Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Again Svchoste.exe, Infostealer, Timesink.inc? And Adware.tsadware


  • This topic is locked This topic is locked
11 replies to this topic

#1 Shawn_Townsend

Shawn_Townsend

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 23 January 2007 - 02:16 PM

Hi
Please help again not sure how or why i got theses i have not been on any dodgy sites.

Thanks for the help

Shawn


Logfile of HijackThis v1.99.1
Scan saved at 19:13:39, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\fkvtptka.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.eu.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4939BD3-2957-4589-8BD3-5F5DE4173EFF}: NameServer = 192.168.0.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe



SmitFraudFix v2.133

Scan done at 18:53:56.09, 23/01/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\svchost.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

BC AdBot (Login to Remove)

 


#2 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 23 January 2007 - 02:23 PM

This is from my norton antivirus log aswell lot of activity lately



Category: Security risks
Date Time,Feature,Risk Name,Result,Item Type,Virus Definition Version,Product Version,User Name,Computer Name,Details
23/01/2007 19:00:48,Auto-Protect,Downloader,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\47GK2PB5\L2[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
23/01/2007 19:00:48,Auto-Protect,Downloader,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\winADDC.tmp,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
23/01/2007 18:58:13,Auto-Protect,Infostealer,Fully removed,File,2007.01.23.020,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\xvykbfxo.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
23/01/2007 18:49:09,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\bdepevpv.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
23/01/2007 06:53:03,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\roderboc.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
21/01/2007 18:12:40,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\jivypxrq.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
20/01/2007 23:36:56,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\winB5BC.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
20/01/2007 23:36:56,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\47GK2PB5\mulbin32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
20/01/2007 23:36:56,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\47GK2PB5\wlzip32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
20/01/2007 23:35:33,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7WPP1W29\antzom[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
20/01/2007 17:45:01,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\kkpsanlw.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
20/01/2007 17:34:40,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\larajpro.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
20/01/2007 01:45:22,Auto-Protect,Trojan Horse,Fully removed,File,2007.01.19.019,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\suqwyskm.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
20/01/2007 01:44:58,Auto-Protect,Trojan Horse,Fully removed,File,2007.01.19.019,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\owurtfky.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
20/01/2007 01:43:59,Auto-Protect,Trojan Horse,Fully removed,File,2007.01.19.019,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\fbyoeoab.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
20/01/2007 01:43:58,Auto-Protect,Trojan Horse,Fully removed,File,2007.01.19.019,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\emoiirps.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
19/01/2007 19:13:27,Auto-Protect,Trojan.Zlob,Fully removed,File,2007.01.19.019,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win7A2.tmp.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
19/01/2007 19:12:43,Auto-Protect,Trojan.Zlob,Fully removed,File,2007.01.19.019,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win178E.tmp.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
19/01/2007 18:58:08,Auto-Protect,Downloader,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\winB2A7.tmp,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
19/01/2007 18:58:08,Auto-Protect,Downloader,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ROFC7WFG\L2[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
19/01/2007 17:33:07,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\qcwqxwhj.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
19/01/2007 01:05:53,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\upyeouju.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
18/01/2007 01:06:33,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\slmmoega.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
18/01/2007 00:45:39,Auto-Protect,Infostealer,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\cowtqjhb.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
18/01/2007 00:45:39,Auto-Protect,Infostealer,Fully removed,File,2007.01.17.019,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\ckwdsjkn.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
16/01/2007 10:08:58,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\winA404.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
16/01/2007 10:08:58,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ROFC7WFG\mulbin32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
16/01/2007 10:08:56,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AGLZ5LYL\antzom[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
16/01/2007 10:08:19,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7WPP1W29\wlzip32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
16/01/2007 06:55:10,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\47GK2PB5\wlzip32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
16/01/2007 06:55:09,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7WPP1W29\mulbin32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
16/01/2007 06:55:09,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\winA83C.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
16/01/2007 06:55:06,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ROFC7WFG\antzom[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
15/01/2007 06:51:01,Virus scanner,Tracking Cookie,Removal not attempted,File,2007.01.14.008,10.0.0.86,SYSTEM,SHAWN,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Removal not attempted"
08/01/2007 07:42:21,Virus scanner,Tracking Cookie,Removal not attempted,File,2007.01.07.005,10.0.0.86,SYSTEM,SHAWN,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Removal not attempted"
18/12/2006 21:39:44,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\rcmwjehm.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
18/12/2006 06:41:39,Virus scanner,Tracking Cookie,Fully removed,File,2006.12.17.006,10.0.0.86,SYSTEM,SHAWN,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Fully removed"
17/12/2006 23:34:21,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\bsyigygv.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
16/12/2006 16:24:43,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\bhrdskol.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
15/12/2006 19:30:12,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\xotvkoqi.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
14/12/2006 21:13:31,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\hdgacrci.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
14/12/2006 21:13:31,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\bdfsqset.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
14/12/2006 16:53:01,Auto-Protect,Downloader,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OJC7QV6L\L2[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
14/12/2006 16:50:19,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\rbbxqtbf.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
14/12/2006 16:50:19,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\plsobivo.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
13/12/2006 21:15:28,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\mdfnyjdd.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
13/12/2006 20:23:17,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\mxtyftyr.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
12/12/2006 21:16:27,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\jvrbxyxs.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
12/12/2006 02:03:21,Auto-Protect,RazeSpyware,Fully removed,File,2006.12.11.017,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\drvcew.dll,Risk category: Security risk,Overall Risk Impact: Medium,Action taken: Fully removed"
11/12/2006 19:54:55,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\bipbfnci.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
11/12/2006 18:49:55,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\ysytuuur.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
11/12/2006 18:26:48,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\kfvliojh.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
11/12/2006 16:52:06,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YHOZCFUP\FOYGq2JV9B[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
11/12/2006 16:50:24,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win178B.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
11/12/2006 16:50:24,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OJC7QV6L\mulbin32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
11/12/2006 16:50:18,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85MB23QN\antzom[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
11/12/2006 16:48:50,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\xxywuvt.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
11/12/2006 16:48:50,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MVMH8DU3\wlzip32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
11/12/2006 16:48:50,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win1776.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
10/12/2006 22:21:34,Virus scanner,W32.Alcra.B,Fully removed,File,2006.12.10.007,10.0.0.86,SYSTEM,SHAWN,"Source: [setup.exe] inside of [c:\documents and settings\owner\my documents\my music\railroad tycoon 2 - gold.zip],Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
10/12/2006 20:50:12,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\ghdybmwd.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
10/12/2006 16:51:07,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win7A4.tmp,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
10/12/2006 16:51:07,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YHOZCFUP\FOYGq2JV9B[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
10/12/2006 16:49:29,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win79A.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
10/12/2006 16:49:29,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OJC7QV6L\mulbin32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
10/12/2006 16:49:27,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\ddcbabb.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
10/12/2006 16:49:26,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MVMH8DU3\wlzip32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
10/12/2006 16:49:25,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YHOZCFUP\antzom[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
10/12/2006 12:41:31,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\ouffcpnp.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
10/12/2006 11:38:34,Virus scanner,W32.Alcra.F,Fully removed,File,2006.12.09.003,10.0.0.86,SYSTEM,SHAWN,"Source: [setup.exe] inside of [c:\documents and settings\owner\my documents\my music\battlestar galactica 3x01 (dsrip-omicron)[vtv].zip],Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
10/12/2006 10:04:51,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\xmbvqvuu.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
10/12/2006 00:35:17,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\stdpevxi.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
09/12/2006 09:54:19,Virus scanner,Tracking Cookie,Fully removed,File,2006.12.08.017,10.0.0.86,SYSTEM,SHAWN,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Fully removed"
08/12/2006 20:04:30,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\drrndsii.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 16:36:56,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OJC7QV6L\FOYGq2JV9B[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 16:36:56,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win4A8.tmp,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 16:35:17,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MVMH8DU3\mulbin32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
08/12/2006 16:35:17,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win437.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
08/12/2006 16:34:58,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OJC7QV6L\antzom[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 16:34:56,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YHOZCFUP\wlzip32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
08/12/2006 16:34:52,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\gebxwtt.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 07:35:52,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\bmnifdtn.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 07:04:59,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\mangyipr.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 01:42:41,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85MB23QN\FOYGq2JV9B[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 01:42:41,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win174.tmp,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 01:41:16,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\win166.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
08/12/2006 01:41:16,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\byxyxvu.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
08/12/2006 01:41:16,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YHOZCFUP\mulbin32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
08/12/2006 01:41:16,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OJC7QV6L\wlzip32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
08/12/2006 01:41:12,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MVMH8DU3\antzom[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
07/12/2006 23:37:51,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\exbwwrlf.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
07/12/2006 21:08:35,Auto-Protect,Adware.TSAdBot,Removal failed,File,2006.12.07.018,10.0.0.86,SYSTEM,SHAWN,"Source: D:\CRAZYDRAKE.EXE,Risk category: Adware,Overall Risk Impact: High,Action taken: Removal failed"
07/12/2006 19:39:00,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MVMH8DU3\FOYGq2JV9B[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
07/12/2006 19:39:00,Auto-Protect,Trojan.Busky,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\winDC.tmp,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
07/12/2006 19:38:20,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MVMH8DU3\wlzip32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
07/12/2006 19:38:19,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85MB23QN\mulbin32[1].exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
07/12/2006 19:38:18,Auto-Protect,Trojan.Vundo,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\vtusqnn.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
07/12/2006 19:38:16,Auto-Protect,Adware.Purityscan,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\Temp\winD8.tmp,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
07/12/2006 19:37:52,Auto-Protect,Trojan.Nebuler,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YHOZCFUP\antzom[1].exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Blocked"
07/12/2006 08:39:00,Virus scanner,Trojan.Vundo,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: c:\WINDOWS\system32\mjcbanmm.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
07/12/2006 08:39:00,Virus scanner,Trojan.Vundo,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: c:\WINDOWS\system32\dfqclxhd.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
07/12/2006 08:38:57,Virus scanner,Adware.Savenow,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: c:\program files\daemon tools\setupdtsb.exe,Risk category: Adware,Overall Risk Impact: Low,Action taken: Fully removed"
07/12/2006 08:38:57,Virus scanner,Adware.Topsearch,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: c:\documents and settings\Owner\local settings\Temp\asmfiles.cab,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Fully removed"
07/12/2006 08:38:57,Virus scanner,Trojan.Busky,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: c:\documents and settings\Owner\local settings\Temp\win1ee.tmp.exe,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
07/12/2006 08:38:57,Virus scanner,Adware.P2PNetworking,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: c:\documents and settings\Owner\local settings\Temp\p2psetup.exe,Risk category: Adware,Overall Risk Impact: Low,Action taken: Fully removed"
07/12/2006 08:38:40,Virus scanner,Tracking Cookie,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: ,Risk category: Cookie,Overall Risk Impact: Low,Action taken: Fully removed"
06/12/2006 23:17:34,Auto-Protect,Trojan.Vundo,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Program Files\VSAdd-in\VSAdd-in.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
06/12/2006 23:17:12,Auto-Protect,Adware.888bar,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Program Files\Common Files\{782A1583-0AE7-2057-0731-03091903002c}\system.dll,Risk category: Security risk,Overall Risk Impact: High,Action taken: Fully removed"
06/12/2006 23:13:28,Auto-Protect,Trojan.Busky,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: C:\WINDOWS\system32\nngabrl.dll,Risk category: Virus,Overall Risk Impact: High,Action taken: Fully removed"
06/12/2006 23:00:35,Auto-Protect,Adware.MaxSearch,Fully removed,File,2006.12.06.016,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\85MB23QN\122[1].net,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Fully removed"
06/12/2006 22:59:33,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temp\b122.exe,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"
06/12/2006 22:59:33,Auto-Protect,Adware.MaxSearch,Blocked,File,N/A,10.0.0.86,SYSTEM,SHAWN,"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MVMH8DU3\122[1].net,Risk category: Adware,Overall Risk Impact: Medium,Action taken: Blocked"

#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 23 January 2007 - 04:26 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

==============
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\fkvtptka.dll",setvm

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\fkvtptka.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot

Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.


Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#4 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 24 January 2007 - 01:26 PM

Hi
Followed everything but i have a problem
super antispyware has been running for 20 hours and has not moved off a regkey plus windows defender doesn't finish its scan and stops.

Super antispyware has found 8 threats but i cant do anything with it it justs stops works and the clock just keep counting up.

Thanks reports from what i was able to do

Shawn

SmitFraudFix v2.133

Scan done at 16:40:01.21, 24/01/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\svchost.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Logfile of HijackThis v1.99.1
Scan saved at 17:04:15, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\tkihmnpv.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4939BD3-2957-4589-8BD3-5F5DE4173EFF}: NameServer = 192.168.0.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#5 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 24 January 2007 - 01:36 PM

SpyBot is the same aswell it just stops scanning have let it run for 2 hours and not moved only take 30mins tops usually

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 24 January 2007 - 01:41 PM

turn off TeaTimer in SpyBot -

MODE - ADVANCED - TOOLS - RESIDENT - unCheck both boxes

Do the hijack fix again


run the tools in safe mode
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 24 January 2007 - 04:01 PM

Hi
super antispyware found 4 threats so before it stopped i pressed next and it deleted the threats so i redone the scan and it ran.
this is the results

This is the 4 it found

SUPERAntiSpyware Scan Log
Generated 01/24/2007 at 06:28 PM

Application Version : 3.5.1016

Core Rules Database Version : 3171
Trace Rules Database Version: 1181

Scan type : Complete Scan
Total Scan Time : 00:00:49

Memory items scanned : 327
Memory threats detected : 4
Registry items scanned : 0
Registry threats detected : 0
File items scanned : 0
File threats detected : 4

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\JKKLK.DLL
C:\WINDOWS\SYSTEM32\JKKLK.DLL

Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINJJQ32.DLL
C:\WINDOWS\SYSTEM32\WINJJQ32.DLL

Trojan.Downloader-WBRock
C:\WINDOWS\SYSTEM32\BYXURSP.DLL
C:\WINDOWS\SYSTEM32\BYXURSP.DLL

Trojan.Downloader-Quake11
C:\WINDOWS\SYSTEM32\TKIHMNPV.DLL
C:\WINDOWS\SYSTEM32\TKIHMNPV.DLL


and this is the full scan after


SUPERAntiSpyware Scan Log
Generated 01/24/2007 at 08:32 PM

Application Version : 3.5.1016

Core Rules Database Version : 3171
Trace Rules Database Version: 1181

Scan type : Complete Scan
Total Scan Time : 01:38:45

Memory items scanned : 548
Memory threats detected : 0
Registry items scanned : 7544
Registry threats detected : 27
File items scanned : 85093
File threats detected : 30

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mywebsearch[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.antivermins[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@go.drivecleaner[3].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@publishers.clickbooth[2].txt
C:\Documents and Settings\Owner\Cookies\owner@amlocalhost.trymedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sitestats.tiscali.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1071024516[1].txt
C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\owner@go.drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@malwarewipe[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.telegraph.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mb[3].txt

Unclassified.Unknown Origin
HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}
HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}\InprocServer32
HKCR\CLSID\{3FD6B99C-A275-46EA-8FD1-3D63986E51E4}\InprocServer32#ThreadingModel
HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}
HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}\InprocServer32
HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}\InprocServer32#ThreadingModel

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR

Malware.Safety Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafetyBar#DisplayName

Malware.VirusBurst
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\0
HKCR\TypeLib\{02A40EA7-B5B4-4F41-B2FF-2A8A0AEC50CF}\1.0\FLAGS

Trojan.Downloader-Quake11
C:\!KILLBOX\QKERPUIW.DLL
C:\WINDOWS\SYSTEM32\BTYECYGE.DLL
C:\WINDOWS\SYSTEM32\TPEGBSCS.DLL

Trojan.Downloader-SVCHost/Fake
C:\PROGRAM FILES\COMMON FILES\SVCHOST.EXE
C:\RECYCLER\S-1-5-21-1060284298-1592454029-725345543-1003\DC195.EXE
C:\WINDOWS\TEMP\WINA400.TMP.EXE
C:\WINDOWS\TEMP\WINA838.TMP.EXE
C:\WINDOWS\TEMP\WINB372.TMP.EXE

Kontiki Download Manager Browser Helper Object
C:\RECYCLER\S-1-5-21-1060284298-1592454029-725345543-1003\DC218\BIN\BH309190.DLL

Trojan.Downloader-WBRock
C:\WINDOWS\SYSTEM32\JKKHIIF.DLL
C:\WINDOWS\SYSTEM32\VTUSRQP.DLL



and now Hijackthis report


Logfile of HijackThis v1.99.1
Scan saved at 20:57:05, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\byxursp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8C8B542E-B510-430C-B802-34B84C73C844} - C:\WINDOWS\system32\jkklk.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4939BD3-2957-4589-8BD3-5F5DE4173EFF}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxursp - byxursp.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 24 January 2007 - 05:04 PM

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
=====================

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\byxursp.dll (file missing)

O2 - BHO: (no name) - {8C8B542E-B510-430C-B802-34B84C73C844} - C:\WINDOWS\system32\jkklk.dll (file missing)

O20 - Winlogon Notify: byxursp - byxursp.dll (file missing)

O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 25 January 2007 - 02:15 AM

Downloaded and scanned found nothing

Fixed the 2 with Hijackthis

deleted the windows temp file



Logfile of HijackThis v1.99.1
Scan saved at 07:08:34, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Alerts\UnitedAlerts.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [United Alerts] "C:\Program Files\United Alerts\UnitedAlerts.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: NTLSignup - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396447448
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4939BD3-2957-4589-8BD3-5F5DE4173EFF}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 25 January 2007 - 10:13 AM

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 Shawn_Townsend

Shawn_Townsend
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 25 January 2007 - 11:25 AM

Thank you very much and i hope it stays that way :D

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:15 AM

Posted 26 January 2007 - 05:03 PM

MFDnSC is no longer available but on behalf of him you certainly are welcome.

To protect yourself against malware and reduce the potential for re-infection, read:
• "Simple and easy ways to keep your computer safe".
• "The Ten Most Dangerous Things Users Do Online".
• "How did I get infected?, With steps so it does not happen again!".

Stay malware free. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users