Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shortcuts On Desktop Do Not Work


  • This topic is locked This topic is locked
24 replies to this topic

#1 user55

user55

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 30 March 2007 - 11:56 AM

I recently tried to fiddle with my computer themes and downloaded flyakiteosx. After i got bored of the theme i went to uninstall it then i realised my shortcuts dont work. However, if i right click the icon then click open, it works just fine. I'm guessing there's a problem with some double click thing?? Thanks in advance :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 12:49:07 AM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0 -reboot 1
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/sweetop...ia.1.0.0.22.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:49 AM

Posted 06 April 2007 - 08:20 AM

Hello and welcome to BC. :thumbsup:

Sorry for the delayed response. If you've not received help elsewhere and still need help, please post a fresh HijackThis log and I'll be happy to help you.

#3 user55

user55
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 06 April 2007 - 11:29 AM

oh, Hello! thanks for helping. the main problem bugging me is that my double click on the desktop doesn't work. this applies for my shortcuts such as itunes and firefox.
my antivirus software also seems to be acting up and tells me Norton AntiVirus Scanner Module has encountered a problem and needs to close. We are sorry for the inconvenience. everytime i open microsoft word.
my cd player also cant play certain cds so i'm guessing it isnt a hardware problem?? like it chooses to read my discs whenever it feels like doing so.
uhh. those seem to be the most obvious problems at the moment. thanks again!! :D



Logfile of HijackThis v1.99.1
Scan saved at 12:22:23 AM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0 -reboot 1
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/sweetop...ia.1.0.0.22.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:49 AM

Posted 06 April 2007 - 03:35 PM

Hi,

First of all, I see Norton Scriptblocking service present. You'll need to disable it as it may interfere with next fix.

Disable the Script Blocking Service:

Click Start>Run, type in services.msc and hit enter.

From the list find ScriptBlocking Service and right click on it... choose properties. Stop the service and change the Startup to Disabled for now and exit the services console.

==============================================

Download and Save Cleandesktop to your computer from this link:

http://www.thespykiller.co.uk/files/cleandesktop.exe and double click (if you can) on the cleandesktop.exe

It will automatically extract to c:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script

If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs

Do not run any other file from there!

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

If you get a message when you first run it "Can not find script file ........",etc., don't worry just doubleclick the cleandesktop.vbs script again you sometimes get that message when a script blocker blocks the script.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.

Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop.

===========================================


Next, Let's also do some cleaning and deep scanning and see where we go from there.
Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.

===========================================

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Posted Image
  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

========================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=======================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

========================================

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.
=========================================

Reboot in Normal Mode.

=========================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version.

=========================================

Perform an online scan using Internet Explorer with Panda ActiveScan
  • Click on Posted Image located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting Posted Image
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on Posted Image then click Posted Image and post back the contents please.
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

==========================================



Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  • Please attach extra.txt to your post.
To attach a file to a new post, simply
  • Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  • copy and paste the following into the "Upload File from your Computer" box:

    C:\Deckard\System Scanner\extra.txt

  • Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
==========================================

Please post back the results from AVG Anti-Spyware and Panda online scans, main.txt , extra.txt, and a fresh HijackThis log.

#5 user55

user55
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 08 April 2007 - 12:30 AM

okay while doing what you instructed me to do, some problems cropped up.

i could not remove any of the past versions of java because this screen came up
The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
This was also a problem when i tried to remove the program called Styler (a skinning program) from my computer

then panda scan refused to load
An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again
Possible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...

Other than those 2 problems, the double click problem is still unsolved.



Here is the Deckard log,

Deckard's System Scanner v20070328.36
Run by Mervyn on 2007-04-08 at 13:15:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
70: 2007-04-08 05:16:02 UTC - RP395 - Deckard's System Scanner Restore Point
69: 2007-04-06 12:06:20 UTC - RP394 - System Checkpoint
68: 2007-04-05 11:13:44 UTC - RP393 - System Checkpoint
67: 2007-04-04 08:31:12 UTC - RP392 - Software Distribution Service 2.0
66: 2007-04-03 10:36:20 UTC - RP391 - System Checkpoint


-- First Restore Point --
1: 2007-01-06 16:04:55 UTC - RP326 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Mervyn.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:17:12 PM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\program files\steam\steam.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mervyn\My Documents\My Downloads\dss.exe
C:\PROGRA~1\HIJACK~1\Mervyn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0 -reboot 1
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/sweetop...ia.1.0.0.22.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 cbidf - c:\windows\system32\drivers\cbidf2k.sys
R0 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys
R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys
R2 PfModNT - c:\windows\system32\drivers\pfmodnt.sys
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys
R3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - c:\windows\system32\drivers\wmbenum.sys
R3 WmXlCore (Logitech WingMan Translation Layer Driver) - c:\windows\system32\drivers\wmxlcore.sys

S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys
S3 hidgame (Microsoft Hid to Joystick Port Enabler) - c:\windows\system32\drivers\hidgame.sys
S3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys
S3 SE2Cbus (Sony Ericsson Device 044 Driver driver (WDM)) - c:\windows\system32\drivers\se2cbus.sys
S3 SE2Cmdfl (Sony Ericsson Device 044 USB WMC Modem Filter) - c:\windows\system32\drivers\se2cmdfl.sys
S3 SE2Cmdm (Sony Ericsson Device 044 USB WMC Modem Driver) - c:\windows\system32\drivers\se2cmdm.sys
S3 SE2Cobex (Sony Ericsson Device 044 USB WMC OBEX Interface) - c:\windows\system32\drivers\se2cobex.sys
S3 WmFilter (Logitech Gaming HID Filter Driver) - c:\windows\system32\drivers\wmfilter.sys
S3 WmHidLo (Logitech Gaming USB Filter Driver) - c:\windows\system32\drivers\wmhidlo.sys
S3 WmVirHid (Logitech Virtual Hid Device Driver) - c:\windows\system32\drivers\wmvirhid.sys
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S3 xusb20 (Xbox 360 Wireless Receiver for Windows Driver Service) - c:\windows\system32\drivers\xusb20.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ISSVC - "c:\program files\norton internet security\issvc.exe"
R2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe

S3 MSCSPTISRV - "c:\program files\common files\sony shared\avlib\mscsptisrv.exe"
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
S3 SPTISRV (Sony SPTI Service) - "c:\program files\common files\sony shared\avlib\sptisrv.exe"
S3 SSScsiSV (SonicStage SCSI Service) - c:\program files\common files\sony shared\avlib\ssscsisv.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-08 00:43:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2007-04-06 20:00:00 550 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Mervyn.job<NORTON~1.JOB>
2007-03-28 18:57:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-03-08 and 2007-04-08 -----------------------------

2007-04-08 13:10:31 0 d-------- C:\WINDOWS\LastGood
2007-04-07 13:03:48 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-07 12:58:42 0 d-------- C:\Program Files\CCleaner
2007-04-07 12:56:17 0 d-------- C:\desktopclean<DESKTO~1>
2007-04-04 22:37:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!<MESSEN~1>
2007-04-03 00:06:05 0 d-------- C:\Program Files\TVUPlayer<TVUPLA~1>
2007-04-02 20:51:00 53248 --a------ C:\WINDOWS\vdrive.exe
2007-04-02 20:51:00 360448 --a------ C:\WINDOWS\uni_mgr.exe
2007-04-02 20:50:52 31712 --a------ C:\WINDOWS\system32\drivers\cdant.sys
2007-04-02 20:49:58 0 d-------- C:\Documents and Settings\Annie\WINDOWS
2007-04-02 20:39:17 0 d-------- C:\Documents and Settings\Annie\Application Data\Template
2007-04-02 01:15:47 0 d--h----- C:\Documents and Settings\Mervyn\Application Data\Move Networks<MOVENE~1>
2007-03-30 23:20:11 0 d-------- C:\Documents and Settings\Mervyn\.housecall6.6<HOUSEC~1.6>
2007-03-29 20:43:30 0 d-------- C:\Documents and Settings\Esther\Application Data\PlayFirst<PLAYFI~1>
2007-03-26 23:01:31 0 d-------- C:\Program Files\StuffPlug3<STUFFP~1>
2007-03-14 19:10:46 0 d-------- C:\Program Files\iPod
2007-03-14 19:02:24 0 d-------- C:\Program Files\QuickTime<QUICKT~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-08 12:53:23 0 d-------- C:\Program Files\Steam
2007-04-08 03:56:40 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000001-00001102-00000004-20061102}.dat<DVCSTA~2.DAT>
2007-04-08 03:56:40 384 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000001-00001102-00000004-20061102}.dat<DVCSTA~1.DAT>
2007-04-08 03:52:30 0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-04-07 12:54:40 0 d---s---- C:\Documents and Settings\Mervyn\Application Data\Microsoft<MICROS~1>
2007-04-03 23:09:33 0 d-------- C:\Program Files\e-Sword
2007-03-30 22:10:02 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-03-30 19:54:34 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-30 19:54:33 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-30 19:54:27 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-30 19:26:37 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-03-30 19:22:39 0 d-------- C:\Program Files\iTunes
2007-03-30 18:41:49 0 d-------- C:\Program Files\Common Files\Stardock
2007-03-30 18:40:06 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-03-30 18:39:33 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-30 00:03:43 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-28 14:19:47 0 d-------- C:\Documents and Settings\Mervyn\Application Data\uTorrent
2007-03-26 23:18:23 0 d-------- C:\Program Files\MessengerPlus! 3<MESSEN~2>
2007-03-25 12:44:06 0 d-------- C:\Program Files\Knight Online<KNIGHT~1>
2007-03-10 15:37:39 32 --a------ C:\WINDOWS\popcinfo.dat
2007-03-08 23:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 23:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 23:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 21:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 19:03:14 0 d-------- C:\Documents and Settings\Mervyn\Application Data\MSNInstaller<MSNINS~1>
2007-03-05 13:03:52 0 d-------- C:\Program Files\LimeWire
2007-03-04 16:43:45 0 d-------- C:\Program Files\Mp3R
2007-03-04 16:43:28 2 --a------ C:\WINDOWS\pvpeformr.sys<PVPEFO~1.SYS>
2007-03-04 16:43:28 2 --a------ C:\WINDOWS\pvpeformr.dll<PVPEFO~1.DLL>
2007-02-28 00:23:28 0 d-------- C:\Program Files\Power MP3 Cutter<POWERM~1>
2007-02-23 21:13:31 0 d-------- C:\Program Files\Java
2007-02-17 16:24:13 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-17 16:24:02 0 d-------- C:\Program Files\Eidos Interactive<EIDOSI~1>
2007-02-17 16:23:35 527 --a------ C:\Documents and Settings\Mervyn\Application Data\Gangsters2Setup.lnk<GANGST~1.LNK>
2007-01-18 16:03:49 8960 --a------ C:\WINDOWS\mozver.dat
2007-01-10 22:09:01 39424 --a------ C:\WINDOWS\zipinst.exe
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"Mail.com"="C:\\Program Files\\mail.com\\mcalert.exe -auto"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_0 -reboot 1"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"EPSON Stylus C63 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3C2.EXE /P23 \"EPSON Stylus C63 Series\" /O6 \"USB001\" /M \"Stylus C63\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"CTHelper"="CTHELPER.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f513c5c8-4daa-11da-a79e-806d6172696f}]
Shell\AutoRun\command E:\autorun.exe


-- End of Deckard's System Scanner: finished at 2007-04-08 at 13:17:32 ---------





And the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:20:35 PM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\program files\steam\steam.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0 -reboot 1
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/sweetop...ia.1.0.0.22.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thank you so much!

Attached Files



#6 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:49 AM

Posted 08 April 2007 - 11:29 AM

Hi,

For the windows installer problem, please visit this page.

====================================

Panda has been giving problems lately. Let's try a different scanner:

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information from Kapersky in your next post.

#7 user55

user55
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 08 April 2007 - 11:38 AM

okay the windows installer now works well! thanks!!!! :D

BUT. i dont get anything when i click "accept" on the kaspersky scanner page. i have to download active x objects or something right. i dont think i can because i just tried playing msn games with my friend and i had the same problem of not being able to download activex objects.

i also stumbled upon this program called advanced windowsCare. is this a good program to run?? i wanted to run regcure but i realised that it did nothing upon reading comments by other users.....

please advise!! THANK YOU AGAIN :D

#8 user55

user55
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 08 April 2007 - 11:40 AM

okay my bad. i didnt read properly that i have to use Internet explorer. was using firefox. scanning now.....

#9 user55

user55
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 08 April 2007 - 10:02 PM

Monday, April 09, 2007 10:58:14 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/04/2007
Kaspersky Anti-Virus database records: 275958
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 167561
Number of viruses found 5
Number of infected objects 115 / 0
Number of suspicious objects 20
Duration of the scan process 02:14:03

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/t ... /Kodac dc 005.JPG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..exe Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[ ... /[ ... / ... /[From ][Date Wed, 30 Aug 2006 10:29:51 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[ ... /[ ... /[From Michelle ][Date Wed, 30 Aug 2006 15:01:55 +0800 (CST)]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[ ... /[From "Leong Zhi Hao Jason" ][Date Tue, 29 Aug 2006 17:47:33 +0800]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[From Shawn ... /[From Lin Yinbing ][Date Tue, 29 Aug 2006 14:43:17 +080 ... /text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[From Shawn ... /[From Lin Yinbing ][Date Tue, 29 Aug 2006 14:43:17 +0800]/UNNAMED Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[From Shawn .. ... /[From esther ][Date Tue, 29 Aug 2006 11:00:10 +080 ... /text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[From Shawn .. ... /[From esther ][Date Tue, 29 Aug 2006 11:00:10 +0800]/UNNAMED Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800 ... /[From "Branch Banking and Trust" ][Date Sat, 7 Apr 2007 09:41:16 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/ ... /[From "To ... /[From "Ila Gallegos" ][Date Fri, 6 Apr 2007 22:33:05 -0200]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/ ... /[From "Tonya Diamond" ][Date Fri, 6 Apr 2007 18:29:17 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[From "Numbers Gibbons" ][Date Fri, 6 Apr 2007 15:46:31 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[Fr .. ... ... /[From "Rodney" ][Date Fri, 06 Apr 2007 13:50:08 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[Fr .. ... /[From Wb2312?B?wdYgwdU- ][Date Fri, 06 Apr 2007 13:08:14 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[Fr ... /[From "Billie Bright" ][Date Fri, 6 Apr 2007 10:02:21 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[From "Bu .. ... /[From "Suzanne Khaw" ][Date Tue, 3 Apr 2007 15:08:25 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[From "Bu ... /[From "Karen Delaney" ][Date Tue, 3 Apr 2007 01:19:20 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[From "Buddy Zavala" ][Date Sun, 1 Apr 2007 20:47:57 -0200]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ .. ... /[From Zheng Feng Lim ][Date Mon, 2 Apr 2007 18:07:28 +0100 (BST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ .. ... /[From Goh KianThong ... /[From esther ][Date Mon, 02 Apr 2007 22:58:18 +0800]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ .. ... /[From Goh KianThong ][Date Tue, 27 Mar 2007 15:03:55 +0800 (CST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[ ... /[From processed: message from valid local sender)][Date Tue, 27 Mar 2007 13:27:15 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[From Shawn ... /[From "Teo Jin Huang" ][Date Thu, 4 May 2006 13:03:45 +0800]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... / ... /[From Shawna Lim ][Date Thu, 4 May 2006 13:00:20 +0800 (CST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[ ... /[From Friendster ][Date Fri, 21 Apr 2006 09:58:06 -0700 (PDT)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[ ... /[F ... /[From "Rachna Demello" ][Date Fri, 21 Apr 2006 10:40:49 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[ ... /[From "Combs Bobbie " ][Date Thu, 20 Apr 2006 10:06:47 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[ ... /[From "Carter Wendell" ][Date Thu, 20 Apr 2006 09:44:36 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[From "About. ... /[From "Cheryl Fu" ][Date Mon, 28 Nov 2005 21:31:01 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[From "About.c ... /[From "Jasmine Foo" ][Date Sun, 27 Nov 2005 00:47:43 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[From "About.com Fr ... /[From "Estella" ][Date Sat, 26 Nov 2005 04:53:09 -0100]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[ ... /[From "About.com French Language Guide" ][Date Tue, 22 Nov 2005 08:23:24 GMT]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From ... / ... /[From "denver reber" ][Date Tue, 15 Nov 2005 14:48:58 +0300]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From ... /[From "federic ... /[From "Roni " ][Date Tue, 15 Nov 2005 07:29:30 -0600]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From ... /[From "federico sessions" ][Date Fri, 11 Nov 2005 05:32:41 -0100]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From J ... /[From "blaine hyden" ][Date Thu, 10 Nov 2005 15:10:51 +0600]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From J ... /[ ... /[From "buford bridge" ][Date Thu, 10 Nov 2005 19:27:55 -0500]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From J ... /[From "James Chia" ][Date Thu, 10 Nov 2005 21:05:15 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From Ji ... /[ ... /[From "dusty swiger" ][Date Mon, 07 Nov 2005 12:02:03 +0500]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From Ji ... /[From "Lee Yuxian Jay" ][Date Sat, 29 Oct 2005 11:56:03 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From Jiahui C ... /[From esther yee ][Date Fri, 28 Oct 2005 21:53:34 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From ... /[From Jiahui Charmaine Chan ][Date Fri, 28 Oct 2005 08:43:05 +1300]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text/[From esther yee ][Date Sat, 22 Oct 2005 13:29:59 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infected - 47 skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" ][Date Wed, 30 Aug 2006 10:29:51 +0200]/Kodac Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" ][Date 29 Aug 2006 12:57:57 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" ][Date Tue, 29 Aug 2006 13:07:02 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" ][Date Sun, 27 Aug 2006 11:24:11 +0200]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" ][Date Sat, 26 Aug 2006 17:32:31 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" ][Date Sat, 26 Aug 2006 19:59:46 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" ][Date Mon, 21 Aug 2006 00:46 ... /[From "Huggins" ][Date Tue, 22 Aug 2006 18:29:15 +0100]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text/[From "Galindo" ][Date Mon, 21 Aug 2006 00:46:14 +0800]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text/[From ][Date Fri, 16 Dec 2005 21:51:58 GMT]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text/[From "vaughn piepenbrink " ][Date Wed, 14 Dec 2005 07:36:12 +0500]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text/[From "Riley" ][Date Tue, 06 Dec 2005 15:43:00 +0500]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk/[From "Amethyst" ][Date Tue, 29 Nov 2005 17:52:07 +0300]/text Infected: Trojan-Downloader.Win32.Botol.k skipped
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Junk Mail Berkeley mbox: infected - 14 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mervyn\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mervyn\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Mervyn\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\history.dat Object is locked skipped
C:\Documents and Settings\Mervyn\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\key3.db Object is locked skipped
C:\Documents and Settings\Mervyn\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\parent.lock Object is locked skipped
C:\Documents and Settings\Mervyn\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Mervyn\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Mervyn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mervyn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mervyn\Local Settings\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mervyn\Local Settings\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mervyn\Local Settings\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mervyn\Local Settings\Application Data\Mozilla\Firefox\Profiles\24pe3uy2.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mervyn\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mervyn\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mervyn\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mervyn\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-04-08.21-24-18.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06ED0ED7.tmp/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06ED0ED7.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06ED0ED7.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0AA070FE.tmp Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB04C68.tmp/[From ar00001e1c@hotmail.com][Date Wed, 11 Jan 2006 18:46:05 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB04C68.tmp/[From ar00001e1c@hotmail.com][Date Wed, 11 Jan 2006 18:46:05 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB04C68.tmp Mail: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB04C68.tmp CryptFF: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB62060.tmp/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB62060.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CB62060.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D2C7D0C.tmp Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FB44AD8.tmp/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FB44AD8.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FB44AD8.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14D02D95.tmp/[From elisa_kilgore@eon.net.au][Date Sat, 24 Dec 2005 15:17:10 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14D02D95.tmp/[From elisa_kilgore@eon.net.au][Date Sat, 24 Dec 2005 15:17:10 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14D02D95.tmp Mail: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14D02D95.tmp CryptFF: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18B85DB4.tmp Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\192E7CFA.tmp/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\192E7CFA.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\192E7CFA.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19484CDE.tmp/[From 98@eyi.com][Date Sat, 7 Jan 2006 04:41:22 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19484CDE.tmp/[From 98@eyi.com][Date Sat, 7 Jan 2006 04:41:22 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19484CDE.tmp Mail: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19484CDE.tmp CryptFF: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E5E38BB.tmp/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E5E38BB.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E5E38BB.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32131717.tmp Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B085DA8.tmp/Important.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B085DA8.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B085DA8.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F5C5576.tmp/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F5C5576.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F5C5576.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F7A4F56.tmp/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F7A4F56.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F7A4F56.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56BE2CD2.tmp/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56BE2CD2.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56BE2CD2.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59D07F19.tmp/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59D07F19.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59D07F19.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65946123.tmp/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65946123.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65946123.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6B790E1F.tmp/[From skydtiver@singnet.com.sg][Date Mon, 9 Jan 2006 22:41:33 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6B790E1F.tmp/[From skydtiver@singnet.com.sg][Date Mon, 9 Jan 2006 22:41:33 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6B790E1F.tmp Mail: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6B790E1F.tmp CryptFF: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\711A4B1D.tmp/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\711A4B1D.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\711A4B1D.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71341B00.tmp/[From slamm@netscape.com][Date Mon, 2 Jan 2006 11:51:50 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71341B00.tmp/[From slamm@netscape.com][Date Mon, 2 Jan 2006 11:51:50 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71341B00.tmp Mail: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71341B00.tmp CryptFF: suspicious - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78486469.tmp/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78486469.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78486469.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D0212DF.tmp/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D0212DF.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D0212DF.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D13582A.tmp/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D13582A.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D13582A.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D6C5A36.tmp/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D6C5A36.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D6C5A36.tmp CryptFF: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP401\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000001-00001102-00000004-20061102}.CDF Object is locked skipped
Scan process completed.

#10 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:49 AM

Posted 09 April 2007 - 09:36 AM

Hi,

You have some email in your Thunderbird Inbox which are infected. Both the text and the attached picture are infected. There are too many of the same message to list here. Please go into your inbox and find all the messages similar to the one below and delete them all.

C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox/[From "Dr Tan Seow Hon" ][Date Wed, 29 Jun 2005 22:22:16 +0800]/UNNAMED/[From "Esther Leong" ][Date Wed, 14 Sep 2005 15:50:00 +0800]/UNNAMED/[From "Yee Swee Yoong Esther" ][Date Thu, 13 Oct 2005 19:22:53 +0800]/UNNAMED/[From esther yee ][Date Thu, 20 Oct 2005 18:48:49 +0800]/t ... /Kodac dc 005.JPG . . . . . . . . . . . . . . . .

Also empty your "Junk" folder in Thunderbird and check what's inside the following folder:

C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox Mail Berkeley mbox

Empty the contents of your Norton Antivirus Quarantine:

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\

====================

Run Ccleaner again.

====================

For the double click problem, it doesn't seem to be malware related. I would suggest that you post it in the XP forum.

====================

Let's run one more scan.
  • Please download ComboFix

    Note: It is important that it is saved directly to your desktop.

    Close all browsers.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply
  • Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox.
Please post the combofix.txt in your next reply along with a fresh HijackThis log.

#11 user55

user55
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 09 April 2007 - 10:46 AM

uhhh. right. i cant seem to find this file
C:\Documents and Settings\Esther\Application Data\Thunderbird\Profiles\ggoxi9nx.default\Mail\Local Folders\Inbox Mail Berkeley mbox
as the local folders directory is empty.

to empty the quarantine i have to just delete the folder? or do i have to go through norton antivirus? somehow, my antivirus cant open because "Symantec Integrator has encountered a problem and needs to close. We are sorry for the inconvenience." (what useless information to tell me.) any advise on that?

k here is the combofix report

"Mervyn" - 07-04-09 23:34:25 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Mervyn\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.log


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\LEGACY_NM


((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 ))))))))))))))))))))))))))))))))))


2007-04-09 00:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-04-09 00:24 <DIR> d-------- C:\Program Files\IObit
2007-04-08 13:15 <DIR> d-------- C:\Deckard
2007-04-07 13:03 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-04-07 12:58 <DIR> d-------- C:\Program Files\CCleaner
2007-04-07 12:56 <DIR> d-------- C:\desktopclean
2007-04-04 22:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-04-03 00:06 <DIR> d-------- C:\Program Files\TVUPlayer
2007-04-02 20:51 53,248 --a------ C:\WINDOWS\vdrive.exe
2007-04-02 20:51 360,448 --a------ C:\WINDOWS\uni_mgr.exe
2007-04-02 20:50 31,712 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdant.sys
2007-04-02 20:49 <DIR> d-------- C:\DOCUME~1\Annie\WINDOWS
2007-04-02 20:39 <DIR> d-------- C:\DOCUME~1\Annie\APPLIC~1\Template
2007-04-02 01:15 <DIR> d--h----- C:\DOCUME~1\Mervyn\APPLIC~1\Move Networks
2007-03-30 23:20 <DIR> d-------- C:\DOCUME~1\Mervyn\.housecall6.6
2007-03-29 20:43 <DIR> d-------- C:\DOCUME~1\Esther\APPLIC~1\PlayFirst
2007-03-26 23:01 <DIR> d-------- C:\Program Files\StuffPlug3
2007-03-14 19:10 <DIR> d-------- C:\Program Files\iPod
2007-03-14 19:02 <DIR> d-------- C:\Program Files\QuickTime


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-09 23:25 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-09 22:26 -------- d-------- C:\Program Files\steam
2007-04-09 12:24 384 --a------ C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000003-00000000-00000001-00001102-00000004-20061102}.dat
2007-04-09 12:24 384 --a------ C:\WINDOWS\SYSTEM32\dvcstate-{00000003-00000000-00000001-00001102-00000004-20061102}.dat
2007-04-09 12:18 -------- d-------- C:\Program Files\mozilla thunderbird
2007-04-09 00:33 -------- d-------- C:\Program Files\java
2007-04-09 00:29 -------- d-------- C:\Program Files\styler
2007-04-08 14:18 -------- d-------- C:\Program Files\microsoft games
2007-04-03 23:09 -------- d-------- C:\Program Files\e-sword
2007-03-30 19:54 -------- d-------- C:\Program Files\windows nt
2007-03-30 19:54 -------- d-------- C:\Program Files\movie maker
2007-03-30 19:54 -------- d-------- C:\Program Files\messenger
2007-03-30 19:26 218624 --a------ C:\WINDOWS\SYSTEM32\uxtheme.dll
2007-03-30 19:22 -------- d-------- C:\Program Files\itunes
2007-03-30 18:41 -------- d-------- C:\Program Files\Common Files\stardock
2007-03-30 18:40 2560 --a------ C:\WINDOWS\_msrstrt.exe
2007-03-30 18:39 -------- d-------- C:\Program Files\msn messenger
2007-03-28 14:19 -------- d-------- C:\DOCUME~1\Mervyn\APPLIC~1\utorrent
2007-03-26 23:18 -------- d-------- C:\Program Files\messengerplus! 3
2007-03-25 12:44 -------- d-------- C:\Program Files\knight online
2007-03-10 15:37 32 --a------ C:\WINDOWS\popcinfo.dat
2007-03-08 23:36 577536 --a------ C:\WINDOWS\SYSTEM32\user32.dll
2007-03-08 23:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-03-08 23:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-03-08 21:47 1843584 --a------ C:\WINDOWS\SYSTEM32\win32k.sys
2007-03-05 13:03 -------- d-------- C:\Program Files\limewire
2007-03-04 16:43 2 --a------ C:\WINDOWS\pvpeformr.sys
2007-03-04 16:43 2 --a------ C:\WINDOWS\pvpeformr.dll
2007-03-04 16:43 -------- d-------- C:\Program Files\mp3r
2007-02-28 00:23 -------- d-------- C:\Program Files\power mp3 cutter
2007-02-17 16:24 -------- d--h----- C:\Program Files\installshield installation information
2007-02-17 16:24 -------- d-------- C:\Program Files\eidos interactive
2007-02-17 16:23 527 --a------ C:\DOCUME~1\Mervyn\APPLIC~1\gangsters2setup.lnk
2007-01-18 16:03 8960 --a------ C:\WINDOWS\mozver.dat
2007-01-10 22:09 39424 --a------ C:\WINDOWS\zipinst.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"Mail.com"="C:\\Program Files\\mail.com\\mcalert.exe -auto"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_0 -reboot 1"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"EPSON Stylus C63 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3C2.EXE /P23 \"EPSON Stylus C63 Series\" /O6 \"USB001\" /M \"Stylus C63\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"CTHelper"="CTHELPER.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f513c5c8-4daa-11da-a79e-806d6172696f}]
Shell\AutoRun\command E:\autorun.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Mervyn.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-09 23:39:26
C:\ComboFix-quarantined-files.txt ... 07-04-09 23:39


and the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:44:33 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\program files\steam\steam.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0 -reboot 1
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/sweetop...ia.1.0.0.22.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

thanks!!

#12 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:49 AM

Posted 09 April 2007 - 01:56 PM

Hi,

To delete the contents of the Norton Quarantine:
  • Open Norton
  • click Reports
  • click View Quarantine
  • Highlight Quarantined items
  • click Action (at top of box)
  • Delete Make sure everything is deleted in Quarantine list
  • Close Norton.
    /list]

    As for the desktop icons not opening with double click, it is possible that some files are missing or corrupted as a result of the uninstall of the flyakiteosx. If you have a Windows disk the best way to check is to try Windows File Protection .

    Go to Start > Run and type in

    sfc /scannow

    Note there IS a space after "sfc".

    This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. You may need your Windows disk. Note that you will need to download Windows updates again as they will be lost during this process.

    =================================

    my antivirus cant open because "Symantec Integrator has encountered a problem and needs to close. We are sorry for the inconvenience." (what useless information to tell me.) any advise on that?


    You may have to re-install Norton. Do you still have the disc that came with the Norton or your computer? If you don't have the disk, then perhaps we can remove Norton and then install a free for home use antivirus if you would like. Let me know.

    =================================

    I don't know if I mentioned this before, but I see that you have utorrent and limewire installed. The nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected.
    More than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove them from your system via Add/Remove Programs in Control Panel.

    =================================

    You are also using Messenger Plus. The file msgplus.exe is distributed as a third party MSN extension. However it is also spyware if installed with the sponsor program it offers to install. If this optional sponsor program was installed, this process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising pop-ups. Hopefully you did not install the sponsor program when you installed Messenger Plus. If you did, please remove Messenger Plus from your system via Add/Remove Programs in Control Panel. Reboot. Then you can install the program again, but this time making sure that the sponsor program is not installed.

    =================================

    Make sure that you can see hidden files
    " Click Start
    " Open My Computer
    " Select the Tools menu and click Folder Options
    " Select the View Tab
    " Under the Hidden files and folders heading select Show hidden files and folders
    " Uncheck the Hide protected operating system files (recommended) option
    " Click Yes to confirm
    " Click OK
    ** These files are hidden to stop you accidentally removing something important.
    It is advisable to hide them again after fixing your computer. **

    =================================

    Please go here : http://virusscan.jotti.org/
    On top of the page there is a field to add the filepath, copy and paste these filepaths, one at a time:

    C:\WINDOWS\pvpeformr.sys
    C:\WINDOWS\pvpeformr.dll
    C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000003-00000000-00000001-00001102-00000004-20061102}.dat
    C:\WINDOWS\SYSTEM32\dvcstate-{00000003-00000000-00000001-00001102-00000004-20061102}.dat

    Then hit Submit
    The scan will take a while before the result comes up so please be patient.
    Then save each one and copy the result to post it here.

    If Jotti's service load is too high, you can use the following scanner instead:
    http://www.virustotal.com/xhtml/index_en.html

    ===================================

    Please download the OTMoveIt by OldTimer.
    [list]
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\pvpeformr.sys
    C:\WINDOWS\pvpeformr.dll
    C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000003-00000000-00000001-00001102-00000004-20061102}.dat
    C:\WINDOWS\SYSTEM32\dvcstate-{00000003-00000000-00000001-00001102-00000004-20061102}.dat

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
  • Close OTMoveIt
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")


====================================

Reboot your computer.

====================================

Please post back the Jotti or Virus Total results, OTMoveIt log and a fresh HijackThis log. Also let me know if there is any improvement on the system.

#13 user55

user55
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 10 April 2007 - 04:27 AM

Jotti gave an all OK result. i copied and pasted the results on a word document.

When i was using OTmoveit, this window popped up
The application or DLL C:\WINDOWS\pvpeformr.dll is not a valid Windows image. Please check this against your installation diskette.

Here is the log.
C:\WINDOWS\pvpeformr.sys moved successfully.
LoadLibrary failed for C:\WINDOWS\pvpeformr.dll
C:\WINDOWS\pvpeformr.dll NOT unregistered.
C:\WINDOWS\pvpeformr.dll moved successfully.
C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000003-00000000-00000001-00001102-00000004-20061102}.dat moved successfully.
C:\WINDOWS\SYSTEM32\dvcstate-{00000003-00000000-00000001-00001102-00000004-20061102}.dat moved successfully.

Created on 04/10/2007 17:13:57

And the hijack this log,

Logfile of HijackThis v1.99.1
Scan saved at 5:23:27 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\program files\steam\steam.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0 -reboot 1
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/sweetop...ia.1.0.0.22.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

okay, the double click problem STILL wont go away, my norton antivirus has gone on strike and even refuses to open or let me uninstall it, my cd drive somehow refuses to read anything also (hardware or software problem?). k that should be the remaining problems left. whew. thanks for the help so far!

Attached Files



#14 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:49 AM

Posted 10 April 2007 - 09:08 AM

Hi,

Download ONE of these (free for personal use) anti-virus programs to your desktop, but not install it yet. You'll do that later.

Grisoft AVG from here : http://free.grisoft.com/doc/1
AntiVir Free from here : http://www.free-av.com/
Avast Home Edition from here : http://www.avast.com/eng/down_home.html

Next, please use the instructions on this page to completely uninstall your Norton Products. Once you download the removal tool, disconnect from the internet. Remove Norton using the tool.

Now, you can double click on the installer for the antivirus program (whichever you've decided on) you downloaded earlier on your desktop, and install it. Update it and run a full scan with it. Let it clean whatever it finds.

=================================

Scan with HijackThis and put a checkmark against the following entries:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

The following activeX controls( Download Program Files)will reinstall when(and if) you revisit that website,
UNLESS you know they are from a safe source, check to remove.

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/sweetop...ia.1.0.0.22.cab


Close all browsers and click on "fix checked".
=====================================

Please download FindAWF from: http://noahdfear.geekstogo.com/FindAWF.exe and save it on your desktop. Double-click on the file to run it. It will produce a report (awf.txt). Please post that report as a reply to this thread.

======================================

Download GMER from one of the following links:
http://www.gmer.net/gmer.zip
http://www.majorgeeks.com/GMER_d5198.html

Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode.. other rootkitrevealers don't.

========================================

Please post back the awf.txt, Gmer log, and a fresh HijackThis log please

#15 user55

user55
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 10 April 2007 - 10:00 AM

Find AWF report by noahdfear 2006


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-10 22:57:12
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT Vax347b.sys ZwClose
SSDT 868BB7C8 ZwConnectPort
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT Vax347b.sys ZwEnumerateKey
SSDT Vax347b.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT Vax347b.sys ZwQueryKey
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[3744] WS2_32.dll!send 71AB428A 5 Bytes JMP 018A48E8 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3744] WS2_32.dll!recv 71AB615A 5 Bytes JMP 018A48A6 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3744] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 018A4408 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3744] SHELL32.dll!Shell_NotifyIcon 7CA20C79 5 Bytes JMP 018A1163 C:\Program Files\MessengerPlus! 3\MsgPlusH.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86D5ED88
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 869B1008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 869B1008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86960A68
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 869B2CB0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 869B2CB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 869B2CB0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 86954FB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8695E540
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8695E540
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 868A93C8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 85BE72E0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE EDB70C8A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE EDB6D7C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 84754C50
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE EDB69AED
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION EDB74958
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION EDB77821
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA EDB8038A
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA EDB7FD49
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS EDB79BBE
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION EDB7A331
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION EDB884F4
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL EDB70B37
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL EDB6C948
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL EDB7646B
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN EDB8779D
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL EDB86C4A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP EDB6D2FD
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP EDB871DB
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible EDB821F9
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86238E78
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EBFD0701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86238E78
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EBFD0701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86238E78
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EBFD0701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86238E78
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EBFD0701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86238E78
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EBFD0701] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86990190
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [EBFD089D] tfsnifs.sys

---- Modules - GMER 1.0.12 ----

Module _________ F749C000

---- EOF - GMER 1.0.12 ----


and the hijack this report

Logfile of HijackThis v1.99.1
Scan saved at 10:57:52 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\program files\steam\steam.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Mervyn\LOCALS~1\Temp\Rar$EX00.141\gmer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0 -reboot 1
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users