278936 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
278934 Files not concerned
2287 Archives were scanned
2 Warnings
0 Notes

/28/2008 2:08:41 PM Allowed (based on user decision) value "WindowsWelcomeCenter" (new data: "") deleted in System Startup user entry!
4/28/2008 2:08:54 PM Denied (based on user decision) value "Launcher" (new data: "") deleted in System Startup global entry!
4/28/2008 2:09:10 PM Denied (based on user decision) value "WindowsWelcomeCenter" (new data: "rundll32.exe oobefldr.dll,ShowWelcomeCenter") added in System Startup user entry!
4/28/2008 2:11:48 PM Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!
7/9/2008 3:44:54 PM Allowed (based on user decision) value "RegisterHPDeviceDetectionDll" (new data: "regsvr32.exe /s "C:\Program Files\HP\Common\HPDeviceDetection.dll"") added in System Startup global entry!
7/9/2008 3:44:59 PM Allowed (based on user decision) value "{6B75345B-AA36-438A-BBE6-4078B4C6984D}" (new data: "") added in ActiveX Distribution Unit!
7/9/2008 4:24:28 PM Allowed (based on user decision) value "HPSoftwareUpdate" (new data: "C:\Program Files\HP\HP Software Update\HPWUCli.exe") added in System Startup user entry!
7/9/2008 4:34:04 PM Allowed (based on user decision) value "HPSoftwareUpdate" (new data: "") deleted in System Startup user entry!
7/10/2008 8:37:09 AM Allowed (based on user decision) value "RegisterHPDeviceDetectionDll" (new data: "") deleted in System Startup global entry!
77/11/2008 12:04:11 Allowed (based on user decision) value "NvSvc" (new data: "") deleted in System Startup global entry!
7/11/2008 12:04:18 Allowed (based on user decision) value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
7/11/2008 12:04:24 Allowed (based on user decision) value "NvMediaCenter" (new data: "") deleted in System Startup global entry!
7/11/2008 12:04:27 Allowed (based on user decision) value "HP Software Update" (new data: "") deleted in System Startup global entry!
7/11/2008 12:04:34 Allowed (based on user decision) value "HP Health Check Scheduler" (new data: "") deleted in System Startup global entry!
7/11/2008 12:04:39 Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
7/12/2008 12:54:18 Allowed (based on user decision) value "HostManager" (new data: "") deleted in System Startup global entry!
7/12/2008 12:54:29 Allowed (based on user decision) value "WMPNSCFG" (new data: "") deleted in System Startup user entry!
7/13/2008 22:10:33 Allowed (based on user decision) value "Launcher" (new data: "") deleted in System Startup global entry!
7/14/2008 07:17:47 Denied (based on user blacklist) value "AOL Fast Start" (new data: "") deleted in System Startup user entry!
7/14/2008 17:37:07 Denied (based on user blacklist) value "AOL Fast Start" (new data: "") deleted in System Startup user entry!
7/14/2008 17:37:56 Denied (based on user blacklist) value "AOL Fast Start" (new data: "") deleted in System Startup user entry!
7/14/2008 18:10:13 Allowed (based on user decision) value "Symantec PIF AlertEng" (new data: "") deleted in System Startup global entry!
7/15/2008 22:04:51 Allowed (based on user decision) value "ccApp" (new data: "") deleted in System Startup global entry!
7/15/2008 22:04:52 Denied (based on user blacklist) value "AOL Fast Start" (new data: "") deleted in System Startup user entry!
7/15/2008 22:05:39 Allowed (based on user decision) value "QlbCtrl" (new data: "") deleted in System Startup global entry!
7/15/2008 22:05:47 Allowed (based on user decision) value "WAWifiMessage" (new data: "") deleted in System Startup global entry!
7/15/2008 22:05:55 Allowed (based on user decision) value "hpWirelessAssistant" (new data: "") deleted in System Startup global entry!
77/17/2008 12:04:34 Allowed (based on user decision) value "osCheck" (new data: "") deleted in System Startup global entry!
7/17/2008 12:54:19 Denied (based on user blacklist) value "AOL Fast Start" (new data: "") deleted in System Startup user entry!
7/17/2008 17:20:05 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:15 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:22 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:25 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:27 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:32 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:34 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:39 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:42 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:44 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:46 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:48 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:51 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:55 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:57 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:20:59 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:43:58 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:44:04 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:44:06 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:44:09 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:45:10 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 17:45:13 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 18:56:57 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 18:56:58 Denied (based on user blacklist) value "AOL Fast Start" (new data: "") deleted in System Startup user entry!
7/17/2008 18:56:59 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 18:57:10 Denied (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
7/17/2008 18:57:14 Allowed (based on user decision) value "{44990301-3C9D-426D-81DF-AAB636FA4345}" (new data: "") added in ActiveX Distribution Unit!
!
7/24/2008 16:18:50 Allowed (based on user decision) value "MSConfig" (new data: ""C:\Windows\system32\msconfig.exe" /auto") added in System Startup global entry!
7/25/2008 07:52:47 Denied (based on user blacklist) value "AOL Fast Start" (new data: "") deleted in System Startup user entry!

Edited by srcvlk, 08 August 2008 - 12:55 AM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,853 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:08 PM

Posted 08 August 2008 - 04:58 PM

Hello srcvlk,

I merged your latest topic entitled Backdoor Trojan to your previously existing topic. Please keep all posts regarding this issue to this thread by using the Add Reply button at the bottom of the topic. Starting new topics confuses things and delays the assistance you receive.

Back to you RenatoMejias,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 10 August 2008 - 04:47 PM

Back to you RenatoMejias,


Thanks Orange Blossom :thumbsup:

------------------

srcvlk,

Your log looks good and the Kaspersky log just showed some file of the SmitFraudFix tool.

Your browser is still hijacked?
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users