Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Ie Malware Affecting My Whole System


  • This topic is locked This topic is locked
2 replies to this topic

#1 Robert F.

Robert F.

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 31 August 2008 - 08:02 PM

I am having a problem with my laptop computer that I started noticing last night (8.30.2008) somewhere around 6PM, it appears to be some sort of malware, because my Symantec Antivirus (Version 10.2.0.276, Scan Engine 81.2.0.25, all definitions updated) started alerting me to delete Trojans (called “Downloader”) from my system at around 6PM. There’s still something very wrong - right now my system is slow, not running well like before, there are suspicious locked files on my computer, and I would like to remove the problem without reformatting my laptop.
My system info is:
OS: Windows Vista Home Premium
Model: HP Pavilion dv6000
Processor: Intel Core 2 CPU T5300 @ 1.73 GHz
Memory (RAM): 2038MB
32 bit Operating System

Around 6PM on 8.30.2008 I noticed that my Internet Explorer would run very slowly for any Internet query, and would start making these random meta redirects to ad sites, somehow using all my system resources in the process. Noticeably, when I test out a Google Search on Internet Explorer (IE7), there are an excessive number of “sponsored links” in unusually large yellow boxes inappropriately located directly below any search query – when I try Google on my installed Mozilla FireFox (2.0) I see no such thing.
I did a System Restore last night at around 10 PM – it was restored successfully to August 29, 2008, the only restore point I had on my computer and the last time my computer was working properly. After that I noticed that my Internet Explorer was NOT in the Add/Remove Programs list. Moreover, looking closer I find out that files in my “C:\Program Files\Internet Explorer” are always LOCKED by my system, whether I use it or not, even in Safe Mode. I am unable to delete the “Internet Explorer” files, which appear to be infection because they are not in the Programs or Process lists, yet are locked. Renaming these locked files is also impossible, even within safe mode. I tried DOS prompt with Admin privilege to rename or delete the files, but get “Access Denied”, even in safe mode. – I did try renaming the folder ”Internet Explorer” too, but the files remained locked as if the system doesn’t even care what directory the files are in, they are still considered locked.

Here’s a list of these “Internet Explorer” files:
C:\Program Files\Internet Explorer\
-en-us (Folder)
hmmapi.dll.mui 12KB
iedw.exe.mui 5KB
ieinstal.exe.mui 3KB
ieuser.exe.mui 16KB
iexplore.exe.mui 16KB
hmmapi.dll 68KB
iedw.exe 69KB
ieinstal.exe 257KB
iessetup.ceb 5KB
iessetup.dll 16KB
ieuser.exe 295KB
iexplorer.exe 611KB
sqmapi.dll 131KB

I tried full scans with Symantec Antivirus (Version 10.2.0.276, Scan Engine 81.2.0.25, all definitions updated), Ad Aware, Spybot Search&Destroy, and McAfee Stinger, Mcafee Rootkitdetector, and Rootkitrevealer as well. Spybot found two registry keys part of a Trojan, which it deleted. McAfee RootkitRevealer said that “svchost.exe” is a hidden process in my system, but I’m not sure what I should do with it. Also, SpyBot’s System Report (I ran this in Spybot’s Advanced Mode separately, after scanning and removing the two registry keys) showed a lot of instances of svchost.exe running, is this normal? I posted these logs below:
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-08-31 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi
2008-08-26 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-08-05 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-08-19 Includes\Hijackers.sbi
2008-08-26 Includes\HijackersC.sbi
2008-08-05 Includes\Keyloggers.sbi
2008-08-26 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-08-27 Includes\Malware.sbi
2008-08-26 Includes\MalwareC.sbi
2008-08-05 Includes\PUPS.sbi
2008-08-26 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-08-26 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-08-11 Includes\Spyware.sbi
2008-08-26 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-08-05 Includes\Trojans.sbi
2008-08-27 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows Vista (Build: 6000) (6.0.6000)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 166424
MD5: 5F529FBB095CBC9F14BB1E97A7A6B547

Located: HK_LM:Run, HP Health Check Scheduler
command: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
file: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
size: 66816
MD5: E6E9E046E65BD94F4B60AD9B3128E1B6

Located: HK_LM:Run, hpWirelessAssistant
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472776
MD5: AF849798ECA383184C88ED436CF3EFB2

Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 141848
MD5: 7F7B42B1BA42242116F5B277A063FE2E

Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 133656
MD5: D8A33AF26E4143F7A892009890BB6F64

Located: HK_LM:Run, QlbCtrl
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 159744
MD5: A04BE1DBBA0E554B2F33555CCBA5F969

Located: HK_LM:Run, QPService
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 176128
MD5: F1544FC4D25FD26B0CF805BD913D4ECA

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 6DF76965A0FB8237E9C3B3CAB9815EC2

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1045800
MD5: 62B3C9786081ECAAB272A118408D2817

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F

Located: HK_LM:Run, UVS11 Preload
command: C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
file: C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
size: 341488
MD5: E6E4A1D21DD1632F5C6FF15E05570A5A

Located: HK_LM:Run, WAWifiMessage
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317128
MD5: F533507FE318B46629E84DF630A316F8

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 959976
MD5: E8B180646BAE9E688D2E6D7EA8DED794

Located: HK_LM:RunOnce, Launcher
command: %WINDIR%\SMINST\launcher.exe
file: C:\Windows\SMINST\launcher.exe
size: 44128
MD5: 50ECAA360582260ACC5E1495CC34A22E

Located: HK_CU:Run, Aim6
where: S-1-5-21-1989441587-535805306-1713899595-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ProxyWay
where: S-1-5-21-1989441587-535805306-1713899595-1000...
command: C:\Program Files\ProxyWay\proxyway.exe
file: C:\Program Files\ProxyWay\proxyway.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1989441587-535805306-1713899595-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2156368
MD5: 08FC1FAD357F053043016597B6559BDC

Located: HK_CU:Run, swg
where: S-1-5-21-1989441587-535805306-1713899595-1000...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

Located: HK_CU:Run, Vidalia
where: S-1-5-21-1989441587-535805306-1713899595-1000...
command: "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
file: C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
size: 12889088
MD5: 6263F41C8E469AD62530105D72C5E22C

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-1989441587-535805306-1713899595-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B

Located: Startup (common), Device Detector 3.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
file: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
size: 118784
MD5: 0A69272204F37AC304B80FE5BDFB223D

Located: Startup (common), Privoxy.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
file: C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
size: 250368
MD5: DF5CF18A5D452A1634CED071C82834DE

Located: Startup (user), MagicDisc.lnk
where: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\MagicDisc\MagicDisc.exe
file: C:\Program Files\MagicDisc\MagicDisc.exe
size: 547840
MD5: 2552299DABCDCC14ECF04245EAB90D1E

Located: Startup (disabled), VPN Client (DISABLED)
command: C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico -user_logon
file: C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico -user_logon
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name:
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 8/21/2008 1:32:20 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 12/26/2007 6:24:52 PM
Date (last access): 12/26/2007 6:24:52 PM
Date (last write): 12/26/2007 6:24:52 PM
Filesize: 370296
Attributes: archive
MD5: 4D630E9EF94CF8814DFD0E5938230822
CRC32: 02C3DBBF
Version: 1.0.0.522

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 8/31/2008 3:28:02 PM
Date (last access): 8/31/2008 3:28:02 PM
Date (last write): 7/7/2008 9:41:58 AM
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 8/24/2007 8:01:22 AM
Date (last access): 12/29/2007 8:57:48 PM
Date (last write): 8/24/2007 8:01:22 AM
Filesize: 2212224
Attributes: archive
MD5: 32C4927E013C018A13D8DFBDA4148812
CRC32: 9A9F3D8B
Version: 12.0.6211.1000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: ssv.dll
Short name:
Date (created): 5/4/2008 12:19:04 PM
Date (last access): 2/22/2008 2:33:32 AM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 509328
Attributes: archive
MD5: 5B42CB6A121256465B251840FDB1B2FE
CRC32: 6EF0BCE9
Version: 6.0.50.13

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/20/2007 10:30:18 AM
Date (last access): 4/20/2008 7:05:08 PM
Date (last write): 9/20/2007 10:30:18 AM
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name:
Date (created): 8/17/2008 7:21:04 AM
Date (last access): 8/17/2008 7:21:04 AM
Date (last write): 8/17/2008 7:21:04 AM
Filesize: 2549368
Attributes: readonly archive
MD5: CC489913075050292FCF09A02A449522
CRC32: FAE9D654
Version: 4.0.1602.35650

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\
Long name: swg.dll
Short name:
Date (created): 8/17/2008 7:17:48 AM
Date (last access): 8/17/2008 7:17:48 AM
Date (last write): 8/17/2008 7:17:48 AM
Filesize: 651760
Attributes: archive
MD5: 3465B1814766893E5D47752C73D2E998
CRC32: 26BBDC6A
Version: 4.1.509.6972



--- ActiveX list ---
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control)
DPF name:
CLSID name: DLM Control
Installer: C:\Windows\Downloaded Program Files\DownloadManagerV2.inf
Codebase: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
Path: C:\Windows\DOWNLO~1\
Long name: DownloadManagerV2.ocx
Short name: DOWNLO~1.OCX
Date (created): 6/5/2008 6:27:20 PM
Date (last access): 6/5/2008 6:27:20 PM
Date (last write): 6/5/2008 6:27:20 PM
Filesize: 45056
Attributes: archive
MD5: 8FDC3E87529429BB5FBC60CFC46E4E4A
CRC32: B87AFE19
Version: 2.2.4.1

{6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class)
DPF name:
CLSID name: ContactExtractor Class
Installer:
Codebase: http://www.facebook.com/controls/contactx.dll
Path: C:\Windows\Downloaded Program Files\
Long name: contactx.dll
Short name:
Date (created): 6/10/2008 2:25:56 PM
Date (last access): 6/10/2008 2:25:56 PM
Date (last write): 6/10/2008 2:25:50 PM
Filesize: 172784
Attributes: archive
MD5: E2B86D3C9CC30AD75C3826B352B5CE2E
CRC32: F95B83E1
Version: 1.0.0.1

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

{A8F2B9BD-A6A0-486A-9744-18920D898429} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\SETUP.INF
Codebase: http://www.sibelius.com/download/software/...tiveXPlugin.cab

{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\GameTapWebUpdater.inf
Codebase: http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\CONFLICT.1\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/24/2008 8:32:42 PM
Date (last access): 7/23/2008 8:32:54 PM
Date (last write): 3/24/2008 8:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0



--- Process list ---
PID: 460 (1172) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 428 (1116) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 1400 ( 564) C:\Windows\Explorer.EXE
size: 2923520
MD5: 6D06CD98D954FE87FB2DB8108793B399
PID: 3136 (1400) C:\Program Files\Windows Defender\MSASCui.exe
size: 1006264
MD5: 9AD9E2FB2811123DA13DE84CC154AB77
PID: 1328 (1400) C:\Program Files\Hp\QuickPlay\QPService.exe
size: 176128
MD5: F1544FC4D25FD26B0CF805BD913D4ECA
PID: 2396 (1400) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
size: 159744
MD5: A04BE1DBBA0E554B2F33555CCBA5F969
PID: 2856 (1400) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472776
MD5: AF849798ECA383184C88ED436CF3EFB2
PID: 1280 (1400) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317128
MD5: F533507FE318B46629E84DF630A316F8
PID: 3316 (1400) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
PID: 3432 (1400) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1045800
MD5: 62B3C9786081ECAAB272A118408D2817
PID: 2484 (1400) C:\Windows\System32\hkcmd.exe
size: 166424
MD5: 5F529FBB095CBC9F14BB1E97A7A6B547
PID: 3288 (1400) C:\Windows\System32\igfxpers.exe
size: 133656
MD5: D8A33AF26E4143F7A892009890BB6F64
PID: 3504 (1400) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 74BC945EB2584E90619A56EF5028AB0F
PID: 2608 (1400) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
PID: 3564 (1400) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B
PID: 3196 (1400) C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
size: 118784
MD5: 0A69272204F37AC304B80FE5BDFB223D
PID: 3684 ( 876) C:\Windows\system32\igfxsrvc.exe
size: 256536
MD5: 734006A2DB2404138F2C1A2CB86D32EF
PID: 3608 ( 876) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
size: 677576
MD5: 241B74792CC295DFDCB7940BBF52B226
PID: 6056 (1400) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7667312
MD5: 8FD9724777C5DA9665ADB7B554F746BC
PID: 5236 (6056) C:\Windows\explorer.exe
size: 2923520
MD5: 6D06CD98D954FE87FB2DB8108793B399
PID: 3660 (1172) C:\Windows\system32\wuauclt.exe
size: 53080
MD5: F3E9065EB617A7E3A832A7976BFA021B
PID: 1644 (1400) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 959976
MD5: E8B180646BAE9E688D2E6D7EA8DED794
PID: 1348 (1400) C:\Users\Robert\Desktop\stinger.exe
PID: 1244 ( 564) C:\Windows\system32\SearchProtocolHost.exe
size: 204288
MD5: 2A0B63014AD1ED027D47A58C89F4A1AA
PID: 3576 (4728) C:\Windows\hh.exe
size: 14848
MD5: 7C06CED2F7B9272A126D53A2A9F52AC0
PID: 4540 (1400) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 436 ( 4) smss.exe
size: 62976
PID: 560 ( 548) csrss.exe
size: 7680
PID: 600 ( 592) csrss.exe
size: 7680
PID: 608 ( 548) wininit.exe
size: 95744
PID: 644 ( 608) services.exe
size: 279552
PID: 664 ( 608) lsass.exe
size: 7680
PID: 672 ( 608) lsm.exe
size: 210944
PID: 708 ( 592) winlogon.exe
size: 308224
PID: 876 ( 644) svchost.exe
size: 22016
PID: 932 ( 644) svchost.exe
size: 22016
PID: 964 ( 644) svchost.exe
size: 22016
PID: 1056 ( 644) svchost.exe
size: 22016
PID: 1116 ( 644) svchost.exe
size: 22016
PID: 1172 ( 644) svchost.exe
size: 22016
PID: 1224 (1056) audiodg.exe
size: 88064
PID: 1264 ( 644) SLsvc.exe
size: 2605568
PID: 1340 ( 644) svchost.exe
size: 22016
PID: 1520 ( 644) svchost.exe
size: 22016
PID: 1664 ( 644) ccSvcHst.exe
PID: 1924 ( 644) spoolsv.exe
size: 124928
PID: 1960 ( 644) svchost.exe
size: 22016
PID: 452 ( 644) AluSchedulerSvc.exe
PID: 1692 ( 644) mDNSResponder.exe
PID: 1584 ( 644) DevSvc.exe
PID: 2052 ( 644) CLCapSvc.exe
PID: 2196 ( 644) DefWatch.exe
PID: 2224 ( 644) GoogleUpdaterService.exe
PID: 2244 ( 644) LSSrvc.exe
PID: 2388 ( 644) CTskMstr.exe
PID: 2420 ( 644) svchost.exe
size: 22016
PID: 2444 ( 644) RichVideo.exe
PID: 2476 ( 644) svchost.exe
size: 22016
PID: 2500 ( 644) Rtvscan.exe
PID: 2572 ( 644) ViewpointService.exe
PID: 2612 ( 644) svchost.exe
size: 22016
PID: 2740 ( 644) XAudio.exe
PID: 2780 ( 644) hpqwmiex.exe
PID: 3820 (1172) taskeng.exe
size: 166400
PID: 1844 ( 876) WmiPrvSE.exe
PID: 1696 ( 644) wmpnetwk.exe
PID: 2956 (3432) SynTPHelper.exe
PID: 3388 ( 644) HPHC_Service.exe
PID: 4348 ( 644) UI0Detect.exe
size: 35840
PID: 564 ( 644) SearchIndexer.exe
size: 287744
PID: 6108 ( 644) aawservice.exe
PID: 5756 (1172) taskeng.exe
size: 166400
PID: 4876 ( 644) TrustedInstaller.exe
PID: 5376 (5952) vsmon.exe
PID: 4396 ( 564) SearchProtocolHost.exe
size: 204288
PID: 4440 ( 564) SearchFilterHost.exe
size: 76288


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/31/2008 4:31:32 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DBDB4A7-9660-4945-AB42-703ECF573027}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DBDB4A7-9660-4945-AB42-703ECF573027}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5D397078-D39D-4699-93C7-15D8C45D702E}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5D397078-D39D-4699-93C7-15D8C45D702E}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F65C9C6-74BA-41CE-927B-79616BFA11A0}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F65C9C6-74BA-41CE-927B-79616BFA11A0}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6DBDB4A7-9660-4945-AB42-703ECF573027}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6DBDB4A7-9660-4945-AB42-703ECF573027}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5D397078-D39D-4699-93C7-15D8C45D702E}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5D397078-D39D-4699-93C7-15D8C45D702E}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5F65C9C6-74BA-41CE-927B-79616BFA11A0}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5F65C9C6-74BA-41CE-927B-79616BFA11A0}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 6: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

*END SPYBOT PROCESS REPORT*
BEGIN MCAFEE ROOTKITDETECTIVE LOGFILE:


Object-Type: Process
Object-Name: ViewpointService.exe
Pid: 2572
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: jusched.exe
Pid: 3316
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: wmpnscfg.exe
Pid: 3564
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1116
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: GLB41C9.tmp
Pid: 5952
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: wusa.exe
Pid: 5456
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1520
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: CTskMstr.exe
Pid: 2388
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: realsched.exe
Pid: 3504
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: aawservice.exe
Pid: 6108
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 436
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 560
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 932
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1056
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1924
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 2420
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: igfxpers.exe
Pid: 3288
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: wuauclt.exe
Pid: 3660
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 964
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: DevSvc.exe
Pid: 1584
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: DevDtct2.exe
Pid: 3196
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: taskmgr.exe
Pid: 2824
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 3072
Object-Path:
Status: Hidden

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: HPWAMain.exe
Pid: 2856
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: hkcmd.exe
Pid: 2484
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: GoogleToolbarNotifier.exe
Pid: 2608
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detective.exe
Pid: 5708
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1400
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: MSASCui.exe
Pid: 3136
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: SearchProtocolHost.exe
Pid: 5368
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: CLCapSvc.exe
Pid: 2052
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: SearchIndexer.exe
Pid: 564
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1340
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1960
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: taskeng.exe
Pid: 3820
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 876
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 2612
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: UI0Detect.exe
Pid: 4348
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: drvinst.exe
Pid: 4596
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: QLBCTRL.exe
Pid: 2396
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: WiFiMsg.exe
Pid: 1280
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: HPHC_Service.exe
Pid: 3388
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: WmiPrvSE.exe
Pid: 5372
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: TrustedInstaller.exe
Pid: 4876
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 600
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: SynTPHelper.exe
Pid: 2956
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: firefox.exe
Pid: 6056
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: Ad-Aware.exe
Pid: 2584
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: LSSrvc.exe
Pid: 2244
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: XAudio.exe
Pid: 2740
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: HpqToaster.exe
Pid: 3608
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 664
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: zaZA_Setup_en.exe
Pid: 2896
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: audiodg.exe
Pid: 1224
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: WmiPrvSE.exe
Pid: 1844
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: VSSVC.exe
Pid: 4324
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: AluSchedulerSvc.exe
Pid: 452
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: mDNSResponder.exe
Pid: 1692
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: wininit.exe
Pid: 608
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: Rtvscan.exe
Pid: 2500
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: lsm.exe
Pid: 672
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: ccSvcHst.exe
Pid: 1664
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: hpqwmiex.exe
Pid: 2780
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: taskeng.exe
Pid: 5756
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: SynTPEnh.exe
Pid: 3432
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: wmpnetwk.exe
Pid: 1696
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: GoogleUpdaterService.exe
Pid: 2224
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 644
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: SLsvc.exe
Pid: 1264
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1172
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: dwm.exe
Pid: 428
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 708
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: taskeng.exe
Pid: 460
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: DefWatch.exe
Pid: 2196
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: RichVideo.exe
Pid: 2444
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: QPService.exe
Pid: 1328
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: igfxsrvc.exe
Pid: 3684
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 2476
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 5236
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: vsdrinst.exe
Pid: 5112
Object-Path:
Status: Visible

Scan complete. Found hidden Processes and Files: 1 .

END ROOTKITDETECTIVE LOG


My computer was really unstable just now running over 15 instances of “svchost” while I wrote this, and when I rebooted, Spybot launched said something was trying to add a new registry entry BootExecute, it is continually attempting to add this registry entry:

8/31/2008 6:35:30 PM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete


Strangely, now that it is continually denying the process, I can use my computer *almost* like normal. I see no svchost processes running on my list, but I think the infection is still there.
Please tell me how to remove the problem, I believe there are some sort of rogue processes hiding in my computer. I have successfully removed malware on my computer before that failed to be detected by Antiviruses, but this one really puzzles me. I think this specific malware also caused my other computer to completely crash, I have no clue what’s going on here so please respond as soon as possible. I hope I have given enough logs and clues.
Below is a very recent HijackThis Log, this is after I rebooted my computer just now while Spybot is refusing this weird registry entry from being written. I’m not going to even think about trying to get the viruses to run again just to show up on HijackThis, hopefully someone can help me out ASAP:

Many Thanks,
Robert

------HIJACKTHISLOG------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:21 PM, on 8/31/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12508 bytes

BC AdBot (Login to Remove)

 


m

#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:16 AM

Posted 18 September 2008 - 09:39 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:16 AM

Posted 23 September 2008 - 12:26 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users