Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cant get rid of virus!

Started by lisamonkey , Sep 29 2006 10:11 PM

  • Please log in to reply

#1
lisamonkey
Posted 29 September 2006 - 10:11 PM

lisamonkey

    Member

  • Member
  • PipPip
  • 10 posts
Norton antivirus keeps pooing up and saying that I have a virus, and it says it cant delete it..im not sure what kind it is, but the norton pop up thing said someting about taskms.exe, also my internet is extremley slow, and sometimes it freezes up and the same ads keep popping up.. heres a hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 10:47:02 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monl.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {9CF30C1C-3E3E-40AB-9080-8FCD77BDE1FF} - C:\WINDOWS\system32\mfcusl.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: mfcusl - C:\WINDOWS\SYSTEM32\mfcusl.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)
  • 0

Advertisements

#2
Wizard
Posted 30 September 2006 - 07:22 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi lisamonkey and Welcome to GeekstoGo!


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


After posting the log from SmitFraud Fix,Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.
  • 0

#3
lisamonkey
Posted 30 September 2006 - 08:16 AM

lisamonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
SmitFraudFix v2.102

Scan done at 9:13:34.56, Sat 09/30/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\keyboard1.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="https://webmail.atl....k/bg-whole.gif"
"SubscribedURL"="https://webmail.atl....k/bg-whole.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
lisamonkey
Posted 30 September 2006 - 08:38 AM

lisamonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Owner - 06-09-30 9:32:21.04 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wnstssu.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MCROSO~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MCROSO~1\M?crosoft
C:\QooBox\Purity\Program Files\ASEMBL~1
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\SMANTE~1\SMANTE~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\STEM32~1
C:\QooBox\Purity\WINDOWS\STEM32~1\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-30 to 2006-09-30 ))))))))))))))))))))))))))))))))))


2006-09-30 09:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-30 09:13 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-30 09:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-30 09:13 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-29 19:26 218,112 --a------ C:\Copy of HijackThis.exe
2006-09-29 17:34 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-28 17:17 63,192 --a------ C:\WINDOWS\system32\ipv6monl.dll
2006-09-28 17:16 18,432 --a------ C:\svhost.exe
2006-09-22 19:31 23,434 --a------ C:\WINDOWS\system32\mljgg.exe
2006-09-22 19:31 16,934 --a------ C:\WINDOWS\system32\mfcusl.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-29 22:44 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-29 20:20 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-29 18:20 -------- d-------- C:\Program Files\Norton Personal Firewall
2006-09-29 18:12 -------- d-------- C:\Program Files\Common Files
2006-09-29 18:03 -------- d-------- C:\Program Files\Symantec
2006-09-29 17:12 -------- d-------- C:\Program Files\SymNetDrv
2006-09-27 17:04 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-09-27 17:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\ZangoToolbar
2006-09-26 22:53 -------- d-------- C:\Program Files\iTunes
2006-09-23 11:58 -------- d-------- C:\Program Files\Viewpoint
2006-09-21 09:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\MP3Rocket
2006-09-20 14:30 -------- d-------- C:\Program Files\QuickTime
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 19:37 -------- d-------- C:\Program Files\Yahoo!
2006-09-15 17:06 -------- d-------- C:\Program Files\AIM
2006-09-15 17:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Aim
2006-09-15 17:05 -------- d-------- C:\Program Files\AOD
2006-09-13 13:14 -------- d-------- C:\Program Files\Multimedia Card Reader
2006-09-13 11:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-09-12 19:07 -------- d-------- C:\Program Files\iPod
2006-09-12 19:02 -------- d-------- C:\Program Files\Apple Software Update
2006-09-12 12:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2006-09-11 11:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Motive
2006-09-11 11:52 -------- d-------- C:\Program Files\MSN
2006-09-08 20:55 -------- d-------- C:\Program Files\AOL
2006-09-08 20:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\acccore
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-07 09:57 -------- d-------- C:\Program Files\Wide Angle Software
2006-09-03 09:18 -------- d-------- C:\Program Files\Messenger
2006-08-28 20:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-27 18:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\InterVideo
2006-08-12 19:58 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-12 19:57 -------- d-------- C:\Program Files\Common Files\HP
2006-08-12 19:48 -------- d-------- C:\Program Files\HP
2006-08-12 19:48 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-12 19:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\HP
2006-08-12 11:49 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-10 16:48 -------- d-------- C:\Program Files\Windows Media Player
2006-08-10 16:48 -------- d-------- C:\Program Files\Movie Maker
2006-08-10 16:48 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 16:48 -------- d-------- C:\Program Files\Common Files\System
2006-08-10 16:44 -------- d-------- C:\Program Files\Windows NT
2006-08-10 16:44 -------- d-------- C:\Program Files\Outlook Express
2006-08-10 16:44 -------- d-------- C:\Program Files\NetMeeting
2006-08-03 18:45 147495 --a------ C:\WINDOWS\system32\rmocx.dll
2006-08-03 18:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="https://webmail.atl....k/bg-whole.gif"
"SubscribedURL"="https://webmail.atl....k/bg-whole.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b2,00,00,00,f1,00,00,00,61,02,00,00,64,01,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,61,02,00,00,64,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6d,03,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,e1,f0,02

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notn"="\"C:\\WINDOWS\\STEM32~1\\winspool.exe\" -vt yazr"
"Bethgd"="C:\\Program Files\\a?sembly\\r?ndll.exe"
"kfkz"="C:\\PROGRA~1\\COMMON~1\\kfkz\\kfkzm.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notn"="\"C:\\WINDOWS\\STEM32~1\\winspool.exe\" -vt yazr"
"Bethgd"="C:\\Program Files\\a?sembly\\r?ndll.exe"
"kfkz"="C:\\PROGRA~1\\COMMON~1\\kfkz\\kfkzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mfcusl

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060929-192829-632
O23 - Service: Task Manager Message Service (TSKMS) - Unknown owner - C:\WINDOWS\taskms.exe
backup-20060929-192829-842
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)
backup-20060929-192811-800
O23 - Service: Task Manager Message Service (TSKMS) - Unknown owner - C:\WINDOWS\taskms.exe
backup-20060929-192811-718
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: Sat 09/30/2006 9:33:45.90
ComboFix.txt
  • 0

#5
Wizard
Posted 30 September 2006 - 09:30 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please Copy all these Instructions to Notepad and Save to the Desktop for reference during the cleaning process.


Click Start-> Run-> Type in Services.msc and Click OK

Scroll that list and locate these entries

Microsoft Performance WMI Adapter AddOn
Task Manager Message Service

Right Click each entry (If Found) and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled

Click Apply-> OK and Exit the Services Page


Keep in mind,you will have to reset your desktop background after the next step.


You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Next,Open Notepad--> Copy all the text in the Code Box below into the blank notepad page and Save it to the desktop with the name Clr.reg but dont run this just yet.


REGEDIT4

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notn"=-
"Bethgd"=-
"kfkz"=-

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notn"=-
"Bethgd"=-
"kfkz"=-


Next,Move Combofix.exe to your C:\ drive please.

Once moved,Click Start--> Click Run--> Copy&Paste all the bold text below into the Open Run box and Click OK.

"%systemdrive%\combofix.exe" /v mfcusl ipv6monl.dll

Save any logs produced.



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\svhost.exe
    C:\WINDOWS\taskms.exe
    C:\WINDOWS\wmiapsv.exe
    C:\WINDOWS\system32\mljgg.exe
    C:\WINDOWS\system32\wnstssu.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Restart in Safe Mode and Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monl.dll

O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)

O2 - BHO: (no name) - {9CF30C1C-3E3E-40AB-9080-8FCD77BDE1FF} - C:\WINDOWS\system32\mfcusl.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: mfcusl - C:\WINDOWS\SYSTEM32\mfcusl.dll

O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Please locate Clr.reg on your desktop--> Double Click Clr.reg and follow the prompts to merge this information into the registry.


Click Start--> Click Run--> Copy&Paste each command in bold text below,one at a time, into the Open Run Box and Click OK.

sc delete WMIPervAddOn

sc delete TSKMS


Run ComboFix again while its on your C:\ drive and you are in Safe Mode

Save that log as well.


Restart Normal and post a fresh HijackThis log--> all logs from ComboFix and C:\rapport.txt from Smitfraud fix.
  • 0

#6
lisamonkey
Posted 30 September 2006 - 12:13 PM

lisamonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:08:53 PM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


















Owner - 06-09-30 12:46:10.71 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\"
Command switches used :: /v mfcusl ipv6monl.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mfcusl.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MCROSO~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MCROSO~1\M?crosoft
C:\QooBox\Purity\Program Files\ASEMBL~1
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\SMANTE~1\SMANTE~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\STEM32~1
C:\QooBox\Purity\WINDOWS\STEM32~1\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-30 to 2006-09-30 ))))))))))))))))))))))))))))))))))


2006-09-30 09:31 276,526 --a------ C:\combofix.exe
2006-09-30 09:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-30 09:13 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-30 09:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-30 09:13 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-29 19:26 218,112 --a------ C:\Copy of HijackThis.exe
2006-09-29 17:34 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-28 17:17 63,192 --a------ C:\WINDOWS\system32\ipv6monl.dll
2006-09-28 17:16 18,432 --a------ C:\svhost.exe
2006-09-22 19:31 23,434 --a------ C:\WINDOWS\system32\mljgg.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-30 12:38 -------- d-------- C:\Program Files\Common Files
2006-09-30 11:57 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-29 22:44 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-29 18:20 -------- d-------- C:\Program Files\Norton Personal Firewall
2006-09-29 18:03 -------- d-------- C:\Program Files\Symantec
2006-09-29 17:12 -------- d-------- C:\Program Files\SymNetDrv
2006-09-27 17:04 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-09-27 17:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\ZangoToolbar
2006-09-26 22:53 -------- d-------- C:\Program Files\iTunes
2006-09-23 11:58 -------- d-------- C:\Program Files\Viewpoint
2006-09-21 09:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\MP3Rocket
2006-09-20 14:30 -------- d-------- C:\Program Files\QuickTime
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 19:37 -------- d-------- C:\Program Files\Yahoo!
2006-09-15 17:06 -------- d-------- C:\Program Files\AIM
2006-09-15 17:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Aim
2006-09-15 17:05 -------- d-------- C:\Program Files\AOD
2006-09-13 13:14 -------- d-------- C:\Program Files\Multimedia Card Reader
2006-09-13 11:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-09-12 19:07 -------- d-------- C:\Program Files\iPod
2006-09-12 19:02 -------- d-------- C:\Program Files\Apple Software Update
2006-09-12 12:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2006-09-11 11:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Motive
2006-09-11 11:52 -------- d-------- C:\Program Files\MSN
2006-09-08 20:55 -------- d-------- C:\Program Files\AOL
2006-09-08 20:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\acccore
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-07 09:57 -------- d-------- C:\Program Files\Wide Angle Software
2006-09-03 09:18 -------- d-------- C:\Program Files\Messenger
2006-08-28 20:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-27 18:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\InterVideo
2006-08-12 19:58 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-12 19:57 -------- d-------- C:\Program Files\Common Files\HP
2006-08-12 19:48 -------- d-------- C:\Program Files\HP
2006-08-12 19:48 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-12 19:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\HP
2006-08-12 11:49 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-10 16:48 -------- d-------- C:\Program Files\Windows Media Player
2006-08-10 16:48 -------- d-------- C:\Program Files\Movie Maker
2006-08-10 16:48 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 16:48 -------- d-------- C:\Program Files\Common Files\System
2006-08-10 16:44 -------- d-------- C:\Program Files\Windows NT
2006-08-10 16:44 -------- d-------- C:\Program Files\Outlook Express
2006-08-10 16:44 -------- d-------- C:\Program Files\NetMeeting
2006-08-03 18:45 147495 --a------ C:\WINDOWS\system32\rmocx.dll
2006-08-03 18:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notn"="\"C:\\WINDOWS\\STEM32~1\\winspool.exe\" -vt yazr"
"Bethgd"="C:\\Program Files\\a?sembly\\r?ndll.exe"
"kfkz"="C:\\PROGRA~1\\COMMON~1\\kfkz\\kfkzm.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notn"="\"C:\\WINDOWS\\STEM32~1\\winspool.exe\" -vt yazr"
"Bethgd"="C:\\Program Files\\a?sembly\\r?ndll.exe"
"kfkz"="C:\\PROGRA~1\\COMMON~1\\kfkz\\kfkzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: Sat 09/30/2006 12:48:15.23
ComboFix.txt
ComboFix2.txt


















Owner - 06-09-30 13:04:07.34 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MCROSO~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MCROSO~1\M?crosoft
C:\QooBox\Purity\Program Files\ASEMBL~1
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\SMANTE~1\SMANTE~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\STEM32~1
C:\QooBox\Purity\WINDOWS\STEM32~1\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-30 to 2006-09-30 ))))))))))))))))))))))))))))))))))


2006-09-30 09:31 276,526 --a------ C:\combofix.exe
2006-09-30 09:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-30 09:13 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-30 09:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-30 09:13 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-29 19:26 218,112 --a------ C:\Copy of HijackThis.exe
2006-09-29 17:34 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-30 12:48 -------- d-------- C:\Program Files\Common Files
2006-09-30 11:57 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-29 22:44 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-29 18:20 -------- d-------- C:\Program Files\Norton Personal Firewall
2006-09-29 18:03 -------- d-------- C:\Program Files\Symantec
2006-09-29 17:12 -------- d-------- C:\Program Files\SymNetDrv
2006-09-27 17:04 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-09-27 17:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\ZangoToolbar
2006-09-26 22:53 -------- d-------- C:\Program Files\iTunes
2006-09-23 11:58 -------- d-------- C:\Program Files\Viewpoint
2006-09-21 09:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\MP3Rocket
2006-09-20 14:30 -------- d-------- C:\Program Files\QuickTime
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 19:37 -------- d-------- C:\Program Files\Yahoo!
2006-09-15 17:06 -------- d-------- C:\Program Files\AIM
2006-09-15 17:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Aim
2006-09-15 17:05 -------- d-------- C:\Program Files\AOD
2006-09-13 13:14 -------- d-------- C:\Program Files\Multimedia Card Reader
2006-09-13 11:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-09-12 19:07 -------- d-------- C:\Program Files\iPod
2006-09-12 19:02 -------- d-------- C:\Program Files\Apple Software Update
2006-09-12 12:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2006-09-11 11:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Motive
2006-09-11 11:52 -------- d-------- C:\Program Files\MSN
2006-09-08 20:55 -------- d-------- C:\Program Files\AOL
2006-09-08 20:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\acccore
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-07 09:57 -------- d-------- C:\Program Files\Wide Angle Software
2006-09-03 09:18 -------- d-------- C:\Program Files\Messenger
2006-08-28 20:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-27 18:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\InterVideo
2006-08-12 19:58 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-12 19:57 -------- d-------- C:\Program Files\Common Files\HP
2006-08-12 19:48 -------- d-------- C:\Program Files\HP
2006-08-12 19:48 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-12 19:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\HP
2006-08-12 11:49 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-10 16:48 -------- d-------- C:\Program Files\Windows Media Player
2006-08-10 16:48 -------- d-------- C:\Program Files\Movie Maker
2006-08-10 16:48 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 16:48 -------- d-------- C:\Program Files\Common Files\System
2006-08-10 16:44 -------- d-------- C:\Program Files\Windows NT
2006-08-10 16:44 -------- d-------- C:\Program Files\Outlook Express
2006-08-10 16:44 -------- d-------- C:\Program Files\NetMeeting
2006-08-03 18:45 147495 --a------ C:\WINDOWS\system32\rmocx.dll
2006-08-03 18:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: Sat 09/30/2006 13:04:54.20
ComboFix.txt
ComboFix2.txt
ComboFix3.txt



























Owner - 06-09-30 9:32:21.04 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wnstssu.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MCROSO~1
C:\QooBox\Purity\Documents and Settings\Owner\My Documents\MCROSO~1\M?crosoft
C:\QooBox\Purity\Program Files\ASEMBL~1
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\SMANTE~1\SMANTE~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\STEM32~1
C:\QooBox\Purity\WINDOWS\STEM32~1\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-30 to 2006-09-30 ))))))))))))))))))))))))))))))))))


2006-09-30 09:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-30 09:13 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-30 09:13 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-30 09:13 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-29 19:26 218,112 --a------ C:\Copy of HijackThis.exe
2006-09-29 17:34 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-28 17:17 63,192 --a------ C:\WINDOWS\system32\ipv6monl.dll
2006-09-28 17:16 18,432 --a------ C:\svhost.exe
2006-09-22 19:31 23,434 --a------ C:\WINDOWS\system32\mljgg.exe
2006-09-22 19:31 16,934 --a------ C:\WINDOWS\system32\mfcusl.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-29 22:44 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-29 20:20 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-29 18:20 -------- d-------- C:\Program Files\Norton Personal Firewall
2006-09-29 18:12 -------- d-------- C:\Program Files\Common Files
2006-09-29 18:03 -------- d-------- C:\Program Files\Symantec
2006-09-29 17:12 -------- d-------- C:\Program Files\SymNetDrv
2006-09-27 17:04 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-09-27 17:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\ZangoToolbar
2006-09-26 22:53 -------- d-------- C:\Program Files\iTunes
2006-09-23 11:58 -------- d-------- C:\Program Files\Viewpoint
2006-09-21 09:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\MP3Rocket
2006-09-20 14:30 -------- d-------- C:\Program Files\QuickTime
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 19:37 -------- d-------- C:\Program Files\Yahoo!
2006-09-15 17:06 -------- d-------- C:\Program Files\AIM
2006-09-15 17:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Aim
2006-09-15 17:05 -------- d-------- C:\Program Files\AOD
2006-09-13 13:14 -------- d-------- C:\Program Files\Multimedia Card Reader
2006-09-13 11:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-09-12 19:07 -------- d-------- C:\Program Files\iPod
2006-09-12 19:02 -------- d-------- C:\Program Files\Apple Software Update
2006-09-12 12:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2006-09-11 11:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Motive
2006-09-11 11:52 -------- d-------- C:\Program Files\MSN
2006-09-08 20:55 -------- d-------- C:\Program Files\AOL
2006-09-08 20:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\acccore
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-08 20:54 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-07 09:57 -------- d-------- C:\Program Files\Wide Angle Software
2006-09-03 09:18 -------- d-------- C:\Program Files\Messenger
2006-08-28 20:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-27 18:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\InterVideo
2006-08-12 19:58 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-12 19:57 -------- d-------- C:\Program Files\Common Files\HP
2006-08-12 19:48 -------- d-------- C:\Program Files\HP
2006-08-12 19:48 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-12 19:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\HP
2006-08-12 11:49 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-10 16:48 -------- d-------- C:\Program Files\Windows Media Player
2006-08-10 16:48 -------- d-------- C:\Program Files\Movie Maker
2006-08-10 16:48 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 16:48 -------- d-------- C:\Program Files\Common Files\System
2006-08-10 16:44 -------- d-------- C:\Program Files\Windows NT
2006-08-10 16:44 -------- d-------- C:\Program Files\Outlook Express
2006-08-10 16:44 -------- d-------- C:\Program Files\NetMeeting
2006-08-03 18:45 147495 --a------ C:\WINDOWS\system32\rmocx.dll
2006-08-03 18:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BackupNotify"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\backupnotify.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="https://webmail.atl....k/bg-whole.gif"
"SubscribedURL"="https://webmail.atl....k/bg-whole.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b2,00,00,00,f1,00,00,00,61,02,00,00,64,01,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,61,02,00,00,64,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6d,03,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,e1,f0,02

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notn"="\"C:\\WINDOWS\\STEM32~1\\winspool.exe\" -vt yazr"
"Bethgd"="C:\\Program Files\\a?sembly\\r?ndll.exe"
"kfkz"="C:\\PROGRA~1\\COMMON~1\\kfkz\\kfkzm.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notn"="\"C:\\WINDOWS\\STEM32~1\\winspool.exe\" -vt yazr"
"Bethgd"="C:\\Program Files\\a?sembly\\r?ndll.exe"
"kfkz"="C:\\PROGRA~1\\COMMON~1\\kfkz\\kfkzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mfcusl

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060929-192829-632
O23 - Service: Task Manager Message Service (TSKMS) - Unknown owner - C:\WINDOWS\taskms.exe
backup-20060929-192829-842
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)
backup-20060929-192811-800
O23 - Service: Task Manager Message Service (TSKMS) - Unknown owner - C:\WINDOWS\taskms.exe
backup-20060929-192811-718
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: Sat 09/30/2006 9:33:45.90
ComboFix.txt
  • 0

#7
lisamonkey
Posted 30 September 2006 - 12:15 PM

lisamonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
SmitFraudFix v2.102

Scan done at 12:33:59.46, Sat 09/30/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\keyboard1.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#8
Wizard
Posted 30 September 2006 - 01:09 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Nice work!! :whistling:


Copy the contents of this next code box to Notepad.
Name the file inspect.bat
Save as Type: All files
Save to the desktop.

Double click on inspect.bat and let it run.
When finished it will open a file in Notepad.
That file will be named lsa.txt
Please post the contents of lsa.txt into your next reply here.


If not exist Files MkDir Files


regedit /a /e files\2.txt HKEY_CURRENT_USER\Software\Microsoft\OLE
regedit /a /e files\3.txt HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa
regedit /a /e files\4.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
regedit /a /e files\5.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
regedit /e /a files\6.txt HKEY_USERS\DEFAULT\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA
regedit /a /e files\7.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
regedit /a /e files\8.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center"
Regedit /a /e files\9.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Regedit /a /e files\10.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Regedit /a /e files\11.txt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WindowsFirewall
Regedit /a /e files\12.txt HKEY_CURRENT_USER\SOFTWARE\Policies\WindowsFirewall
regedit /a /e files\13.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters
regedit /a /e files\14.txt HKEY_LOCAL_MACHINE\SYSTEM\Services\SharedAccess


Copy files\*.txt = lsa.txt
rmdir /s /q files
Start Notepad lsa.txt



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#9
lisamonkey
Posted 30 September 2006 - 08:51 PM

lisamonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\OLE]

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="N"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000228
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000000
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000000
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:a9,95,2c,f5,82,7f,ce,d6,f2,1b,65,36,89,75,f0,f3,36,34,66,34,65,\
30,30,66,00,00,00,00,01,00,00,00,b4,01,00,00,b8,01,00,00,34,ca,06,00,45,9d,\
bf,71,04,00,00,00,10,00,00,00,00,00,00,00,86,11,9e,cb

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:f0,63,82,99,ce,b3,2c,d2,27

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:47,20,4b,40,20,ca

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:ae,7a,73,25,78,bf,86,d3,56,0b,e1,8e,92,f5,d0,22

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:00,48,c0,93,60,bd,c6,01

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,06,7c,95,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,06,7c,95,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,06,7c,95,f8,79,c4,01
"Type"=dword:00000031

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall]










Scanning Report
Saturday, September 30, 2006 19:36:59 - 21:49:11
Computer name: YOUR-XHTR8HVC4P
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 37 malware found
Backdoor.Win32.SdBot.aad (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\12BB007E.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\288B747D.EXE (Renamed & Submitted)
Trojan-Downloader.BAT.Ftp.ab (virus)
C:\WINDOWS\SYSTEM32\I (Renamed & Submitted)
Trojan-Downloader.Win32.Adload.bo (virus)
C:\MSDOS.PIF (Renamed)
Trojan-Downloader.Win32.Agent.awf (virus)
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE (Renamed & Submitted)
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE (Renamed)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\03221091.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\1CB60127.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\1E30130A.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\2071625C.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\20740C58.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\23256013.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\397F009B.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3A756404.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\3D5A3291.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\4100050F.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\411119E8.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\4705594B.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\56EE2328.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\59046E33.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\59986E07.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\5B540FAF.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\624E0DFD.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\62A67817.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6A504155.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6A965946.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6F5068A1.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\6FC74FDE.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\798C4604.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7BEF446F.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7D045F03.EXE (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\7D070900.EXE (Renamed & Submitted)
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE (Renamed)
Trojan-Downloader.Win32.ConHook.ah (virus)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\1A11460D.DLL (Renamed & Submitted)
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\QUARANTINE\289B466B.DLL (Renamed & Submitted)
Trojan-Downloader.Win32.Small.cln (virus)
C:\WINDOWS\SYSTEM32\OTFUZLUVZCGN\LSASS.EXE (Renamed)
Trojan-Spy.Win32.BZub.ec (virus)
C:\HIJACKTHIS\BACKUPS\BACKUP-20060930-130107-387.DLL (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31389
System: 4598
Not scanned: 4
Actions:
Disinfected: 0
Renamed: 37
Deleted: 0
None: 0
Submitted: 33
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-09-29
F-Secure Libra: 2.4.1, 2006-09-29
F-Secure Orion: 1.2.37, 2006-09-29
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 0259-24-212
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
  • 0

#10
Wizard
Posted 01 October 2006 - 02:46 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead and remove the first registry file (Clr.reg) I had you make and lets make another.


Copy all the text in the Code Box to notepad and save it to the Desktop with the name Fix.reg


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall]


Double Click Fix.reg and allow it to merge into the registry.


Now we need to locate some files F-Secure renamed,these will have an added extension to them now.

Similar to but may not be exactly like these

C:\MSDOS.PIF.vir

C:\MSDOS.PIF.old

C:\MSDOS.PIF.bak



C:\MSDOS.PIF

C:\WINDOWS\SYSTEM32\I


Locate and Delete this entire folder

C:\WINDOWS\SYSTEM32\OTFUZLUVZCGN


Let me know if you find all those OK and were able to remove them?


Please run the Bit Defender Online Scan
http://www.bitdefend...m/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it in the next reply,please.
  • 0

Advertisements

#11
lisamonkey
Posted 01 October 2006 - 08:01 PM

lisamonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I didnt find any of the files but

C:\WINDOWS\SYSTEM32\OTFUZLUVZCGN

and I deleted it..

heres the scan, but this was from the second time i did it because it got clicked off the first time

BitDefender Online Scanner



Scan report generated at: Sun, Oct 01, 2006 - 20:35:00





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;







Statistics

Time
03:49:31

Files
689313

Folders
6492

Boot Sectors
3

Archives
21532

Packed Files
76475




Results

Identified Viruses
4

Infected Files
111

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
221




Engines Info

Virus Definitions
473326

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\034414F7=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\034414F7=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\034414F7=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05B974F0=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05B974F0=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05B974F0=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\069A29BD=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\069A29BD=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\069A29BD=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B6D6809=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B6D6809=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B6D6809=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9033CF=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9033CF=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0C9033CF=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11E16981=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11E16981=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11E16981=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16175B53=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16175B53=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16175B53=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16410B78=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16410B78=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16410B78=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16A640A1=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16A640A1=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16A640A1=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16AB5B27=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16AB5B27=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16AB5B27=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CA42125=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CA42125=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1CA42125=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F2A605B=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F2A605B=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1F2A605B=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23CE6BD6=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23CE6BD6=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\23CE6BD6=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26DB18B3=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26DB18B3=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26DB18B3=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28773C9F=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28773C9F=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28773C9F=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\29BC2C8E=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\29BC2C8E=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\29BC2C8E=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35FF3718=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35FF3718=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35FF3718=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\374B36B3=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\374B36B3=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\374B36B3=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A612153=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A612153=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A612153=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CB91A68=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CB91A68=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CB91A68=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EF14FF8=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EF14FF8=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EF14FF8=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F3613AD=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F3613AD=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F3613AD=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44864BFA=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44864BFA=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\44864BFA=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47746FB2=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47746FB2=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47746FB2=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47AA510F=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47AA510F=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47AA510F=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51354609=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51354609=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51354609=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\531F35C4=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\531F35C4=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\531F35C4=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C1071D9=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C1071D9=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C1071D9=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C243929=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C243929=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C243929=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D156A5F=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D156A5F=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D156A5F=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F4F735E=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F4F735E=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F4F735E=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67802303=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67802303=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67802303=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A2C048E=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A2C048E=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A2C048E=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6B2A7441=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6B2A7441=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6B2A7441=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C5766CA=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C5766CA=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C5766CA=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D891045=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D891045=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D891045=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6ED076DE=>(Quarantine-2)
Infected with: Generic.Sdbot.69E5578E

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6ED076DE=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F840A8E=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F840A8E=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F840A8E=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\718358B3=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\718358B3=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\718358B3=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\758C0F74=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\758C0F74=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\758C0F74=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\75AD3350=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\75AD3350=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\75AD3350=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\769A2CA7=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\769A2CA7=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\769A2CA7=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\770E284D=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\770E284D=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\770E284D=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7766576B=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7766576B=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7766576B=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77690168=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77690168=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77690168=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\776C2B64=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\776C2B64=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\776C2B64=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77786471=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77786471=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77786471=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\781632A9=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\781632A9=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\781632A9=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78195CA5=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78195CA5=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78195CA5=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78375685=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78375685=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78375685=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78DA09D1=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78DA09D1=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78DA09D1=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79BB5AD9=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79BB5AD9=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79BB5AD9=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A8F03F0=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A8F03F0=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A8F03F0=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A932DEC=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A932DEC=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A932DEC=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D1314B2=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D1314B2=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D1314B2=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198081.0
Infected with: Generic.Botget.23096068

C:\RECYCLER\NPROTECT\00198081.0
Deleted

C:\RECYCLER\NPROTECT\00198879=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198879=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198879=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198880=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198880=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198880=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198881=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198881=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198881=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198882=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\RECYCLER\NPROTECT\00198882=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198882=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198883=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198883=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198883=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198884=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198884=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198884=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198885=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198885=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198885=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198886=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198886=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198886=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198887=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198887=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198887=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198888=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198888=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198888=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198889=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198889=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198889=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198890=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\RECYCLER\NPROTECT\00198890=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198890=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198891=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198891=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198891=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198892=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198892=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198892=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198893=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198893=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198893=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198894=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198894=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198894=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198895=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198895=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198895=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198896=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198896=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198896=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198897=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198897=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198897=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198898=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198898=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198898=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198899=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198899=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198899=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198900=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198900=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198900=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198901=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198901=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198901=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198902=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\RECYCLER\NPROTECT\00198902=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198902=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198903=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198903=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198903=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198904=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\RECYCLER\NPROTECT\00198904=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198904=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198905=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198905=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198905=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198906=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198906=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198906=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198907=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198907=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198907=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198908=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198908=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198908=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198909=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198909=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198909=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198910=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198910=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198910=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198911=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198911=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198911=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198912=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198912=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198912=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198913=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198913=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198913=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198914=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\RECYCLER\NPROTECT\00198914=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198914=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198915=>(Quarantine-2)
Infected with: Generic.Sdbot.69E5578E

C:\RECYCLER\NPROTECT\00198915=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198916=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198916=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198916=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198917=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198917=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198917=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198918=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198918=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198918=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198919=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198919=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198919=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198920=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198920=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198920=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198921=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198921=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198921=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198922=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198922=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198922=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198923=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198923=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198923=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198924=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198924=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198924=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198925=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198925=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198925=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198926=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198926=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198926=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198927=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198927=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198927=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198928=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198928=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198928=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198929=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198929=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198929=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198930=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\RECYCLER\NPROTECT\00198930=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198930=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198931=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198931=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198931=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198932=>(Quarantine-2)
Infected with: Trojan.Downloader.Agent.ANA

C:\RECYCLER\NPROTECT\00198932=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198932=>(Quarantine-2)
Deleted

C:\RECYCLER\NPROTECT\00198933=>(Quarantine-2)
Infected with: Trojan.LowZones.DH

C:\RECYCLER\NPROTECT\00198933=>(Quarantine-2)
Disinfection failed

C:\RECYCLER\NPROTECT\00198933=>(Quarantine-2)
Deleted
  • 0

#12
Wizard
Posted 01 October 2006 - 08:06 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Run SmitFraud Fix again and Select Option 3 to reset the Internet Zone Settings.


Please Install these 2 to add to the Security of the PC

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
lisamonkey
Posted 02 October 2006 - 07:49 PM

lisamonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have one question..should I enable the IE and other protection things on spywareblaster? and are those things I just downloaded like extra firewalls or something?


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 02, 2006 8:42:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/10/2006
Kaspersky Anti-Virus database records: 228381
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 92486
Number of viruses found: 5
Number of infected objects: 10 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:44:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006100220061003\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF18BB.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hijackthis\backups\BACKUP-20060930-130107-387.0LL Infected: Trojan-Spy.Win32.BZub.ec skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0FB3494D.EXE Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.idx Object is locked skipped
C:\RECYCLER\NPROTECT\00196963.ZIP/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\RECYCLER\NPROTECT\00196963.ZIP ZIP: infected - 1 skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP108\A0040250.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP109\A0040376.dll Infected: Trojan-Spy.Win32.BZub.ec skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP109\A0040446.dll Infected: Trojan-Spy.Win32.BZub.ec skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP112\change.log Object is locked skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP44\A0004425.exe Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Recycled\NPROTECT\NPROTECT.LOG Object is locked skipped

Scan process completed.
  • 0

#14
Wizard
Posted 03 October 2006 - 02:43 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
With Spyware Blaster,you install it and then update it and then Enable All Protection.

You can read more here
http://www.javacools...areblaster.html


The Hosts File,you download,run the .bat file to install and your done.

It loads the Hosts File with a list of known crap sites and this will prevent the browser from ever loading the webpage.


Hows the machine running today?
  • 0

#15
lisamonkey
Posted 03 October 2006 - 03:16 PM

lisamonkey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Its running good
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP