Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg Shows Trojan Horse Lop.aq - Keeps Returning


  • Please log in to reply
21 replies to this topic

#1 Jonith

Jonith

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 13 November 2006 - 01:32 AM

Hello.

New to help forums. Please help...

Here's my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:10:03 AM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\nvraidservice.exe
J:\Program Files\Ideazon\ZEngine\Zboard.exe
J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
J:\WINDOWS\CTHELPER.EXE
J:\WINDOWS\system32\CTXFIHLP.EXE
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\WINDOWS\SYSTEM32\CTXFISPI.EXE
J:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
J:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
J:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
J:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
J:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Logitech\SetPoint\SetPoint.exe
J:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
J:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
J:\WINDOWS\system32\CTsvcCDA.EXE
J:\Program Files\ewido anti-spyware 4.0\guard.exe
J:\Program Files\Norton AntiVirus\navapsvc.exe
J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
J:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\Program Files\CyberLink\Shared files\RichVideo.exe
J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
J:\WINDOWS\system32\wbem\unsecapp.exe
J:\Program Files\Grisoft\AVG Free\avgcc.exe
J:\Program Files\Messenger\msmsgs.exe
J:\Documents and Settings\John Smith\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - {42E45D37-98FC-942E-8AF2-C2693EDE8AC7} - J:\WINDOWS\system32\ohu.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - J:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B862F14-BCD6-EB08-A148-E92B5BB9D19F} - J:\WINDOWS\system32\ofdcxoi.dll (file missing)
O2 - BHO: (no name) - {293AEEA7-233F-7AE3-4D1E-2CC7E505B3C2} - J:\WINDOWS\system32\crnbsv.dll (file missing)
O2 - BHO: (no name) - {42E45D37-98FC-942E-8AF2-C2693EDE8AC7} - J:\WINDOWS\system32\ohu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67B532E5-FA2F-F8A0-089A-F44A3DF7A199} - J:\WINDOWS\system32\zaw.dll (file missing)
O2 - BHO: (no name) - {72BA7299-EA0B-BED9-7958-B8CE659DB7C5} - J:\WINDOWS\system32\plrci.dll (file missing)
O2 - BHO: (no name) - {9114B66F-7DF6-2428-D7F6-2717C8F35C93} - J:\WINDOWS\system32\qxwitp.dll (file missing)
O2 - BHO: (no name) - {98DA978B-5017-0DC2-39E4-5380014E5292} - J:\WINDOWS\system32\xatbzdy.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C1F80000-3D4E-4666-B7A1-30E14489B0D8} - J:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - J:\WINDOWS\system32\qomklki.dll
O2 - BHO: (no name) - {D11622E3-5EBA-4BBC-9B38-B0F66224D987} - J:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {EA6799F6-543B-0FE4-4A2E-5A10E85172C6} - J:\WINDOWS\system32\vddduen.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - J:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NVRaidService] J:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zboard] J:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [RCSystem] "J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "J:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ccApp] "J:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] J:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTDVDDET] "J:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "J:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "J:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OpwareSE2] "J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "J:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "J:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe J:\WINDOWS\system32\drvxoj.dll,startup
O4 - HKLM\..\Run: [AVG7_CC] J:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Creative Detector] "J:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "J:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [Rnxfuiz] J:\WINDOWS\system32\??sembly\w?wexec.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = J:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SnagIt 8.lnk = J:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: J:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: jkhfd - J:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: qomklki - J:\WINDOWS\SYSTEM32\qomklki.dll
O20 - Winlogon Notify: WgaLogon - J:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - J:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - J:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - J:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - J:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - J:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - J:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - J:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - J:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 November 2006 - 05:21 PM

Hi Jonith and Welcome to the Bleeping Computer!

Can you get the exact file AVG is flagging as Lop.aq?


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

#3 Jonith

Jonith
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 13 November 2006 - 11:35 PM

Thanks so much for your help.

The file quarantined by AVG is J:\Documents and Settings\John Smith\Local Settings\Temporary Internet Files\Content.IE5\MV1FFE9D\ff3[1]

(J: is my main drive)


VundoFix V4.2.84

Checking Java version...

Sun Java not detected
Scan started at 2:10:53 PM 7/2/2006

Listing files found while scanning....


J:\WINDOWS\system32\hjkmp.bak1
J:\WINDOWS\system32\hjkmp.bak2
J:\WINDOWS\system32\hjkmp.ini
J:\WINDOWS\system32\pmkjh.dll
Attempting to delete J:\WINDOWS\system32\hjkmp.bak1
J:\WINDOWS\system32\hjkmp.bak1 Has been deleted!

Attempting to delete J:\WINDOWS\system32\hjkmp.bak2
J:\WINDOWS\system32\hjkmp.bak2 Has been deleted!

Attempting to delete J:\WINDOWS\system32\hjkmp.ini
J:\WINDOWS\system32\hjkmp.ini Has been deleted!

Attempting to delete J:\WINDOWS\system32\pmkjh.dll
J:\WINDOWS\system32\pmkjh.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Scan started at 2:14:47 AM 11/11/2006

Listing files found while scanning....

J:\WINDOWS\system32\jkhfd.dll
J:\WINDOWS\system32\dfhkj.ini
J:\WINDOWS\system32\dfhkj.bak1

Beginning removal...

Attempting to delete J:\WINDOWS\system32\dfhkj.ini
J:\WINDOWS\system32\dfhkj.ini Has been deleted!

Attempting to delete J:\WINDOWS\system32\dfhkj.bak1
J:\WINDOWS\system32\dfhkj.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Scan started at 2:38:45 PM 11/12/2006

Listing files found while scanning....

J:\WINDOWS\system32\jkhfd.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.3

Scan started at 9:54:51 PM 11/13/2006

Listing files found while scanning....

J:\WINDOWS\system32\jkhfd.dll

Beginning removal...

Performing Repairs to the registry.
Done!



Logfile of HijackThis v1.99.1
Scan saved at 10:06:10 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\nvraidservice.exe
J:\Program Files\Ideazon\ZEngine\Zboard.exe
J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
J:\WINDOWS\CTHELPER.EXE
J:\WINDOWS\system32\CTXFIHLP.EXE
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
J:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\WINDOWS\SYSTEM32\CTXFISPI.EXE
J:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
J:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
J:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
J:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Logitech\SetPoint\SetPoint.exe
J:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
J:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
J:\WINDOWS\system32\CTsvcCDA.EXE
J:\Program Files\ewido anti-spyware 4.0\guard.exe
J:\Program Files\Norton AntiVirus\navapsvc.exe
J:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\Program Files\CyberLink\Shared files\RichVideo.exe
J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\system32\wbem\unsecapp.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Documents and Settings\John Smith\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - {42E45D37-98FC-942E-8AF2-C2693EDE8AC7} - J:\WINDOWS\system32\ohu.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - J:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B862F14-BCD6-EB08-A148-E92B5BB9D19F} - J:\WINDOWS\system32\ofdcxoi.dll (file missing)
O2 - BHO: (no name) - {293AEEA7-233F-7AE3-4D1E-2CC7E505B3C2} - J:\WINDOWS\system32\crnbsv.dll (file missing)
O2 - BHO: (no name) - {42E45D37-98FC-942E-8AF2-C2693EDE8AC7} - J:\WINDOWS\system32\ohu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67B532E5-FA2F-F8A0-089A-F44A3DF7A199} - J:\WINDOWS\system32\zaw.dll (file missing)
O2 - BHO: (no name) - {72BA7299-EA0B-BED9-7958-B8CE659DB7C5} - J:\WINDOWS\system32\plrci.dll (file missing)
O2 - BHO: (no name) - {9114B66F-7DF6-2428-D7F6-2717C8F35C93} - J:\WINDOWS\system32\qxwitp.dll (file missing)
O2 - BHO: (no name) - {98DA978B-5017-0DC2-39E4-5380014E5292} - J:\WINDOWS\system32\xatbzdy.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C1F80000-3D4E-4666-B7A1-30E14489B0D8} - J:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - J:\WINDOWS\system32\qomklki.dll
O2 - BHO: (no name) - {D11622E3-5EBA-4BBC-9B38-B0F66224D987} - J:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {EA6799F6-543B-0FE4-4A2E-5A10E85172C6} - J:\WINDOWS\system32\vddduen.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - J:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NVRaidService] J:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zboard] J:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [RCSystem] "J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "J:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ccApp] "J:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] J:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTDVDDET] "J:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "J:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "J:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OpwareSE2] "J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "J:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "J:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe J:\WINDOWS\system32\drvxoj.dll,startup
O4 - HKLM\..\Run: [AVG7_CC] J:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Creative Detector] "J:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "J:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [Rnxfuiz] J:\WINDOWS\system32\??sembly\w?wexec.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = J:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SnagIt 8.lnk = J:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: J:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: jkhfd - J:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: qomklki - J:\WINDOWS\SYSTEM32\qomklki.dll
O20 - Winlogon Notify: WgaLogon - J:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - J:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - J:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - J:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - J:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - J:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - J:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - J:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - J:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 14 November 2006 - 05:26 AM

I would like to see all the folder inside--> J:\Documents and Settings\John Smith\Local Settings\Temporary Internet Files\Content.IE5

Go to that folder and inside should be 4 more folders,all randomly named like the one you showed--> MV1FFE9D

Right Click on each and Select Send To--> Select Compressed(zipped) Folder

Upload each of the Zipped folders Here

If all 4 dont upload at once-->You may have to upload them one at a time or in pairs,there is a size limit.

If the upload is successful,the site will display a message saying so.

Once all 4 zipped folders are upload,delete each of them so they arent just laying around.


Next,I need you to scan a file Here

Scan this file please--> J:\WINDOWS\system32\ohu.dll

Save any results to Notepad and post them back here.


Lastly,Please download Combofix to your Root Drive J:
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

#5 Jonith

Jonith
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 14 November 2006 - 11:14 PM

Well, there are no folders under J:\Documents and Settings\John Smith\Local Settings\Temporary Internet Files. I may have deleted them a few days ago in an effort to remove the trojan/virus. However, I did upload the zipped contents of the Temporary Internet Files folder, which contains a file called ff3.dll.

The results of the VirusTotal scan is here:

Complete scanning result of "ohu.dll", received in VirusTotal at 11.15.2006, 04:41:02 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.39 11.15.2006 ADSPY/PurityScan.AK.127
Authentium 4.93.8 11.14.2006 no virus found
Avast 4.7.892.0 11.14.2006 Win32:Agent-RY
AVG 386 11.14.2006 Adware Generic.RTO
BitDefender 7.2 11.15.2006 no virus found
CAT-QuickHeal 8.00 11.14.2006 no virus found
ClamAV devel-20060426 11.14.2006 Trojan.PurityScan.AK
DrWeb 4.33 11.15.2006 no virus found
eTrust-InoculateIT 23.73.56 11.15.2006 Win32/Clspring.6xh!DLL!Trojan
eTrust-Vet 30.3.3192 11.14.2006 Win32/Clspring.FX
Ewido 4.0 11.14.2006 Adware.PurityScan
Fortinet 2.82.0.0 11.14.2006 Adware/ClickSpring
F-Prot 3.16f 11.14.2006 no virus found
F-Prot4 4.2.1.29 11.14.2006 no virus found
Ikarus 0.2.65.0 11.14.2006 no virus found
Kaspersky 4.0.2.24 11.15.2006 not-a-virus:AdWare.Win32.PurityScan.ak
McAfee 4895 11.14.2006 potentially unwanted program Adware-ClickSpring
Microsoft 1.1609 11.15.2006 no virus found
NOD32v2 1866 11.14.2006 a variant of Win32/Adware.PurityScan
Norman 5.80.02 11.14.2006 no virus found
Panda 9.0.0.4 11.14.2006 Suspicious file
Sophos 4.11.0 11.13.2006 ClickSpring
TheHacker 6.0.1.118 11.14.2006 Adware/PurityScan.ak
UNA 1.83 11.14.2006 Adware.PurityScan.8B9B
VBA32 3.11.1 11.14.2006 AdWare.Win32.PurityScan.ak
VirusBuster 4.3.15:9 11.14.2006 Adware.ClickSpring.Gen

Aditional Information
File size: 131072 bytes
MD5: 9e2c741259265e9d4f08f0b8bd7f753c
SHA1: 60eb100cb60826bc0be3f189b88a8e3d2a499f87


The Combofix.txt file is here:

John Smith - 06-11-14 22:00:28.29 Service Pack 2
ComboFix 06.11.9 - Running from: "J:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

J:\QooBox\Purity\Documents and Settings\John Smith\Application Data\ASKS~1
J:\QooBox\Purity\Documents and Settings\John Smith\Application Data\PPATCH~1
J:\QooBox\Purity\Documents and Settings\John Smith\Application Data\SEMBLY~1
J:\QooBox\Purity\Documents and Settings\John Smith\My Documents\ECURIT~1
J:\QooBox\Purity\Documents and Settings\John Smith\My Documents\YMANTE~1
J:\QooBox\Purity\Program Files\CURITY~1
J:\QooBox\Purity\Program Files\ICROSO~1
J:\QooBox\Purity\Program Files\RACLE~1
J:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
J:\QooBox\Purity\Program Files\Common Files\CURITY~1
J:\QooBox\Purity\Program Files\Common Files\MCROSO~1
J:\QooBox\Purity\Program Files\Common Files\SSTEM3~1
J:\QooBox\Purity\Program Files\Common Files\YSTEM3~1
J:\QooBox\Purity\Program Files\Common Files\YSTEM3~1\?ystem32
J:\QooBox\Purity\WINDOWS\CURITY~1
J:\QooBox\Purity\WINDOWS\MCROSO~1
J:\QooBox\Purity\WINDOWS\system32\ECURIT~1
J:\QooBox\Purity\WINDOWS\system32\RACLE~1
J:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
J:\QooBox\Purity\WINDOWS\system32\STEM32~1
J:\QooBox\Purity\WINDOWS\system32\SEMBLY~1\w?wexec.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-14 to 2006-11-14 ))))))))))))))))))))))))))))))))))


2006-11-14 21:53 277,182 --a------ J:\combofix.exe
2006-11-10 23:30 816,672 --a------ J:\WINDOWS\system32\drivers\avg7core.sys
2006-11-10 23:30 4,224 --a------ J:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-10 23:30 3,968 --a------ J:\WINDOWS\system32\drivers\avgclean.sys
2006-11-10 23:30 28,416 --a------ J:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-10 23:30 18,240 --a------ J:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-10 22:50 2 --a------ J:\WINDOWS\system32\wapisvit.exe
2006-11-10 22:50 131,072 --a------ J:\WINDOWS\system32\ohu.dll
2006-11-10 22:50 101,888 --a------ J:\WINDOWS\system32\drvxoj.dll
2006-11-10 22:48 40,973 --ahs---- J:\WINDOWS\system32\qomklki.dll
2006-11-10 13:20 40,973 --ahs---- J:\WINDOWS\system32\xxywtuv.dll
2006-11-02 18:08 20,576 --a------ J:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-02 18:08 109,568 --a------ J:\WINDOWS\system32\pxinsi64.exe
2006-11-02 18:08 108,544 --a------ J:\WINDOWS\system32\pxcpyi64.exe
2006-11-02 00:27 16,384 --a------ J:\WINDOWS\system32\FileOps.exe
2006-10-20 11:42 20,096 --a------ J:\WINDOWS\system32\drivers\AnyDVD.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-14 21:11 -------- d-------- J:\Program Files\Mozilla Firefox
2006-11-14 21:07 -------- d-------- J:\Documents and Settings\John Smith\Application Data\AVG7
2006-11-14 21:06 -------- d-------- J:\Program Files\Common Files
2006-11-13 00:43 83 ---hs---- J:\Documents and Settings\John Smith\Application Data\.zreglib
2006-11-12 20:34 -------- d-------- J:\Program Files\Lavasoft
2006-11-12 20:34 -------- d-------- J:\Documents and Settings\John Smith\Application Data\Lavasoft
2006-11-11 01:18 -------- d-------- J:\Documents and Settings\John Smith\Application Data\Help
2006-11-10 23:30 -------- d-------- J:\Program Files\Grisoft
2006-11-10 22:46 -------- d-------- J:\Program Files\SpeedFan
2006-11-08 23:26 -------- d-------- J:\Documents and Settings\John Smith\Application Data\Sun
2006-11-08 20:38 -------- d-------- J:\Program Files\GameSpy Arcade
2006-11-08 20:14 -------- d--h----- J:\Program Files\InstallShield Installation Information
2006-11-08 20:14 -------- d-------- J:\Program Files\EA GAMES
2006-11-07 00:30 -------- d-------- J:\Program Files\TechSmith
2006-11-04 16:51 -------- d-------- J:\Documents and Settings\John Smith\Application Data\AdobeUM
2006-11-03 22:40 -------- d-------- J:\Program Files\Morpheus Ultra
2006-11-02 23:22 -------- d-------- J:\Program Files\Ubisoft
2006-11-02 18:43 -------- d-------- J:\Documents and Settings\John Smith\Application Data\Adobe
2006-11-02 18:10 -------- d-------- J:\Program Files\Adobe
2006-11-02 18:08 -------- d-------- J:\Program Files\Common Files\Adobe
2006-10-30 21:32 -------- d-------- J:\Program Files\MSXML 4.0
2006-10-30 21:25 -------- d---s---- J:\Documents and Settings\John Smith\Application Data\Microsoft
2006-10-30 21:18 -------- d-------- J:\Program Files\Microsoft Games
2006-10-30 21:18 -------- d-------- J:\Program Files\Common Files\Microsoft Shared
2006-10-30 19:58 -------- d-------- J:\Program Files\DAMN NFO Viewer
2006-10-26 21:19 -------- d-------- J:\Program Files\Common Files\Symantec Shared
2006-10-22 12:22 888832 --a------ J:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ J:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ J:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ J:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ J:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ J:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ J:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ J:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ J:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ J:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ J:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ J:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ J:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ J:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ J:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ J:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ J:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ J:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ J:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ J:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ J:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ J:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ J:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ J:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ J:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ J:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ J:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ J:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ J:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ J:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ J:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ J:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ J:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ J:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ J:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ J:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ J:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ J:\WINDOWS\system32\nvcpluir.dll
2006-10-15 18:11 -------- d-------- J:\Program Files\LimeWire
2006-10-15 18:11 -------- d-------- J:\Program Files\Java
2006-10-15 18:10 -------- d-------- J:\Program Files\Common Files\Java
2006-10-15 13:20 -------- d-------- J:\Program Files\LucasArts
2006-10-12 11:25 737280 --a------ J:\WINDOWS\iun6002.exe
2006-10-11 00:07 -------- d-------- J:\Program Files\Common Files\Wise Installation Wizard
2006-10-01 19:39 29392 --a------ J:\WINDOWS\system32\drivers\secdrv.sys
2006-09-30 22:08 -------- d-------- J:\Program Files\CPIX
2006-09-27 23:15 -------- d-------- J:\Program Files\Prey
2006-09-26 21:26 98304 --a------ J:\WINDOWS\system32\CmdLineExt.dll
2006-09-26 18:55 -------- d-------- J:\Program Files\Mafia
2006-09-26 18:54 -------- d-------- J:\Program Files\Creative
2006-09-26 01:21 -------- d-------- J:\Program Files\BitComet
2006-09-24 07:28 5248 --a------ J:\WINDOWS\system32\speedfan.sys
2006-09-13 21:05 18552 --a------ J:\Documents and Settings\John Smith\Application Data\GDIPFONTCACHEV1.DAT
2006-09-12 23:01 1084416 --a------ J:\WINDOWS\system32\msxml3.dll
2006-08-25 09:45 617472 --a------ J:\WINDOWS\system32\comctl32.dll
2006-08-24 21:42 8704 --a------ J:\WINDOWS\system32\wdfmgr.exe
2006-08-24 21:42 8704 --a------ J:\WINDOWS\system32\uwdf.exe
2006-08-24 21:30 99840 --a------ J:\WINDOWS\system32\wmpshell.dll
2006-08-24 21:30 990208 --a------ J:\WINDOWS\system32\drmv2clt.dll
2006-08-24 21:30 937984 --a------ J:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 21:30 8337920 --a------ J:\WINDOWS\system32\wmploc.dll
2006-08-24 21:30 790016 --a------ J:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 21:30 757248 --a------ J:\WINDOWS\system32\WMADMOD.dll
2006-08-24 21:30 7168 --a------ J:\WINDOWS\system32\asferror.dll
2006-08-24 21:30 656896 --a------ J:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 21:30 63488 --a------ J:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 21:30 629760 --a------ J:\WINDOWS\system32\wpd_ci.dll
2006-08-24 21:30 611840 --a------ J:\WINDOWS\system32\wmpmde.dll
2006-08-24 21:30 603648 --a------ J:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 21:30 537600 --a------ J:\WINDOWS\system32\blackbox.dll
2006-08-24 21:30 532992 --a------ J:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 21:30 428032 --a------ J:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 21:30 414208 --a------ J:\WINDOWS\system32\msscp.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wmvdmod.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\WMVADVD.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wmsdmod.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wdfapi.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 21:30 37376 --a------ J:\WINDOWS\system32\wmdmps.dll
2006-08-24 21:30 35840 --a------ J:\WINDOWS\system32\wpdconns.dll
2006-08-24 21:30 349184 --a------ J:\WINDOWS\system32\wpdsp.dll
2006-08-24 21:30 347648 --a------ J:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 21:30 33792 --a------ J:\WINDOWS\system32\wmdmlog.dll
2006-08-24 21:30 320512 --a------ J:\WINDOWS\system32\mswmdm.dll
2006-08-24 21:30 316928 --a------ J:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 21:30 314368 --a------ J:\WINDOWS\system32\wmpdxm.dll
2006-08-24 21:30 305152 --a------ J:\WINDOWS\system32\MSDelta.dll
2006-08-24 21:30 295424 --a------ J:\WINDOWS\system32\wmpeffects.dll
2006-08-24 21:30 284160 --a------ J:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 21:30 276480 --a------ J:\WINDOWS\system32\audiodev.dll
2006-08-24 21:30 27648 --a------ J:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 21:30 259072 --a------ J:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 21:30 2589184 --a------ J:\WINDOWS\system32\WpdShext.dll
2006-08-24 21:30 258560 --a------ J:\WINDOWS\system32\MP43DECD.dll
2006-08-24 21:30 2450944 --a------ J:\WINDOWS\system32\wmvcore.dll
2006-08-24 21:30 242176 --a------ J:\WINDOWS\system32\wmpasf.dll
2006-08-24 21:30 228352 --a------ J:\WINDOWS\system32\cewmdm.dll
2006-08-24 21:30 227328 --a------ J:\WINDOWS\system32\wmerror.dll
2006-08-24 21:30 222208 --a------ J:\WINDOWS\system32\WMASF.dll
2006-08-24 21:30 211968 --a------ J:\WINDOWS\system32\MFPLAT.dll
2006-08-24 21:30 210432 --a------ J:\WINDOWS\system32\qasf.dll
2006-08-24 21:30 204800 --a------ J:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 21:30 198144 --a------ J:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 21:30 179712 --a------ J:\WINDOWS\system32\msnetobj.dll
2006-08-24 21:30 175104 --a------ J:\WINDOWS\system32\mspmsp.dll
2006-08-24 21:30 166912 --a------ J:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 21:30 1660416 --a------ J:\WINDOWS\system32\wmpencen.dll
2006-08-24 21:30 157184 --a------ J:\WINDOWS\system32\wmidx.dll
2006-08-24 21:30 154624 --a------ J:\WINDOWS\system32\wpdmtp.dll
2006-08-24 21:30 1539584 --a------ J:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 21:30 1532416 --a------ J:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 21:30 1392128 --a------ J:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 21:30 133120 --a------ J:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 21:30 1327616 --a------ J:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 21:30 132096 --a------ J:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 21:30 130048 --a------ J:\WINDOWS\system32\wmpps.dll
2006-08-24 21:30 11264 --a------ J:\WINDOWS\system32\LAPRXY.dll
2006-08-24 21:30 1118208 --a------ J:\WINDOWS\system32\WMADMOE.dll
2006-08-24 21:30 101888 --a------ J:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 19:31 100864 --a------ J:\WINDOWS\system32\logagent.exe
2006-08-24 19:27 249344 --a------ J:\WINDOWS\system32\drmupgds.exe
2006-08-24 19:26 95288 --a------ J:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 19:26 17408 --a------ J:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 18:19 316416 --a------ J:\WINDOWS\system32\WUDFx.dll
2006-08-24 18:19 145920 --a------ J:\WINDOWS\system32\WudfHost.exe
2006-08-24 18:18 56320 --a------ J:\WINDOWS\system32\WudfSvc.dll
2006-08-24 18:18 168448 --a------ J:\WINDOWS\system32\WudfPlatform.dll
2006-08-21 06:21 16896 --a------ J:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ J:\WINDOWS\system32\fltmc.exe
2006-08-19 21:13 61440 --a------ J:\WINDOWS\wnUninstall.exe
2006-08-16 05:58 100352 --a------ J:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="\"J:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"Creative MediaSource Go"="\"J:\\Program Files\\Creative\\MediaSource\\Go\\CTCMSGo.exe\" /SCB"
"Rnxfuiz"="J:\\WINDOWS\\system32\\??sembly\\w?wexec.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVRaidService"="J:\\WINDOWS\\system32\\nvraidservice.exe"
"NvCplDaemon"="RUNDLL32.EXE J:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Zboard"="J:\\Program Files\\Ideazon\\ZEngine\\Zboard.exe"
"RCSystem"="\"J:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"AudioDrvEmulator"="\"J:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"J:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"ccApp"="\"J:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="J:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"CTDVDDET"="\"J:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
"VolPanel"="\"J:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
"NeroFilterCheck"="J:\\WINDOWS\\system32\\NeroCheck.exe"
"LanguageShortcut"="\"J:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"OpwareSE2"="\"J:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"SunJavaUpdateSched"="J:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"NvMediaCenter"="RUNDLL32.EXE J:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Adobe Version Cue CS2"="\"J:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"Acrobat Assistant 7.0"="\"J:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"CTDrive"="rundll32.exe J:\\WINDOWS\\system32\\drvxoj.dll,startup"
"AVG7_CC"="J:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://kfor.static.worldnow.com/images/incoming/7day.jpg"
"SubscribedURL"="http://kfor.static.worldnow.com/images/incoming/7day.jpg"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,f7,02,00,00,1c,00,00,00,f9,01,00,00,8b,01,00,00,06,\
00,00,40,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,63,01,00,00,80,02,00,00,e0,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:d5,c1,00,00,c8,6d,07,00,cb,76,10,10,ff,ff,ff,ff,f2,ea,\
d4,77,00,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="J:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="J:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomklki
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
J:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - John Smith.job

Completion time: 06-11-14 22:03:01.35
J:\ComboFix.txt ... 06-11-14 22:03


Thanks for your continued help.

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 November 2006 - 04:53 AM

Make sure you delete all those temporary files.

Here is a llittle tool to assist you if you need it.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R3 - URLSearchHook: (no name) - {42E45D37-98FC-942E-8AF2-C2693EDE8AC7} - J:\WINDOWS\system32\ohu.dll

O2 - BHO: (no name) - {1B862F14-BCD6-EB08-A148-E92B5BB9D19F} - J:\WINDOWS\system32\ofdcxoi.dll (file missing)

O2 - BHO: (no name) - {293AEEA7-233F-7AE3-4D1E-2CC7E505B3C2} - J:\WINDOWS\system32\crnbsv.dll (file missing)

O2 - BHO: (no name) - {42E45D37-98FC-942E-8AF2-C2693EDE8AC7} - J:\WINDOWS\system32\ohu.dll

O2 - BHO: (no name) - {67B532E5-FA2F-F8A0-089A-F44A3DF7A199} - J:\WINDOWS\system32\zaw.dll (file missing)

O2 - BHO: (no name) - {72BA7299-EA0B-BED9-7958-B8CE659DB7C5} - J:\WINDOWS\system32\plrci.dll (file missing)

O2 - BHO: (no name) - {9114B66F-7DF6-2428-D7F6-2717C8F35C93} - J:\WINDOWS\system32\qxwitp.dll (file missing)

O2 - BHO: (no name) - {98DA978B-5017-0DC2-39E4-5380014E5292} - J:\WINDOWS\system32\xatbzdy.dll (file missing)

O2 - BHO: (no name) - {C1F80000-3D4E-4666-B7A1-30E14489B0D8} - J:\WINDOWS\system32\jkhfd.dll (file missing)

O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - J:\WINDOWS\system32\qomklki.dll

O2 - BHO: (no name) - {D11622E3-5EBA-4BBC-9B38-B0F66224D987} - J:\WINDOWS\system32\pmkjh.dll (file missing)

O2 - BHO: (no name) - {EA6799F6-543B-0FE4-4A2E-5A10E85172C6} - J:\WINDOWS\system32\vddduen.dll (file missing)

O4 - HKLM\..\Run: [CTDrive] rundll32.exe J:\WINDOWS\system32\drvxoj.dll,startup

O4 - HKCU\..\Run: [Rnxfuiz] J:\WINDOWS\system32\??sembly\w?wexec.exe

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

O20 - AppInit_DLLs:

O20 - Winlogon Notify: jkhfd - J:\WINDOWS\system32\jkhfd.dll (file missing)

O20 - Winlogon Notify: qomklki - J:\WINDOWS\SYSTEM32\qomklki.dll

O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Locate and Delete this file:

J:\WINDOWS\system32\wapisvit.exe


Click Start--> Click Run--> Copy&Paste the bold text below into the open Run box and Click OK.

%systemdrive%\combofix.exe /v xxywtuv qomklki drvxoj ohu

Let comboxfix run and save that log.


Restart Normal and post back with a fresh HijackThis log and the results from ComboFix.


After posting those 2 logs,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#7 Jonith

Jonith
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 15 November 2006 - 06:57 PM

Hijackthis showed this when it fixed the items you listed:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: )
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.


Hijackthis then completed as normal.
Here is the Comboxfix log:

John Smith - 06-11-15 13:57:37.51 Service Pack 2
ComboFix 06.11.9 - Running from: "J:\"
Command switches used :: /v xxywtuv qomklki drvxoj ohu

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


J:\WINDOWS\system32\xxywtuv.dll
J:\WINDOWS\system32\qomklki.dll
J:\WINDOWS\system32\drvxoj.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

J:\QooBox\Purity\Documents and Settings\John Smith\Application Data\ASKS~1
J:\QooBox\Purity\Documents and Settings\John Smith\Application Data\PPATCH~1
J:\QooBox\Purity\Documents and Settings\John Smith\Application Data\SEMBLY~1
J:\QooBox\Purity\Documents and Settings\John Smith\My Documents\ECURIT~1
J:\QooBox\Purity\Documents and Settings\John Smith\My Documents\YMANTE~1
J:\QooBox\Purity\Program Files\CURITY~1
J:\QooBox\Purity\Program Files\ICROSO~1
J:\QooBox\Purity\Program Files\RACLE~1
J:\QooBox\Purity\Program Files\Common Files\CROSOF~1.NET
J:\QooBox\Purity\Program Files\Common Files\CURITY~1
J:\QooBox\Purity\Program Files\Common Files\MCROSO~1
J:\QooBox\Purity\Program Files\Common Files\SSTEM3~1
J:\QooBox\Purity\Program Files\Common Files\YSTEM3~1
J:\QooBox\Purity\Program Files\Common Files\YSTEM3~1\?ystem32
J:\QooBox\Purity\WINDOWS\CURITY~1
J:\QooBox\Purity\WINDOWS\MCROSO~1
J:\QooBox\Purity\WINDOWS\system32\ECURIT~1
J:\QooBox\Purity\WINDOWS\system32\RACLE~1
J:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
J:\QooBox\Purity\WINDOWS\system32\STEM32~1
J:\QooBox\Purity\WINDOWS\system32\SEMBLY~1\w?wexec.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))


2006-11-14 21:53 277,182 --a------ J:\combofix.exe
2006-11-10 23:30 816,672 --a------ J:\WINDOWS\system32\drivers\avg7core.sys
2006-11-10 23:30 4,224 --a------ J:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-10 23:30 3,968 --a------ J:\WINDOWS\system32\drivers\avgclean.sys
2006-11-10 23:30 28,416 --a------ J:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-10 23:30 18,240 --a------ J:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-04 14:14 1,245,696 --a------ J:\WINDOWS\system32\msxml4.dll
2006-11-02 18:08 20,576 --a------ J:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-02 18:08 109,568 --a------ J:\WINDOWS\system32\pxinsi64.exe
2006-11-02 18:08 108,544 --a------ J:\WINDOWS\system32\pxcpyi64.exe
2006-11-02 00:27 16,384 --a------ J:\WINDOWS\system32\FileOps.exe
2006-10-20 11:42 20,096 --a------ J:\WINDOWS\system32\drivers\AnyDVD.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-15 13:54 -------- d-------- J:\Program Files\Mozilla Firefox
2006-11-15 13:44 -------- d-------- J:\Program Files\Common Files
2006-11-15 11:53 -------- d-------- J:\Documents and Settings\John Smith\Application Data\AVG7
2006-11-15 01:44 -------- d-------- J:\Program Files\Internet Explorer
2006-11-13 00:43 83 ---hs---- J:\Documents and Settings\John Smith\Application Data\.zreglib
2006-11-12 20:34 -------- d-------- J:\Program Files\Lavasoft
2006-11-12 20:34 -------- d-------- J:\Documents and Settings\John Smith\Application Data\Lavasoft
2006-11-11 01:18 -------- d-------- J:\Documents and Settings\John Smith\Application Data\Help
2006-11-10 23:30 -------- d-------- J:\Program Files\Grisoft
2006-11-10 22:46 -------- d-------- J:\Program Files\SpeedFan
2006-11-08 23:26 -------- d-------- J:\Documents and Settings\John Smith\Application Data\Sun
2006-11-08 20:38 -------- d-------- J:\Program Files\GameSpy Arcade
2006-11-08 20:14 -------- d--h----- J:\Program Files\InstallShield Installation Information
2006-11-08 20:14 -------- d-------- J:\Program Files\EA GAMES
2006-11-07 00:30 -------- d-------- J:\Program Files\TechSmith
2006-11-04 16:51 -------- d-------- J:\Documents and Settings\John Smith\Application Data\AdobeUM
2006-11-03 22:40 -------- d-------- J:\Program Files\Morpheus Ultra
2006-11-02 23:22 -------- d-------- J:\Program Files\Ubisoft
2006-11-02 18:43 -------- d-------- J:\Documents and Settings\John Smith\Application Data\Adobe
2006-11-02 18:10 -------- d-------- J:\Program Files\Adobe
2006-11-02 18:08 -------- d-------- J:\Program Files\Common Files\Adobe
2006-10-30 21:32 -------- d-------- J:\Program Files\MSXML 4.0
2006-10-30 21:25 -------- d---s---- J:\Documents and Settings\John Smith\Application Data\Microsoft
2006-10-30 21:18 -------- d-------- J:\Program Files\Microsoft Games
2006-10-30 21:18 -------- d-------- J:\Program Files\Common Files\Microsoft Shared
2006-10-30 19:58 -------- d-------- J:\Program Files\DAMN NFO Viewer
2006-10-26 21:19 -------- d-------- J:\Program Files\Common Files\Symantec Shared
2006-10-22 12:22 888832 --a------ J:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ J:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ J:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ J:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ J:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ J:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ J:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ J:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ J:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ J:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ J:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ J:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ J:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ J:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ J:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 3994624 --a------ J:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22 35840 --a------ J:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ J:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ J:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ J:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ J:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ J:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ J:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ J:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ J:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ J:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ J:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 188416 --a------ J:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ J:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ J:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ J:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ J:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ J:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ J:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ J:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ J:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ J:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ J:\WINDOWS\system32\nvcpluir.dll
2006-10-15 18:11 -------- d-------- J:\Program Files\LimeWire
2006-10-15 18:11 -------- d-------- J:\Program Files\Java
2006-10-15 18:10 -------- d-------- J:\Program Files\Common Files\Java
2006-10-15 13:20 -------- d-------- J:\Program Files\LucasArts
2006-10-13 06:35 142336 --a------ J:\WINDOWS\system32\nwprovau.dll
2006-10-12 11:25 737280 --a------ J:\WINDOWS\iun6002.exe
2006-10-11 00:07 -------- d-------- J:\Program Files\Common Files\Wise Installation Wizard
2006-10-01 19:39 29392 --a------ J:\WINDOWS\system32\drivers\secdrv.sys
2006-09-30 22:08 -------- d-------- J:\Program Files\CPIX
2006-09-27 23:15 -------- d-------- J:\Program Files\Prey
2006-09-26 21:26 98304 --a------ J:\WINDOWS\system32\CmdLineExt.dll
2006-09-26 18:55 -------- d-------- J:\Program Files\Mafia
2006-09-26 18:54 -------- d-------- J:\Program Files\Creative
2006-09-26 01:21 -------- d-------- J:\Program Files\BitComet
2006-09-24 07:28 5248 --a------ J:\WINDOWS\system32\speedfan.sys
2006-09-13 21:05 18552 --a------ J:\Documents and Settings\John Smith\Application Data\GDIPFONTCACHEV1.DAT
2006-09-12 23:01 1084416 --a------ J:\WINDOWS\system32\msxml3.dll
2006-08-25 09:45 617472 --a------ J:\WINDOWS\system32\comctl32.dll
2006-08-24 21:42 8704 --a------ J:\WINDOWS\system32\wdfmgr.exe
2006-08-24 21:42 8704 --a------ J:\WINDOWS\system32\uwdf.exe
2006-08-24 21:30 99840 --a------ J:\WINDOWS\system32\wmpshell.dll
2006-08-24 21:30 990208 --a------ J:\WINDOWS\system32\drmv2clt.dll
2006-08-24 21:30 937984 --a------ J:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 21:30 8337920 --a------ J:\WINDOWS\system32\wmploc.dll
2006-08-24 21:30 790016 --a------ J:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 21:30 757248 --a------ J:\WINDOWS\system32\WMADMOD.dll
2006-08-24 21:30 7168 --a------ J:\WINDOWS\system32\asferror.dll
2006-08-24 21:30 656896 --a------ J:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 21:30 63488 --a------ J:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 21:30 629760 --a------ J:\WINDOWS\system32\wpd_ci.dll
2006-08-24 21:30 611840 --a------ J:\WINDOWS\system32\wmpmde.dll
2006-08-24 21:30 603648 --a------ J:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 21:30 537600 --a------ J:\WINDOWS\system32\blackbox.dll
2006-08-24 21:30 532992 --a------ J:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 21:30 428032 --a------ J:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 21:30 414208 --a------ J:\WINDOWS\system32\msscp.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wmvdmod.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\WMVADVD.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wmsdmod.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\wdfapi.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 21:30 4096 --a------ J:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 21:30 37376 --a------ J:\WINDOWS\system32\wmdmps.dll
2006-08-24 21:30 35840 --a------ J:\WINDOWS\system32\wpdconns.dll
2006-08-24 21:30 349184 --a------ J:\WINDOWS\system32\wpdsp.dll
2006-08-24 21:30 347648 --a------ J:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 21:30 33792 --a------ J:\WINDOWS\system32\wmdmlog.dll
2006-08-24 21:30 320512 --a------ J:\WINDOWS\system32\mswmdm.dll
2006-08-24 21:30 316928 --a------ J:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 21:30 314368 --a------ J:\WINDOWS\system32\wmpdxm.dll
2006-08-24 21:30 305152 --a------ J:\WINDOWS\system32\MSDelta.dll
2006-08-24 21:30 295424 --a------ J:\WINDOWS\system32\wmpeffects.dll
2006-08-24 21:30 284160 --a------ J:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 21:30 276480 --a------ J:\WINDOWS\system32\audiodev.dll
2006-08-24 21:30 27648 --a------ J:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 21:30 259072 --a------ J:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 21:30 2589184 --a------ J:\WINDOWS\system32\WpdShext.dll
2006-08-24 21:30 258560 --a------ J:\WINDOWS\system32\MP43DECD.dll
2006-08-24 21:30 2450944 --a------ J:\WINDOWS\system32\wmvcore.dll
2006-08-24 21:30 242176 --a------ J:\WINDOWS\system32\wmpasf.dll
2006-08-24 21:30 228352 --a------ J:\WINDOWS\system32\cewmdm.dll
2006-08-24 21:30 227328 --a------ J:\WINDOWS\system32\wmerror.dll
2006-08-24 21:30 222208 --a------ J:\WINDOWS\system32\WMASF.dll
2006-08-24 21:30 211968 --a------ J:\WINDOWS\system32\MFPLAT.dll
2006-08-24 21:30 210432 --a------ J:\WINDOWS\system32\qasf.dll
2006-08-24 21:30 204800 --a------ J:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 21:30 198144 --a------ J:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 21:30 179712 --a------ J:\WINDOWS\system32\msnetobj.dll
2006-08-24 21:30 175104 --a------ J:\WINDOWS\system32\mspmsp.dll
2006-08-24 21:30 166912 --a------ J:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 21:30 1660416 --a------ J:\WINDOWS\system32\wmpencen.dll
2006-08-24 21:30 157184 --a------ J:\WINDOWS\system32\wmidx.dll
2006-08-24 21:30 154624 --a------ J:\WINDOWS\system32\wpdmtp.dll
2006-08-24 21:30 1539584 --a------ J:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 21:30 1532416 --a------ J:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 21:30 1392128 --a------ J:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 21:30 133120 --a------ J:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 21:30 1327616 --a------ J:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 21:30 132096 --a------ J:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 21:30 130048 --a------ J:\WINDOWS\system32\wmpps.dll
2006-08-24 21:30 11264 --a------ J:\WINDOWS\system32\LAPRXY.dll
2006-08-24 21:30 1118208 --a------ J:\WINDOWS\system32\WMADMOE.dll
2006-08-24 21:30 101888 --a------ J:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 19:31 100864 --a------ J:\WINDOWS\system32\logagent.exe
2006-08-24 19:27 249344 --a------ J:\WINDOWS\system32\drmupgds.exe
2006-08-24 19:26 95288 --a------ J:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 19:26 17408 --a------ J:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 18:19 316416 --a------ J:\WINDOWS\system32\WUDFx.dll
2006-08-24 18:19 145920 --a------ J:\WINDOWS\system32\WudfHost.exe
2006-08-24 18:18 56320 --a------ J:\WINDOWS\system32\WudfSvc.dll
2006-08-24 18:18 168448 --a------ J:\WINDOWS\system32\WudfPlatform.dll
2006-08-21 06:21 16896 --a------ J:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ J:\WINDOWS\system32\fltmc.exe
2006-08-19 21:13 61440 --a------ J:\WINDOWS\wnUninstall.exe
2006-08-17 06:28 721920 --a------ J:\WINDOWS\system32\lsasrv.dll
2006-08-17 06:28 132096 --a------ J:\WINDOWS\system32\wkssvc.dll
2006-08-16 05:58 100352 --a------ J:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="\"J:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"Creative MediaSource Go"="\"J:\\Program Files\\Creative\\MediaSource\\Go\\CTCMSGo.exe\" /SCB"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVRaidService"="J:\\WINDOWS\\system32\\nvraidservice.exe"
"NvCplDaemon"="RUNDLL32.EXE J:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Zboard"="J:\\Program Files\\Ideazon\\ZEngine\\Zboard.exe"
"RCSystem"="\"J:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"AudioDrvEmulator"="\"J:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"J:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"ccApp"="\"J:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="J:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"CTDVDDET"="\"J:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
"VolPanel"="\"J:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
"NeroFilterCheck"="J:\\WINDOWS\\system32\\NeroCheck.exe"
"LanguageShortcut"="\"J:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"OpwareSE2"="\"J:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"SunJavaUpdateSched"="J:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"NvMediaCenter"="RUNDLL32.EXE J:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Adobe Version Cue CS2"="\"J:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"Acrobat Assistant 7.0"="\"J:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"AVG7_CC"="J:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://kfor.static.worldnow.com/images/incoming/7day.jpg"
"SubscribedURL"="http://kfor.static.worldnow.com/images/incoming/7day.jpg"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,f7,02,00,00,1c,00,00,00,f9,01,00,00,8b,01,00,00,06,\
00,00,40,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,63,01,00,00,80,02,00,00,e0,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:d5,c1,00,00,c8,6d,07,00,cb,76,10,10,ff,ff,ff,ff,f2,ea,\
d4,77,00,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="J:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="J:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
J:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - John Smith.job

Completion time: 06-11-15 14:01:26.46
J:\ComboFix.txt ... 06-11-15 14:01
J:\ComboFix2.txt ... 06-11-14 22:03


And here is the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:03:52 PM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
J:\WINDOWS\system32\CTsvcCDA.EXE
J:\Program Files\Norton AntiVirus\navapsvc.exe
J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\Program Files\CyberLink\Shared files\RichVideo.exe
J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
J:\WINDOWS\system32\nvraidservice.exe
J:\Program Files\Ideazon\ZEngine\Zboard.exe
J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
J:\WINDOWS\CTHELPER.EXE
J:\WINDOWS\system32\CTXFIHLP.EXE
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
J:\WINDOWS\SYSTEM32\CTXFISPI.EXE
J:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
J:\WINDOWS\system32\wbem\unsecapp.exe
J:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
J:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
J:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
J:\Program Files\Logitech\SetPoint\SetPoint.exe
J:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
J:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
J:\WINDOWS\system32\wuauclt.exe
J:\Program Files\Messenger\msmsgs.exe
J:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
J:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
J:\Documents and Settings\John Smith\Desktop\hijackthis\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - J:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - J:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NVRaidService] J:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zboard] J:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [RCSystem] "J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "J:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "J:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ccApp] "J:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] J:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTDVDDET] "J:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "J:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "J:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OpwareSE2] "J:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "J:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "J:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] J:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Creative Detector] "J:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "J:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = J:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SnagIt 8.lnk = J:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://J:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: J:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - J:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - J:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - J:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - J:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - J:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - J:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - J:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - J:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - J:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




Report from F-Secure:

Scanning Report
Wednesday, November 15, 2006 14:17:03 - 17:50:35

Computer name: SUPERCOMPUTER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ J:\
Result: 8 malware found
P2P-Worm.Win32.VB.dw (virus)

* J:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3990258C.EXE (Renamed & Submitted)

Trojan-Clicker.Win32.Small.lo (virus)

* J:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\25015345.DLL (Renamed & Submitted)

Trojan-Downloader.Win32.PurityScan.co (virus)

* J:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\37A0097D.EXE (Renamed & Submitted)
* J:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\41975DD0.EXE (Renamed & Submitted)
* J:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\42C55737.EXE (Renamed & Submitted)
* J:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5A4D2D1C.EXE (Renamed & Submitted)

Trojan-Downloader.Win32.Zlob.awm (virus)

* J:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5EA73344.EXE (Renamed & Submitted)

Trojan.Win32.BHO.g (virus)

* J:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2EEE065A.DLL (Renamed & Submitted)

Statistics
Scanned:

* Files: 39359
* System: 4439
* Not scanned: 4

Actions:

* Disinfected: 0
* Renamed: 8
* Deleted: 0
* None: 0
* Submitted: 8

Files not scanned:

* J:\PAGEFILE.SYS
* J:\WINDOWS\TEMP\HSPERFDATA_SYSTEM\1128
* J:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* J:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-11-15
* F-Secure AVP: 7.0.171, 2006-11-15
* F-Secure Orion: 1.2.37, 2006-11-15
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-08-29


Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 November 2006 - 07:23 PM

Hmmm,strange,ComboFix didnt grab one of those files we listed.


Download Killbox from here:
http://killbox.net/downloads/KillBox.exe

Launch the program--> Copy&Paste the bold text below into the "Full Path of File to Delete"

J:\WINDOWS\system32\ohu.dll

Let me know if the filename appears in blue text within the Killbox window?

#9 Jonith

Jonith
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 15 November 2006 - 08:12 PM

No, it looks like regular black text.

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 November 2006 - 08:39 PM

Hmm,Copy&Paste once more and then click the Red Circle with the white X to delete.

If the file isnt there,Killbox should pop up a message saying so.


Please run the Bit Defender Online Scan
http://www.bitdefender.com/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here

#11 Jonith

Jonith
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 16 November 2006 - 12:37 AM

Killbox said the ohu file did not exist.

After BitDefender scanned, it said the computer is still infected.

I messed up and saved the report in HTML instead of text, but here it is:

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Wed, Nov 15, 2006 - 23:14:22</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;</span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">02:53:59</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">866189</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">12162</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4647</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">53290</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">8</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect&nbsp;Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">28</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">316219</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System&nbsp;plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">&nbsp;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td colspan=2> &nbsp;
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial">&nbsp;Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43083add-6fa88d47.zip=>BaaaaBaa.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43083add-6fa88d47.zip=>BaaaaBaa.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43083add-6fa88d47.zip=>BaaaaBaa.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43083add-6fa88d47.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43083add-6fa88d47.zip=>Dvnny.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Java.Trojan.Exploit.Bytverify</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43083add-6fa88d47.zip=>Dvnny.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43083add-6fa88d47.zip=>Dvnny.class</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43083add-6fa88d47.zip</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Desktop\hijackthis\backups\backup-20061115-135323-549.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Vundo.G</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Desktop\hijackthis\backups\backup-20061115-135323-549.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Desktop\hijackthis\backups\backup-20061115-135323-549.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Purityad.BP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Documents and Settings\John Smith\Desktop\OiUninstaller.exe=>(NSIS o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\25015345.0LL=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Zlob.AX</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\25015345.0LL=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\2EEE065A.0LL=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.BHO.G</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\2EEE065A.0LL=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\2EEE065A.0LL=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\37A0097D.000=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.PurityScan.BP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\37A0097D.000=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\37A0097D.000=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\37A0097D.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.PurityScan.BP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\37A0097D.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\37A0097D.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\3990258C.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Worm.VB.DW</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\3990258C.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\3C0D20CF.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Vb.AN@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\3C0D20CF.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\3C0D20CF.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\41975DD0.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.PurityScan.BP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\41975DD0.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\41975DD0.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\42C22D3B.000=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.PurityScan.BP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\42C22D3B.000=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\42C22D3B.000=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\42C55737.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.PurityScan.BP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\42C55737.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\42C55737.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\48D920BB.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Worm.VB.DW</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\48D920BB.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\54C34F9F.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Worm.VB.DW</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\54C34F9F.tmp=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\5A4D2D1C.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Downloader.PurityScan.BP</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\5A4D2D1C.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">J:\Program Files\Norton AntiVirus\Quarantine\5A4D2D1C.0XE=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

</table>
<p>&nbsp;</p>

</body>
</html>

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 November 2006 - 05:15 AM

Looks like Bit Defender took care of what it found.


Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#13 Jonith

Jonith
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 17 November 2006 - 03:48 AM

Hijackthis uninstall log:


4 Warn Alert
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Download Manager 2.0 (Remove Only)
Adobe Encore DVD FC
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 1.0
Adobe Help Center 2.0
Adobe Premiere Pro FC
Adobe Production Studio
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Video Suite Extras
AnyDVD
AVG Free Edition
Battlecraft Vietnam
Battlefield 1942
Battlefield 2: Deluxe Edition
Battlefield Mod Development Toolkit
Battlefield Vietnam™
BitComet 0.70
Canon CanoScan Toolbox 4.6
Canon PIXMA iP3000
ccCommon
CloneDVD2
Cool Edit Pro 2.1
Creative Media Toolbox
Creative MediaSource
Creative System Information
Dawn
Dusk 5900
EAX Unified
ewido anti-spyware 4.0
Far Cry
FEAR
GameSpy Arcade
GeoForms Screensaver by NVIDIA (remove only)
HijackThis 1.99.1
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 3
Kaspersky Online Scanner
LimeWire 4.12.6
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech SetPoint
Luna
Mafia
Manual CanoScan 4200F
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Flight Simulator X
Microsoft Office XP Professional
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Visual C++ 2005 Redistributable
Morpheus Ultra 5.2 (remove only)
Mozilla Firefox (1.5.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Nero 6 Enterprise Edition
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Drivers
Oblivion
Oblivion mod manager 0.7.14
Ogre
OmniPage SE 2.0
Panda ActiveScan
PowerDVD
PowerISO
Prey
PunkBuster for Battlefield Vietnam
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SnagIt 8
Sound Blaster X-Fi
SPBBC
SpeedFan (remove only)
Spybot - Search & Destroy 1.4
Star Wars Battlefront
Suite Specific
Symantec
Symantec Script Blocking Installer
SymNet
Timbury
Unreal Tournament G.O.T.Y. Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Z Engine


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 17, 2006 2:40:11 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/11/2006
Kaspersky Anti-Virus database records: 242465
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 200462
Number of viruses found: 12
Number of infected objects: 45 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:32:16

Infected Object Name / Virus Name / Last Action
C:\Downloads\Pocket PC Stuff\PocketPC - 18 Pocket PC Applications\Pocket PC Software\Area Code Reverse Lookup Install File (PocketPC).exe/data0004 Infected: not-a-virus:AdWare.Win32.OnFlow skipped
C:\Downloads\Pocket PC Stuff\PocketPC - 18 Pocket PC Applications\Pocket PC Software\Area Code Reverse Lookup Install File (PocketPC).exe Inno: infected - 1 skipped
C:\Downloads\Pocket PC Stuff\PocketPC - 18 Pocket PC Applications.zip/Pocket PC Software/Area Code Reverse Lookup Install File (PocketPC).exe/data0004 Infected: not-a-virus:AdWare.Win32.OnFlow skipped
C:\Downloads\Pocket PC Stuff\PocketPC - 18 Pocket PC Applications.zip/Pocket PC Software/Area Code Reverse Lookup Install File (PocketPC).exe Infected: not-a-virus:AdWare.Win32.OnFlow skipped
C:\Downloads\Pocket PC Stuff\PocketPC - 18 Pocket PC Applications.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\Documents and Settings\All Users\Application Data\Creative\CADI\Preset\PCI_BUS1102-5-211102-BC00.dat Object is locked skipped
J:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
J:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
J:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
J:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-11-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
J:\Documents and Settings\John Smith\Cookies\index.dat Object is locked skipped
J:\Documents and Settings\John Smith\Desktop\hijackthis\backups\backup-20061115-135323-683.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
J:\Documents and Settings\John Smith\Desktop\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.n skipped
J:\Documents and Settings\John Smith\Desktop\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
J:\Documents and Settings\John Smith\Desktop\OiUninstaller.exe NSIS: infected - 2 skipped
J:\Documents and Settings\John Smith\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
J:\Documents and Settings\John Smith\Local Settings\Application Data\ApplicationHistory\Zboard.exe.905cc237.ini.inuse Object is locked skipped
J:\Documents and Settings\John Smith\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 May 2005 06:03 from eBay Member: jonith1966:Question for eBay.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
J:\Documents and Settings\John Smith\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/02 Jun 2005 02:50 from eBay Member: jonith1966:Question for eBay.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
J:\Documents and Settings\John Smith\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/06 Jun 2005 02:48 from eBay Member: jonith1966:Question for eBay.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
J:\Documents and Settings\John Smith\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 3 skipped
J:\Documents and Settings\John Smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
J:\Documents and Settings\John Smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
J:\Documents and Settings\John Smith\Local Settings\History\History.IE5\index.dat Object is locked skipped
J:\Documents and Settings\John Smith\Local Settings\History\History.IE5\MSHist012006111620061117\index.dat Object is locked skipped
J:\Documents and Settings\John Smith\Local Settings\Temp\JET4A62.tmp Object is locked skipped
J:\Documents and Settings\John Smith\Local Settings\Temp\Perflib_Perfdata_154.dat Object is locked skipped
J:\Documents and Settings\John Smith\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\DESKTOP\gozilla.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\DESKTOP\gozilla.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Aureate skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\DESKTOP\gozilla.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\DESKTOP\gozilla.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\DESKTOP\gozilla.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\DESKTOP\gozilla.exe WiseSFX: infected - 5 skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\adimage.dll Infected: not-a-virus:AdWare.Win32.Aureate skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\htmdeng.exe Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\ipcclient.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\msipcsv.exe Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\tfde.dll Infected: not-a-virus:AdWare.Win32.Aureate skipped
J:\Documents and Settings\John Smith\NTUSER.DAT Object is locked skipped
J:\Documents and Settings\John Smith\ntuser.dat.LOG Object is locked skipped
J:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
J:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
J:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
J:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
J:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
J:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
J:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
J:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
J:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
J:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
J:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
J:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-11-16.19-58-24.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
J:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
J:\Program Files\Creative\ShareDLL\CADI\CTPLang.dat Object is locked skipped
J:\Program Files\Ideazon\ZEngine\Data\mods\IDeazon.ldb Object is locked skipped
J:\Program Files\Ideazon\ZEngine\Data\mods\IDeazon.zbd Object is locked skipped
J:\Program Files\Morpheus Ultra\mymorpheusToolbar.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
J:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
J:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
J:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
J:\Program Files\Norton AntiVirus\Quarantine\1A221877.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
J:\Program Files\Norton AntiVirus\Quarantine\2A747547.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\2A747547.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\2A747547.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\2A747547.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\2A747547.tmp/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\2A747547.tmp NSIS: infected - 5 skipped
J:\Program Files\Norton AntiVirus\Quarantine\2A747547.tmp CryptFF: infected - 5 skipped
J:\Program Files\Norton AntiVirus\Quarantine\2ED10C7A.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
J:\Program Files\Norton AntiVirus\Quarantine\37A33379.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
J:\Program Files\Norton AntiVirus\Quarantine\42C55737.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
J:\Program Files\Norton AntiVirus\Quarantine\5D701E99.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\5D701E99.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\5D701E99.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\5D701E99.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\5D701E99.tmp/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
J:\Program Files\Norton AntiVirus\Quarantine\5D701E99.tmp NSIS: infected - 5 skipped
J:\Program Files\Norton AntiVirus\Quarantine\5D701E99.tmp CryptFF: infected - 5 skipped
J:\Program Files\Norton AntiVirus\Quarantine\5EA73344.0XE Infected: Trojan-Downloader.Win32.Zlob.awm skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
J:\WINDOWS\SchedLgU.Txt Object is locked skipped
J:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
J:\WINDOWS\Sti_Trace.log Object is locked skipped
J:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
J:\WINDOWS\system32\config\default Object is locked skipped
J:\WINDOWS\system32\config\default.LOG Object is locked skipped
J:\WINDOWS\system32\config\SAM Object is locked skipped
J:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
J:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
J:\WINDOWS\system32\config\SECURITY Object is locked skipped
J:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
J:\WINDOWS\system32\config\software Object is locked skipped
J:\WINDOWS\system32\config\software.LOG Object is locked skipped
J:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
J:\WINDOWS\system32\config\system Object is locked skipped
J:\WINDOWS\system32\config\system.LOG Object is locked skipped
J:\WINDOWS\system32\h323log.txt Object is locked skipped
J:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
J:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
J:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
J:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
J:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
J:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
J:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
J:\WINDOWS\Temp\hsperfdata_SYSTEM\1128 Object is locked skipped
J:\WINDOWS\wiadebug.log Object is locked skipped
J:\WINDOWS\wiaservc.log Object is locked skipped
J:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 17 November 2006 - 05:49 AM

What is this?

C:\Downloads\Pocket PC Stuff\PocketPC - 18 Pocket PC Applications\Pocket PC Software\Area Code Reverse Lookup Install File (PocketPC).exe/data0004 Infected: not-a-virus:AdWare.Win32.OnFlow skipped



Go to Add\Remove Programs and Remove:

J2SE Runtime Environment 5.0 Update 3


Locate and Delete the following:

J:\Documents and Settings\John Smith\Desktop\SmitfraudFix<-- Folder

J:\Documents and Settings\John Smith\Desktop\OiUninstaller.exe<-- File

J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\DESKTOP\gozilla.exe<-- File

J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\adimage.dll<-- File

J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\htmdeng.exe<-- File

J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\ipcclient.dll<-- File

J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\msipcsv.exe<-- File

J:\Documents and Settings\John Smith\My Documents\Gateway\C\WINDOWS\SYSTEM\tfde.dll<-- File



Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Please Install these 2 to add to the Security of the PC

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm


Post back and let me know how the machine is running?

#15 Jonith

Jonith
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 17 November 2006 - 06:30 PM

I ran BitDefender just to double-check. SHowed 0 viruses / threats.

System is running great with no problems evident.

Thanks so much for your extended help. You are great, man!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users