Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winantivirus and errorsafe pop-ups


  • Please log in to reply

#1
texascowboy

texascowboy

    New Member

  • Member
  • Pip
  • 7 posts
Please help! I continue to be hit with Winantivirus popus and now I'm being hit with errorsafe.com. I have run Cleanup!, CWShreder, Ad-aware, Spybot S&D, Ewido, and have updated Windows. Here is my logfile for Hijackthis and Ewido.


Logfile of HijackThis v1.99.1
Scan saved at 6:18:53 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Lindsay\My Documents\My Music\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:49:01 PM 9/23/2006

+ Scan result:



Nothing found.


::Report end
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi texascowboy and Welcome to GeekstoGo!

Go to the HijackThis folder and Right Click HijackThis.exe

Select Rename and rename it to foo.exe

Double Click foo.exe to launch HijackThis

Do a System Scan and Save a LogFile


Download combofix.exe
http://download.blee...Bs/combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it should produce a log for you.

Post that log in your next reply along with the fresh HijackThis log.

Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#3
texascowboy

texascowboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:26:22 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\hijackthis\foo.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A3311B74-FAB9-46EB-A0E8-3DDDE387EB41} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\grcjtbif.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Lindsay\My Documents\My Music\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




James - 06-09-23 20:19:57.84 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Downloads"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{2C915B2D-035F-1033-0829-000512000001}


((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))


2006-09-22 22:46 26,896 --a------ C:\WINDOWS\system32\hh.exe
2006-09-17 07:20 792,257 ---hs---- C:\WINDOWS\system32\ututv.ini2
2006-09-12 20:25 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-12 20:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-12 20:25 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-10 13:53 793,659 ---hs---- C:\WINDOWS\system32\ututv.bak2
2006-09-10 13:47 926,765 ---hs---- C:\WINDOWS\system32\ututv.bak1
2006-09-10 13:46 577,588 ---hs---- C:\WINDOWS\system32\vtutu.dll
2006-09-09 22:24 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2006-09-09 22:24 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-23 20:22 -------- d-------- C:\Program Files\Common Files
2006-09-23 17:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-23 15:33 -------- d-------- C:\Program Files\Internet Explorer
2006-09-23 12:55 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-23 10:24 -------- d-------- C:\Program Files\CleanUp!
2006-09-23 06:26 -------- d-------- C:\Program Files\PartyGaming
2006-09-23 06:25 -------- d-------- C:\Program Files\style-sheets.com
2006-09-22 23:02 -------- d-------- C:\Program Files\Timesheets Lite
2006-09-21 22:27 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-09-21 19:38 -------- d-------- C:\Documents and Settings\James\Application Data\TrojanHunter
2006-09-21 19:04 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-20 15:38 -------- d---s---- C:\Documents and Settings\James\Application Data\Microsoft
2006-09-18 07:13 -------- d-------- C:\Documents and Settings\James\Application Data\Symantec
2006-09-18 07:13 -------- d-------- C:\Documents and Settings\James\Application Data\Macromedia
2006-09-18 07:13 -------- d-------- C:\Documents and Settings\James\Application Data\Identities
2006-09-16 07:48 -------- d-------- C:\Program Files\Symantec
2006-09-16 06:53 -------- d-------- C:\Program Files\Common Files\System
2006-09-16 06:52 -------- d-------- C:\Program Files\paychex
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-12 22:04 -------- d-------- C:\Program Files\Lavasoft
2006-09-12 22:04 -------- d-------- C:\Documents and Settings\James\Application Data\Lavasoft
2006-09-12 20:49 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-09-10 20:29 -------- d-------- C:\Program Files\Windows Defender
2006-09-10 11:46 -------- d-------- C:\Documents and Settings\James\Application Data\pe explorer
2006-09-09 22:32 -------- d-------- C:\Program Files\Apex
2006-09-09 22:24 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-08 22:03 -------- d-------- C:\Program Files\Access Password Recovery Master
2006-09-08 21:40 -------- d-------- C:\Program Files\Human Resource Manager
2006-09-03 20:40 -------- d-------- C:\Program Files\Yahoo!
2006-09-03 20:38 20 --a------ C:\Documents and Settings\James\Application Data\TTP1x-8773Data
2006-09-03 20:00 -------- d-------- C:\Program Files\aoxppr
2006-09-03 19:45 -------- d-------- C:\Program Files\ElcomSoft
2006-08-31 19:40 -------- d-------- C:\Program Files\Mycroft
2006-08-26 19:40 0 --ah----- C:\Documents and Settings\James\Application Data\L84577898.5v1
2006-08-26 19:37 -------- d-------- C:\Program Files\FileMaker
2006-08-26 19:37 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-24 20:10 -------- d-------- C:\Program Files\Logic Software
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 14:01 -------- d-------- C:\Program Files\Microsoft Office
2006-08-19 14:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-18 21:17 -------- d-------- C:\Program Files\AAD CONSULTING
2006-08-18 20:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-13 00:31 63184 --a------ C:\Documents and Settings\James\Application Data\GDIPFONTCACHEV1.DAT
2006-08-12 19:27 -------- d-------- C:\Program Files\EverythingAccess.com
2006-08-12 15:54 737280 --a------ C:\WINDOWS\iun6002.exe
2006-08-07 18:53 11345 --a------ C:\Documents and Settings\James\Application Data\Microsoft Excel.CAL
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:47 -------- d-------- C:\Program Files\DAF
2006-07-22 07:23 30 --a------ C:\GOSTROM2.BAT
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 19:59 36318 --a------ C:\Documents and Settings\James\Application Data\Comma Separated Values (Windows).CAL
2006-07-20 19:56 34840 --a------ C:\Documents and Settings\James\Application Data\Comma Separated Values (Windows).TSK


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Documents and Settings\\Lindsay\\My Documents\\My Music\\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"WZCSVC"=dword:00000002
"Sprint PCS v3 Utility Service"=dword:00000002
"bmwebcfg"=dword:00000002
"ose"=dword:00000003
"MDM"=dword:00000002
"iPodService"=dword:00000003

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060922-072724-354
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060922-072723-830
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060922-072723-405
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
backup-20060922-072723-695
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20060922-072723-282
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
backup-20060922-072722-243
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
backup-20060922-072722-423
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
backup-20060922-072722-859
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20060922-072721-280
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20060921-071635-482
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
backup-20060921-071634-740
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
backup-20060921-071633-944
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
backup-20060921-071633-206
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20060921-071632-166
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
backup-20060921-071632-468
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
backup-20060913-211219-731
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20060913-211146-120
R3 - Default URLSearchHook is missing
backup-20060910-200318-970
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
backup-20060910-200317-945
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
backup-20051203-171905-462
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
backup-20051203-171810-772
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
backup-20051203-171810-327
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
backup-20051203-171810-184
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
backup-20051203-171651-813
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
backup-20051203-171446-955
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1138062381.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 09/23/2006 20:23:58.32
ComboFix.txt
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#5
texascowboy

texascowboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 11:14:00 PM 9/23/2006

Listing files found while scanning....

C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\ututv.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 11:26:41 PM 9/23/2006

Listing files found while scanning....

C:\WINDOWS\system32\vtutu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Has been deleted!

Performing Repairs to the registry.
Done!

------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:41:19 PM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\hijackthis\foo.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A3311B74-FAB9-46EB-A0E8-3DDDE387EB41} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\grcjtbif.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Lindsay\My Documents\My Music\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Nice Work! :whistling:

Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {A3311B74-FAB9-46EB-A0E8-3DDDE387EB41} - C:\WINDOWS\system32\vtutu.dll (file missing)

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\grcjtbif.dll (file missing)

O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Download combofix.exe
http://download.blee...Bs/combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it should produce a log for you.

Post that log in your next reply

Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#7
texascowboy

texascowboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
James - 06-09-24 7:23:41.30 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))


2006-09-23 23:37 9,216 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2006-09-22 22:46 26,896 --a------ C:\WINDOWS\system32\hh.exe
2006-09-12 20:25 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-12 20:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-12 20:25 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-09 22:24 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2006-09-09 22:24 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-23 23:38 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-23 23:38 -------- d-------- C:\Program Files\Common Files
2006-09-23 15:33 -------- d-------- C:\Program Files\Internet Explorer
2006-09-23 12:55 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-23 10:24 -------- d-------- C:\Program Files\CleanUp!
2006-09-23 06:26 -------- d-------- C:\Program Files\PartyGaming
2006-09-23 06:25 -------- d-------- C:\Program Files\style-sheets.com
2006-09-22 23:02 -------- d-------- C:\Program Files\Timesheets Lite
2006-09-21 22:27 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-09-21 19:38 -------- d-------- C:\Documents and Settings\James\Application Data\TrojanHunter
2006-09-21 19:04 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-20 15:38 -------- d---s---- C:\Documents and Settings\James\Application Data\Microsoft
2006-09-18 07:13 -------- d-------- C:\Documents and Settings\James\Application Data\Symantec
2006-09-18 07:13 -------- d-------- C:\Documents and Settings\James\Application Data\Macromedia
2006-09-18 07:13 -------- d-------- C:\Documents and Settings\James\Application Data\Identities
2006-09-16 07:48 -------- d-------- C:\Program Files\Symantec
2006-09-16 06:53 -------- d-------- C:\Program Files\Common Files\System
2006-09-16 06:52 -------- d-------- C:\Program Files\paychex
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-12 22:04 -------- d-------- C:\Program Files\Lavasoft
2006-09-12 22:04 -------- d-------- C:\Documents and Settings\James\Application Data\Lavasoft
2006-09-12 20:49 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-09-10 20:29 -------- d-------- C:\Program Files\Windows Defender
2006-09-10 11:46 -------- d-------- C:\Documents and Settings\James\Application Data\pe explorer
2006-09-09 22:32 -------- d-------- C:\Program Files\Apex
2006-09-09 22:24 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-08 22:03 -------- d-------- C:\Program Files\Access Password Recovery Master
2006-09-08 21:40 -------- d-------- C:\Program Files\Human Resource Manager
2006-09-03 20:40 -------- d-------- C:\Program Files\Yahoo!
2006-09-03 20:38 20 --a------ C:\Documents and Settings\James\Application Data\TTP1x-8773Data
2006-09-03 20:00 -------- d-------- C:\Program Files\aoxppr
2006-09-03 19:45 -------- d-------- C:\Program Files\ElcomSoft
2006-08-31 19:40 -------- d-------- C:\Program Files\Mycroft
2006-08-26 19:40 0 --ah----- C:\Documents and Settings\James\Application Data\L84577898.5v1
2006-08-26 19:37 -------- d-------- C:\Program Files\FileMaker
2006-08-26 19:37 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-24 20:10 -------- d-------- C:\Program Files\Logic Software
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 14:01 -------- d-------- C:\Program Files\Microsoft Office
2006-08-19 14:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-18 21:17 -------- d-------- C:\Program Files\AAD CONSULTING
2006-08-18 20:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-13 00:31 63184 --a------ C:\Documents and Settings\James\Application Data\GDIPFONTCACHEV1.DAT
2006-08-12 19:27 -------- d-------- C:\Program Files\EverythingAccess.com
2006-08-12 15:54 737280 --a------ C:\WINDOWS\iun6002.exe
2006-08-07 18:53 11345 --a------ C:\Documents and Settings\James\Application Data\Microsoft Excel.CAL
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 21:47 -------- d-------- C:\Program Files\DAF
2006-07-22 07:23 30 --a------ C:\GOSTROM2.BAT
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 19:59 36318 --a------ C:\Documents and Settings\James\Application Data\Comma Separated Values (Windows).CAL
2006-07-20 19:56 34840 --a------ C:\Documents and Settings\James\Application Data\Comma Separated Values (Windows).TSK


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Documents and Settings\\Lindsay\\My Documents\\My Music\\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"WZCSVC"=dword:00000002
"Sprint PCS v3 Utility Service"=dword:00000002
"bmwebcfg"=dword:00000002
"ose"=dword:00000003
"MDM"=dword:00000002
"iPodService"=dword:00000003


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1138062381.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sun 09/24/2006 7:26:15.43
ComboFix.txt
ComboFix2.txt



Scanning Report
Sunday, September 24, 2006 08:21:02 - 15:09:19
Computer name: LINDSAYS
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 51 malware found
Email-Worm.Win32.Warezov.q (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\78A65FDC (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\78AD33D5 (Renamed & Submitted)
Email-Worm.Win32.Warezov.u (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\79506722 (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7954111E (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\795A6517 (Renamed & Submitted)
Exploit.HTML.Mht (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\09423DED.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\09FC1720.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0A3D5ED8.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\16A4191C.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\16A84319.HTM (Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\1FF40164.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\205B2E2A.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2FDA6569.HTM (Renamed & Submitted)
Exploit.VBS.Phel.a (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\20045352.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\740E0D90.HTM (Renamed & Submitted)
Possible Browser Hijack attempt (spyware)
System
Tracking Cookie (spyware)
System (Disinfected)
System (Submitted)
System
System
System
System
System
Trojan-Downloader.Win32.Small.bvv (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0EEC4AC6.ZIP (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\107A07E6.ZIP (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\1ED07728 (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\510746D0.ZIP (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7D0D6503.ZIP (Renamed & Submitted)
Trojan-Downloader.Win32.Small.cbp (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\0EEC4AC6.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\107A07E6.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\148134D4 (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\51031CD3.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7D0D6503.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.VB.afa (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\41676188.EXE (Renamed & Submitted)
Trojan.JS.Seeker (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\13D35C82.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\5F8852BB.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\76D629A1.HTM (Renamed & Submitted)
Trojan.Java.ClassLoader.u (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3306763A (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3A56179F (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\58137FB0 (Renamed & Submitted)
Trojan.Win32.BHO.g (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6ABE5169.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6BA8281E.DLL (Renamed & Submitted)
Trojan.Win32.Crypt.e (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\5BA3504D.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\5BDD440D.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7AD934DD.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7B14289C.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7B484863.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7BD12BCC.EXE (Renamed & Submitted)
Trojan.Win32.Dialer.qs (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2CF43643.EXE (Renamed & Submitted)
Trojan.Win32.Pakes (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\72414455.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7A9C3123.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 44631
System: 8854
Not scanned: 4
Actions:
Disinfected: 1
Renamed: 42
Deleted: 0
None: 8
Submitted: 44
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1D7D31A5-7612-4E1A-9826-072F3773FC59}.BIN
C:\DOCUMENTS AND SETTINGS\JAMES\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{16C16434-9FE1-45EB-A41B-EA2AA9CA2A89}

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-09-22
F-Secure Libra: 2.4.1, 2006-09-22
F-Secure Orion: 1.2.37, 2006-09-21
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 0259-24-212
F-Secure Pegasus: 1.19.0, 2006-08-14
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:17:23 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\James\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\James\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis\foo.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Lindsay\My Documents\My Music\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Sorry about the repeat instructions on ComboFix,spose it was early this morning :whistling:


Things are looking alot better from the logs,is the PC acting any better?


Id like to check some security spots in the registry if you dont mind.

Copy the contents of this next code box to Notepad.
Name the file inspect.bat
Save as Type: All files
Save it to the desktop.

Double click on inspect.bat and let it run.
When finished it will open a file in Notepad.
That file will be named lsa.txt
Please post the contents of lsa.txt into your next reply here.

If not exist Files MkDir Files


regedit /a /e files\2.txt HKEY_CURRENT_USER\Software\Microsoft\OLE
regedit /a /e files\3.txt HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa
regedit /a /e files\4.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
regedit /a /e files\5.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
regedit /e /a files\6.txt HKEY_USERS\DEFAULT\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA
regedit /a /e files\7.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
regedit /a /e files\8.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center"
Regedit /a /e files\9.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Regedit /a /e files\10.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Regedit /a /e files\11.txt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WindowsFirewall
Regedit /a /e files\12.txt HKEY_CURRENT_USER\SOFTWARE\Policies\WindowsFirewall
regedit /a /e files\13.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters
regedit /a /e files\14.txt HKEY_LOCAL_MACHINE\SYSTEM\Services\SharedAccess


Copy files\*.txt = lsa.txt
rmdir /s /q files
Start Notepad lsa.txt


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
texascowboy

texascowboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
"ScanWithAntiVirus"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Documents and Settings\\Lindsay\\My Documents\\My Music\\iTunes.exe"="C:\\Documents and Settings\\Lindsay\\My Documents\\My Music\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"="C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe:*:Enabled:Bejeweled2"
"C:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe"="C:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe:*:Enabled:Collapse! Crunch"
"C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\Yahoo! Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Disabled:SoulSeek Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\OLE]

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000230
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:af,96,00,86,9f,54,b5,bc,fc,e4,72,28,1e,69,45,9b,30,64,32,34,32,\
64,33,61,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,10,00,aa,9d

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:ca,cd,00,f7,cc,12,6e,47,fe

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:2c,bb,ff,5e,24,21

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:20,ea,25,ee,0a,cf,20,c7,1f,db,83,85,94,0a,d5,db

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:70,05,17,97,e4,06,c5,01

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,d9,4a,94,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,6f,e3,94,f8,79,c4,01
"Type"=dword:00000031

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center]
"FirstRun"=dword:00000001

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]




-----------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 24, 2006 8:53:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/09/2006
Kaspersky Anti-Virus database records: 226126
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
H:\

Scan Statistics:
Total number of scanned objects: 95482
Number of viruses found: 22
Number of infected objects: 69 / 0
Number of suspicious objects: 3
Duration of the scan process: 02:21:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-09102006-202931.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/MTE3MTk6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-09-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\James\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Identities\{F421A2CE-76E9-4007-848F-7E11772FB0DE}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Identities\{F421A2CE-76E9-4007-848F-7E11772FB0DE}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Identities\{F421A2CE-76E9-4007-848F-7E11772FB0DE}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Identities\{F421A2CE-76E9-4007-848F-7E11772FB0DE}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{16C16434-9FE1-45EB-A41B-EA2AA9CA2A89} Object is locked skipped
C:\Documents and Settings\James\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\James\Local Settings\History\History.IE5\MSHist012006092420060925\index.dat Object is locked skipped
C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\James\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\James\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\041865D1.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\044345A2.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04466F9F.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\044D4398.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09423DED.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09FC1720.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A3D5ED8.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0EEC4AC6.0IP Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0EEC4AC6.0XE Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\107A07E6.0IP Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\107A07E6.0XE Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\13D35C82.0TM Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\148134D4.0 Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16A4191C.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16A84319.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16BE6900.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16C53CF8.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16C866F5.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18716D9C.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1ED07728.0 Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1FF40164.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20045352.0TM Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20045352.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\200B274B.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\200E5147.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\205B2E2A.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23E27284.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2CF43643.0XE Infected: Trojan.Win32.Dialer.qs skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2EC72A41.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FDA6569.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3306763A.0 Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39F52383.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A56179F.0 Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CFB04EF.wmv Infected: Trojan-Downloader.WMA.Wimad.b skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F0869C1.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4125065A.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41676188.0XE Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47C6531B.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A915152.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51031CD3.0XE Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\510746D0.0IP Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55425137.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58137FB0.0 Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5A523CA6.wmv Infected: Trojan-Downloader.WMA.Wimad.b skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BA3504D.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BDD440D.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F8852BB.0TM Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60A70D31.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64AC30B9.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66711B60.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\695223C3.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6ABE5169.0LL Infected: Trojan.Win32.BHO.g skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6BA8281E.0LL Infected: Trojan.Win32.BHO.g skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72414455.0XE Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\740E0D90.0TM Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76D629A1.0TM Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77FC2B77.tmp Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78A65FDC.0 Infected: Email-Worm.Win32.Warezov.q skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78AD33D5.0 Infected: Email-Worm.Win32.Warezov.q skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79506722.0 Infected: Email-Worm.Win32.Warezov.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7954111E.0 Infected: Email-Worm.Win32.Warezov.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\795A6517.0 Infected: Email-Worm.Win32.Warezov.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A9C3123.0XE Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AD934DD.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B14289C.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B484863.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7BD12BCC.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D0D6503.0IP Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D0D6503.0XE Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1D7D31A5-7612-4E1A-9826-072F3773FC59}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#10
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hows the Computer running today?
  • 0

#11
texascowboy

texascowboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Seems to be running much better, but Kaspersky Scanner said I had 22 viruses.
  • 0

#12
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
You mean these

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\041865D1.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\044345A2.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04466F9F.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\044D4398.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09423DED.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09FC1720.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A3D5ED8.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0EEC4AC6.0IP Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0EEC4AC6.0XE Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\107A07E6.0IP Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\107A07E6.0XE Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\13D35C82.0TM Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\148134D4.0 Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16A4191C.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16A84319.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16BE6900.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16C53CF8.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16C866F5.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18716D9C.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1ED07728.0 Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1FF40164.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20045352.0TM Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20045352.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\200B274B.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\200E5147.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\205B2E2A.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23E27284.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2CF43643.0XE Infected: Trojan.Win32.Dialer.qs skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2EC72A41.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FDA6569.0TM Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3306763A.0 Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39F52383.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A56179F.0 Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CFB04EF.wmv Infected: Trojan-Downloader.WMA.Wimad.b skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F0869C1.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4125065A.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41676188.0XE Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47C6531B.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A915152.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51031CD3.0XE Infected: Trojan-Downloader.Win32.Small.cbp skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\510746D0.0IP Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55425137.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58137FB0.0 Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5A523CA6.wmv Infected: Trojan-Downloader.WMA.Wimad.b skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BA3504D.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BDD440D.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F8852BB.0TM Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60A70D31.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64AC30B9.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66711B60.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\695223C3.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6ABE5169.0LL Infected: Trojan.Win32.BHO.g skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6BA8281E.0LL Infected: Trojan.Win32.BHO.g skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72414455.0XE Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\740E0D90.0TM Infected: Exploit.VBS.Phel.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76D629A1.0TM Infected: Trojan.JS.Seeker skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77FC2B77.tmp Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78A65FDC.0 Infected: Email-Worm.Win32.Warezov.q skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78AD33D5.0 Infected: Email-Worm.Win32.Warezov.q skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79506722.0 Infected: Email-Worm.Win32.Warezov.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7954111E.0 Infected: Email-Worm.Win32.Warezov.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\795A6517.0 Infected: Email-Worm.Win32.Warezov.u skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A9C3123.0XE Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AD934DD.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B14289C.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B484863.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7BD12BCC.0XE Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D0D6503.0IP Infected: Trojan-Downloader.Win32.Small.bvv skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D0D6503.0XE Infected: Trojan-Downloader.Win32.Small.cbp skipped



Im unfamiliar with System Works but I believe if you open it and click on Norton Antivirus to open it.

Click on Reports--> Click View Norton Quarantine

New window should appear,clear out all the items listed.


Let me know how that goes?
  • 0

#13
texascowboy

texascowboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well, it looks like everything is running smoothly now....THANK YOU for all your help!!
  • 0

#14
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead and remove ComboFix and VundoFix and any associated folders or logs that may be laying around.

I will leave this post open for a while in case something re occurs,just post back into this thread if you need my help again.


Now we need to reset System Restore and Clear out all the old infected restore points.
  • Click Start
  • Right-Click "My Computer" and Select Properties.
  • Click on the "System Restore" tab.
  • Place a checkmark in the box for "Turn off System Restore"
  • Restart the Computer.
  • Return to System Restore and Uncheck the box for "Turn off System Restore"
  • A fresh Restore Point will be created.



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Windows, Internet Explorer and Microsoft Office Updates

Visit Microsoft's Windows Update Site frequently. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

If you are running Microsoft Office, or any application of it, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed.

If you have trouble with Windows Update, you still can get all the Critical Updates, Security Fixes and Service Packs. Below are a few links to bookmark.

Microsoft Security Bulletins
http://www.microsoft...ty/current.aspx

Office downloads
http://office.micros...te/default.aspx

Download Center
http://www.microsoft...ads/search.aspx

Microsoft Security Advisories
http://www.microsoft...ry/default.mspx

Recently Published
http://www.microsoft...nt/default.mspx

Make your Internet Explorer more secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click on the Security tab
  • Click the Internet icon so it becomes highlighted.
  • Click on Default Level and click Ok
  • Click on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Take the time to check out the following links

Resources for using Internet Explorer 6
http://support.micro...om/?kbid=867470

How to Configure Enhanced Security Features for Internet Explorer from Windows XP SP2
http://www.microsoft...xp/iesecxp.mspx

Microsoft Malicious Software Removal Tool
http://www.microsoft...e/families.mspx

Keep your Sun Java up to date

The most current version of Sun Java is: Java Runtime Environment Version 5.0 Update 8
http://java.sun.com/...loads/index.jsp

Check in your Control Panel, under Add/Remove programs and uninstall ALL older versions of Sun Java. And in the future, remember to remove older versions of Java when you automatically update to a newer version to avoid exploitation of older versions left on your system.

Check out these topics for more information:
http://spywarewarrio...pic.php?t=17910
http://spywarewarrio...pic.php?t=17598

Free programs that may help you in keeping the PC clean
  • SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    You can download SpywareBlaster here
    A tutorial can be found here
  • SpywareGuard
    It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection.
    You can download SpywareGuard here
    A tutorial can be found here
  • IE-SPYAD
    IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites.
    You can download IE-SPYAD here
    A tutorial can be found here
  • Hosts File
    A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    A tutorial tutorial can be found here
  • MVPS Hosts File
    You can download the MVPS Hosts File here
    Furthermore the website contains useful tips and links to other resources and utilities.
  • Bluetack's Hosts File and Hosts Manager
    Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites, sites responsible for hijacks, rogue apllications etc...
    Download Bluetack's Hosts file here
    Download Bluetack's HostsManager here
Free Spyware Detection and Removal Programs
  • Ad-Aware
    It scans for known spyware on your computer. These scans should be run at least once every two weeks.
    You can download Ad-Aware here
    A tutorial can be found here
  • Spybot - Search & Destroy
    It scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer.
    You can download Spybot - S&D here
    A tutorial can be found here
Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware".
You will find the list here

Ewido

Realtime protection against these threats:
  • Hijackers and Spyware
    Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
  • Worms
    Nobody should receive e-mails in your name with malicious files in the appendix anymore.
  • Dialers
    Security against all kinds of dialers. No fear when receiving the next phone bill.
  • Trojans and Keyloggers
    No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.
Most of you will have already the trial version of this software, which is an excellent program and particularly good at catching trojans. If you find it useful you might want to consider buying the full program. When the trial period ends the following features will stop working:
  • Scheduled scans.
  • Real-time monitoring of the entire system.
  • Memory Scan detects active threats.
  • Self-protection at kernel layer guarantees gapless monitoring.
  • Automatic online-update.
The manual memory scan will work in the free version and you can manually update the definitions by clicking on the "Start Update" button under Manual update in the update module.

You can download Ewido here
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

WinPatrol

WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files.
  • Detect & Neutralize Spyware.
  • Detect & Neutralize ADware.
  • Detect & Neutralize Viral infections.
  • Detect & Neutralize Unwanted IE Add-Ons.
  • Detect & Restore File Type Changes.
  • Automatically Filter Unwanted Cookies.
  • Avoid Start Page Hijacking.
  • Detect changes to HOSTS & critical system files.
  • Kill Multiple Tasks that replicate each other, in a single step!
  • Stop programs that repeatedly add themselves to your Startup List!
Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like.
You can download WinPatrol here
WinPatrol FAQ

SiteHound by Firetrust

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:
  • Fraudulent claims or scams
  • Offensive material
  • Security vulnerabilities
  • Spyware or Adware
  • Spam related material
  • or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Product Info & Download: SiteHound Toolbar

For advanced users : ProcessGuard

ProcessGuard blocks rootkits, prevents spyware, guards your computer from DLL trojans...
For more information take a moment to read the Introduction and the Known Attacks information pages.
You can download Process Guard here

For advanced users : System Safety Monitor

System Safety Monitor (SSM) allows you to track down Microsoft Windows operating system activity in real-time and to prevent undesirable actions from various malware and spyware programs. SSM's main goal is to discover and block malicious actions of any application.
For more information take a moment to read the Main features of the program.
You can download SSM here

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs.
Computer Safety On line - Anti-Virus
http://forum.malware...pic.php?p=53#53

Update your Anti Virus Software

It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall

I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below.
Computer Safety On line - Software Firewalls
http://forum.malware...pic.php?p=56#56
A tutorial on Understanding and Using Firewalls can be found here

Additional Information

For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link.

A very nice collection of tutorials is available at Bleeping Computer
http://www.bleepingc....com/tutorials/

Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests ?
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
http://www.jasons-to...rowserSecurity/
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP