Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown registry problem


  • This topic is locked This topic is locked

#1
Apok451

Apok451

    Member

  • Member
  • PipPip
  • 14 posts
For the last few weeks I have been having growing problems with my PC. I ran my Norton Anti-Virus as well as AVG. Norton was unable to fine anything, but AVE cleaned some stuff out, but it wasnt really helping at all. After that on startup I would get between six and eight popus saying that random looking system32 files were missing and some programs might not run properly and gave an option of ok to continue. I figured that it must have been something that got into my registry and was causing the problems. In an attempt to remedy this I purchased a copy of Registry Mechanic 5.9 and promptly ran it. This seemed to make my system run many times better than it previously was. The registry mechanic found nearly 400 problems withing the registry and fixed them. But the problems is quite persistant and will constantly reinsert itself back into the registry as the same 14 files and I am unable to operate properly without running the registry mechanic to clean out the same 14 files after startup every day. As suggested I have the hijack this and the the uninstall log pasted below. Please take a look at this and let me know what I need to do to correct these problems. Thanks


Hijack This
Logfile of HijackThis v1.99.1
Scan saved at 12:42:55 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\W9EVK1UN\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKLM\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKLM\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKLM\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKLM\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKLM\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [c0n3i1.exe] C:\WINDOWS\System32\c0n3i1.exe /k
O4 - HKCU\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKCU\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKCU\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKCU\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKCU\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKCU\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cprplussuppo.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



Uninstall Log
Adobe Acrobat 5.0
Adobe Reader for Pocket PC 2.0
AOL Instant Messenger
Apple Software Update
ArcSoft Camera Suite
ASUS WLAN Card Utilities/Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
AVG Anti-Spyware 7.5
Casino-on-Net
ccCommon
C-Media Azalia Audio Driver
Creative MediaSource
DivX
DivX Player
G-Force
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp photosmart 7700 series
Internet Worm Protection
iPAQ WebReg
ITE IT8212 ATA RAID Controller
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Macromedia Flash Player 8
Macromedia Shockwave Player
Marvell Miniport Driver
MathPlayer
MetaFrame Presentation Server Web Client for Win32
Microsoft ActiveSync 3.7
Microsoft Office Outlook Connector
Microsoft Office XP Small Business
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Mozilla Firefox (1.0.7)
MSN
MSN Encarta Plus Support Files
MSN Messenger 7.5
MSN Music Assistant
MSN Toolbar
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
OLYMPUS CAMEDIA Master 4.1
Panda ActiveScan
PowerDVD
QuickTime
RealPlayer
Registry Mechanic 5.2
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sound Blaster Audigy 2
SPBBC
Spin Palace Casino
Spy Sweeper
Star Wars Empire at War
Symantec
Symantec Script Blocking Installer
SymNet
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Verizon Online
Verizon Online Support Center
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebEx
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Xfire (remove only)

Thanks again for looking.
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi Apok451

Welcome to GTG! :whistling:

*** Before we can use Hijack This to fix anything, I need you to download it again. Right now you have it in a temporary folder. It will not function properly that way. Please redownload it like so:

Please do this:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

*** Before you post that log, please do the following:


* Go to Add/Remove programs and uinstall these:

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Viewpoint Manager (Remove Only)
Viewpoint Media Player



* Now go here and install the latest version of Java.


* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#3
Apok451

Apok451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the corrected Hijackthis and the Kaspersky log. Hope these help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 3:48:04 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKLM\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKLM\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKLM\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKLM\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKLM\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [c0n3i1.exe] C:\WINDOWS\System32\c0n3i1.exe /k
O4 - HKCU\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKCU\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKCU\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKCU\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKCU\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKCU\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cprplussuppo.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



KASPERSKY ONLINE SCANNER REPORT
Sunday, October 29, 2006 3:46:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/10/2006
Kaspersky Anti-Virus database records: 236087


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 69649
Number of viruses found 15
Number of infected objects 36 / 0
Number of suspicious objects 0
Duration of the scan process 00:37:38

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0080F542-F6DD-4BD0-8642-4128A0783E3E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS017B0363-2D8F-4129-88FF-3E7605657D78.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS024D3BCE-1B75-4EE1-BF2D-46F082F81FF1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04270392-4825-45AA-A3AA-B687AEAAF626.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS06EDAC71-9BD2-448C-A39D-DDE692E9A03D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0AD936E9-CACF-4855-9FC3-289A4D28E3F1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E0AA7C9-323B-4A2C-BB27-28354CF5F51A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E81317F-C870-47AC-8150-7FC32D1D26FF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0EA18D44-89FF-4A3B-85B5-C0DA2BBBD342.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0EC7BE41-ECE9-4619-8193-CF068969BD4C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS164C3624-A2B0-4BC1-BE9C-AFB6D9B2B8D6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS16B52906-7481-4904-A172-1539657C84CE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS16FBD27F-CB55-474E-B210-B23665D1DC6F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1B26A738-6B1B-4765-8346-C8DB8A25EA2F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D283C62-C212-4409-939D-C937AC297BA3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS20F7B1A4-334E-4FF9-B3F5-AC1CF32A7CFF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2260EE4A-0292-4B4C-90DE-6A733897A2BD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS26909934-4D9D-44FF-9FBE-A4317EBC1D22.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS26CD2DC9-7A56-432F-B7CF-C87F2A555591.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2704736D-E078-4C27-B826-004531AA32D1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29DE72A6-EBB1-4394-AF2D-7C3C1B2418AD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2C167889-C187-440F-8CB7-9F1BE664D01F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2CF3FFDE-5DB1-48C3-84B8-D4D2DCB7EF7E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS333D7AA9-7E31-4814-A6BD-0642F7B62CC1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS376909B8-5FCA-4C1B-AB63-817C8D6A1DB3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3980B17F-EF3A-4CF5-B6EC-9B225B991708.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3EBBDC87-E0DD-4E9F-B05F-6489A6F633C0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS42F27ECB-E393-4675-8EF4-05F8A731DCDB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS42FF0B54-3E4E-4109-A353-E7D5CF5AC76A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4488E099-AF8C-468F-996F-2C1F657D8D9E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS45319F83-103D-4E27-BC58-D1941747828E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS458875AE-7274-47ED-ACBB-0A7CD3B44978.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS48DA58F1-8D7D-4B8C-8618-61F5904D7B4A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4C0FDDB4-C11B-4AC6-908B-6D082E3AB9AE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F48D49D-BEE9-49E8-8F92-AC4310B4E751.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS50FC70C2-25C0-4442-8B9F-673FDC8BE531.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5213B2D8-191A-433D-9032-A412B239601A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS53BD4912-B4B7-456F-9592-F7DCA7B69FED.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS53E50D76-9902-4610-8CA0-F63904018B38.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS567A74B0-9EEE-4D38-9DF1-913CEC4E875D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS57D63E1A-DD39-4E2A-8739-3EF4EBABED48.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS598E6302-EBDF-4AB2-9E28-6883BE7853F5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS59C6FFA5-EAAD-4BDC-8ECF-B897366C5C00.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5AE61553-DA75-406B-AA1E-89A63439EDB8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS634CF371-CDC2-4595-A3C5-03BB429A7F1B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65BAD97B-D497-4FDA-9551-4DD7AB3ADE88.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D1A8D25-6A3C-462F-B92F-F78C94C97058.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6DA7D4C3-8BA2-4DC0-BB6B-0B322049B48C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E82B7F9-1EC7-4C76-9375-0C56D66B9EAC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6FCEE655-8543-4AE5-BCD3-E99CF07CBA51.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72F4F951-6954-4CC0-B700-7042403328A7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS731435F1-6121-4CA8-867C-CF97669979C8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7655ACA2-F720-4EFC-9275-7F07E09E818E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS76A26235-F698-49FA-BF58-F26E74527E16.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS78F48409-1D90-45EA-A090-19484DFC69A5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F1EBD95-25FF-4145-8773-7FA556069F1F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS822659E7-F730-4F4D-AB93-075B95A2089C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS86CE9188-245D-4DBD-9FF8-FA39107C8F55.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8ACD0630-4958-45FC-80C9-6FBE9633B800.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B0A1F5E-0B3B-4F93-A4A9-61A6CA8BEEF0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8C6D364A-23FE-4BE7-8168-3790F543E639.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FB2421D-2AAA-45FB-80C6-109D4CC3578B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS900AA522-A6EE-447E-A707-8E81B373FBE8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS914C8EAA-1062-4828-B93D-57B540757F92.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS91C3E06D-B448-460E-901F-808C711F17CB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93783660-F254-4D2F-8E1A-5C0517FDE4A2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93811D8E-2301-43FB-8BED-1B86654F84C8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94CFBE2D-BECD-44DD-A498-3C0A654FD6B5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS95AD29D1-9BD6-460B-9515-7868DEE099B7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B2054D1-3C90-44D0-A76A-A58CA5DF003F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B61F760-57BC-455B-9582-D45DA252190B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2D15A22-95C1-44E6-B242-ABCC147C3D98.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6B94A36-CB34-47E4-8FFF-F630D184DC44.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSACD5FE01-255C-4575-B70F-39213D2D8DD0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1183693-9808-496F-826C-2438A54A09A5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB27DBF44-3D7C-46A9-9812-24FC050BDC17.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB34036BE-8589-45FF-B9BA-55C70A43C11C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4002567-B73C-4DB2-93D1-12AB87096FB4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4FE8FDA-689C-4902-A684-2B8F38C06557.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7705A58-EE0A-4D07-B854-A57AF316189F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB9D1FF28-E07E-413E-A49B-FFD7EA657540.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB46ACD2-3D77-4938-9C5A-B6A6FCE960A3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB5BB9BF-1603-4F4D-8D97-3A72CC30094C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC219CA2-128F-40D6-8EA2-B753E15E80F7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC083376D-DC66-4FFB-B13D-292A457B6929.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC09B7779-692D-4105-B0A3-58011EA95E77.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC44456FF-893A-4857-B6A6-DA5FEF01B026.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC722B9FD-F5C9-4C7B-B2A5-782FD3651142.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCDCFFD24-7CDC-4FD0-8D7B-620C98018B34.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEC8456F-05CD-4F3C-87D0-9CB481BA0EAA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCF982E9E-01B3-4863-8B65-992FFD2B76D1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD12B87A4-3613-41D6-A043-09F8949173BD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD171A4A6-1FEB-445A-B082-B28463B918E8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD3D9E000-2D85-49BA-84CF-EA502E5D86B3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD5E04177-2CA7-4217-863E-1D0133A9622B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD70FD550-CFD2-41BA-AB25-2B72C44E5438.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD9E73B1C-CFF4-427A-9D17-2B98E556B797.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDFD596BC-FAFD-4397-B4D5-F7583D88DC9F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE3A10CDE-8D1D-441B-A4AA-FB1EAD8ECBA6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4AAF5CB-EB71-496D-9FC5-B11B4285E3DF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE73D9882-C78F-4F3A-BBC9-5CB89B4112A2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE9ABD1F3-D379-4145-AC03-BE581DE67A16.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA841DBF-E03D-4261-B674-194F722E7236.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEDDF4864-017F-41EE-A406-4E3B3B5E4DEA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF235FF30-D1E6-477A-8921-CB6B1834CA67.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF28B0958-7ABE-4350-A856-EC919D86807C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF413E766-83FE-4DC9-979F-2806FC0DC112.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF53A20B3-E8CB-4A45-9B98-75CC09A8048C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7524C96-54B1-48D1-862F-0A10E3FBB064.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\log\plugin150_09.trace Object is locked skipped

C:\Documents and Settings\user\Application Data\Webroot\Spy Sweeper\Logs\061023183814.ses Object is locked skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\AcrCB.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\hsperfdata_user\3356 Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF435F.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\itouch_crash_info.txt Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton AntiVirus\Quarantine\00647913.exe Infected: not-a-virus:AdWare.Win32.Casino.o skipped

C:\Program Files\Norton AntiVirus\Quarantine\02507B3C.exe Infected: not-a-virus:AdWare.Win32.Downloadware skipped

C:\Program Files\Norton AntiVirus\Quarantine\03257491.sys Infected: Trojan.Win32.Kolweb.e skipped

C:\Program Files\Norton AntiVirus\Quarantine\05434C44.exe Infected: Trojan.Win32.Kolweb.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\07DB523E.exe Infected: Trojan.Win32.Kolweb.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\103771FF.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Program Files\Norton AntiVirus\Quarantine\11970339.htm Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\178E2FBE.sys Infected: Trojan.Win32.Kolweb.b skipped

C:\Program Files\Norton AntiVirus\Quarantine\179159BA.sys Infected: Trojan.Win32.Kolweb.b skipped

C:\Program Files\Norton AntiVirus\Quarantine\197F500D.htm Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\1A6B26C4.exe Infected: Backdoor.Win32.EggDrop.v skipped

C:\Program Files\Norton AntiVirus\Quarantine\1F351C40.com Infected: Backdoor.Win32.Aimbot.ao skipped

C:\Program Files\Norton AntiVirus\Quarantine\21901E29.dll Infected: Trojan.Win32.Kolweb.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\2FA622AA.exe Infected: Trojan-Downloader.Win32.Delf.go skipped

C:\Program Files\Norton AntiVirus\Quarantine\2FA622AA.sys Infected: Trojan.Win32.Kolweb.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\31AA6DF0.exe Infected: Backdoor.Win32.Aimbot.ao skipped

C:\Program Files\Norton AntiVirus\Quarantine\31D1340C.exe Infected: Trojan.Win32.StartPage.tj skipped

C:\Program Files\Norton AntiVirus\Quarantine\33FC5F72.sys Infected: Trojan.Win32.Kolweb.b skipped

C:\Program Files\Norton AntiVirus\Quarantine\36660E4C.sys Infected: Trojan.Win32.Kolweb.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\3C575152.htm Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\3C5A7B4E.htm Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\3CA25EF5.dll Infected: Trojan.Win32.Delf.cf skipped

C:\Program Files\Norton AntiVirus\Quarantine\3CA25EF5.exe Infected: Trojan.Win32.Kolweb.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\3CA508F1.exe Infected: Trojan-Downloader.Win32.Delf.go skipped

C:\Program Files\Norton AntiVirus\Quarantine\3CA508F1.sys Infected: Trojan.Win32.Kolweb.a skipped

C:\Program Files\Norton AntiVirus\Quarantine\488B70B9.htm Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\488E1AB6.htm Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D6E6E3E.sys Infected: Trojan.Win32.Kolweb.e skipped

C:\Program Files\Norton AntiVirus\Quarantine\4EF75469.exe Infected: Trojan-Downloader.Win32.Small.vc skipped

C:\Program Files\Norton AntiVirus\Quarantine\50206B67.exe Infected: Trojan.Win32.Kolweb.b skipped

C:\Program Files\Norton AntiVirus\Quarantine\50231563.exe Infected: Trojan.Win32.Kolweb.e skipped

C:\Program Files\Norton AntiVirus\Quarantine\5AAC443A.htm Infected: Exploit.HTML.Mht skipped

C:\Program Files\Norton AntiVirus\Quarantine\5DD848A6.dll Infected: Trojan.Win32.Kolweb.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\5E653489.sys Infected: Trojan.Win32.Kolweb.e skipped

C:\Program Files\Norton AntiVirus\Quarantine\731F115B.dll Infected: Trojan-Spy.Win32.Qukart.m skipped

C:\Program Files\Norton AntiVirus\Quarantine\73223B57.dll Infected: Trojan-Spy.Win32.Qukart.m skipped

C:\Program Files\Verizon Online\log\mpbtn.log Object is locked skipped

C:\Program Files\Verizon Online\SmartBridge\AlertFilter.log Object is locked skipped

C:\Program Files\Verizon Online\SmartBridge\log\httpclient.log Object is locked skipped

C:\Program Files\Verizon Online\SmartBridge\SmartBridge.log Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\$_hpcst$.hpc Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Debug\WPD\wpdtrace.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go here to download AlcanShorty_en.exe and save it to your desktop.
  • Doubleclick the alcanShorty.exe file and follow prompts.
  • It will make a folder on desktop called Alcan Shorty
  • Open the Alcan Shorty folder & double click the run.bat file to run it.
  • This will download a file called BFU.exe and a BFU script.
  • If your firewall asks for permission to connect to the internet, you must allow it.
  • A message box will pop up saying complete.
  • Be patient and wait for the message box to appear as it may take some time.
  • Press OK then BFU.exe will open.
  • Select the option to "Show log after script ends"
  • Execute the script by clicking the Execute button.
  • Note that you should see a progress bar while the script is being executed.
  • When the script has finished press copy & that will make a copy of the report in your clipboard.
  • Paste the log into notepad and save it to your desktop to post back here later.
Note: If you have any questions about the use of BFU please read here.


* Update AVG Anti-Spyware:
  • On the main screen click on the "Update now" link and the update should begin immediately.
    • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
  • If you cannot download the updates, update manuallly according to the directions here.
  • If you do the manual update, look under "Full database" and click the "Download now" button.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run AVG Anti-Spyware:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • It will then begin the scanning process, be patient it may take a while for the scan to complete.
  • When the scan is complete, you must select an action.
  • Select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen
  • Save the report as a text file and save it to your desktop.
  • Close AVG Anti-Spyware.
* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the AVG Anti-Spyware scan and the report from the Alcanshorty fix.
  • 0

#5
Apok451

Apok451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:11:05 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cprplussuppo.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 6:18:57 PM, on 10/30/2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\explorer\run|{84c4d3ae-0bb0-1033-0729-050001} (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FileDelete C:\DOCUME~1\user\LOCALS~1\Temp\~DF6EC8.tmp (operation failed)
Failed: FolderDelete C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\F4IKNHCU (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\PSDream (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:08:05 PM 10/30/2006

+ Scan result:



Nothing found.



::Report end
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

Edited by Flrman1, 30 October 2006 - 08:51 PM.

  • 0

#7
Apok451

Apok451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:07:49 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKLM\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKLM\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKLM\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKLM\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKLM\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [c0n3i1.exe] C:\WINDOWS\System32\c0n3i1.exe /k
O4 - HKCU\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKCU\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKCU\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKCU\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKCU\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKCU\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cprplussuppo.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




BitDefender Online Scanner



Scan report generated at: Mon, Oct 30, 2006 - 22:51:08





Scan path: A:\;C:\;D:\;







Statistics

Time
00:42:12

Files
263938

Folders
7015

Boot Sectors
2

Archives
2330

Packed Files
16603




Results

Identified Viruses
13

Infected Files
27

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
53




Engines Info

Virus Definitions
479421

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Logitech\Resource Center\installers\wildtangent\blastrb2.exe=>(NSIS o)=>zlib_nsis0018
Infected with: Trojan.Exploit.Html.Codebaseexec.CC

C:\Program Files\Logitech\Resource Center\installers\wildtangent\blastrb2.exe=>(NSIS o)=>zlib_nsis0018
Disinfection failed

C:\Program Files\Logitech\Resource Center\installers\wildtangent\blastrb2.exe=>(NSIS o)=>zlib_nsis0018
Deleted

C:\Program Files\Logitech\Resource Center\installers\wildtangent\blastrb2.exe=>(NSIS o)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\03257491.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.E

C:\Program Files\Norton AntiVirus\Quarantine\03257491.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\03257491.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\103771FF.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\Program Files\Norton AntiVirus\Quarantine\103771FF.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\103771FF.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1547471E.htm=>(Quarantine-2)
Infected with: JS.Trojan.Downloader.IstBar.M

C:\Program Files\Norton AntiVirus\Quarantine\1547471E.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1547471E.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\178E2FBE.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.B

C:\Program Files\Norton AntiVirus\Quarantine\178E2FBE.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\178E2FBE.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\179159BA.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.B

C:\Program Files\Norton AntiVirus\Quarantine\179159BA.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\179159BA.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1A6B26C4.exe=>(Quarantine-2)
Infected with: Backdoor.Rbot.CMN

C:\Program Files\Norton AntiVirus\Quarantine\1A6B26C4.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1A6B26C4.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1F351C40.com=>(Quarantine-2)
Infected with: Backdoor.Aimbot.AO

C:\Program Files\Norton AntiVirus\Quarantine\1F351C40.com=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\21901E29.dll=>(Quarantine-2)
Infected with: Trojan.Kolweb.D

C:\Program Files\Norton AntiVirus\Quarantine\21901E29.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\21901E29.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2FA622AA.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Delf.GO

C:\Program Files\Norton AntiVirus\Quarantine\2FA622AA.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2FA622AA.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2FA622AA.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.A

C:\Program Files\Norton AntiVirus\Quarantine\2FA622AA.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2FA622AA.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\31AA6DF0.exe=>(Quarantine-2)
Infected with: Backdoor.Aimbot.AO

C:\Program Files\Norton AntiVirus\Quarantine\31AA6DF0.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\31D1340C.exe=>(Quarantine-2)
Infected with: Trojan.StartPage.TJ

C:\Program Files\Norton AntiVirus\Quarantine\31D1340C.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\31D1340C.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\33FC5F72.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.B

C:\Program Files\Norton AntiVirus\Quarantine\33FC5F72.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\33FC5F72.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\36660E4C.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.A

C:\Program Files\Norton AntiVirus\Quarantine\36660E4C.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\36660E4C.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3CA25EF5.exe=>(Quarantine-2)
Infected with: Trojan.Kolweb.A

C:\Program Files\Norton AntiVirus\Quarantine\3CA25EF5.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3CA25EF5.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3CA508F1.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Delf.GO

C:\Program Files\Norton AntiVirus\Quarantine\3CA508F1.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3CA508F1.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3CA508F1.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.A

C:\Program Files\Norton AntiVirus\Quarantine\3CA508F1.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3CA508F1.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4D6E6E3E.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.E

C:\Program Files\Norton AntiVirus\Quarantine\4D6E6E3E.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4D6E6E3E.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4EF75469.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.HQ

C:\Program Files\Norton AntiVirus\Quarantine\4EF75469.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4EF75469.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\50206B67.exe=>(Quarantine-2)
Infected with: Trojan.Kolweb.B

C:\Program Files\Norton AntiVirus\Quarantine\50206B67.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\50206B67.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\50231563.exe=>(Quarantine-2)
Infected with: Trojan.Kolweb.E

C:\Program Files\Norton AntiVirus\Quarantine\50231563.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\50231563.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\53270451.htm=>(Quarantine-2)
Infected with: JS.Trojan.Downloader.IstBar.M

C:\Program Files\Norton AntiVirus\Quarantine\53270451.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\53270451.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5DD848A6.dll=>(Quarantine-2)
Infected with: Trojan.Kolweb.D

C:\Program Files\Norton AntiVirus\Quarantine\5DD848A6.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5DD848A6.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5E653489.sys=>(Quarantine-2)
Infected with: Trojan.Kolweb.E

C:\Program Files\Norton AntiVirus\Quarantine\5E653489.sys=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5E653489.sys=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\731F115B.dll=>(Quarantine-2)
Infected with: Win32.Worm.KKQ.A

C:\Program Files\Norton AntiVirus\Quarantine\731F115B.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\731F115B.dll=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\73223B57.dll=>(Quarantine-2)
Infected with: Win32.Worm.KKQ.A

C:\Program Files\Norton AntiVirus\Quarantine\73223B57.dll=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\73223B57.dll=>(Quarantine-2)
Deleted

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/DLG_email_exe_valid_sig.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/DLG_exe_no_pub_run.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/DLG_exe_valid_sig.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/DLG_non_dang.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/DLG_Pub_Blocked.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/DLG_Shell_Exe.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/DLG_LMZL.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/GB_mime.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/iexplore.hhc
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/iexplore.hhk
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/ie55.gif
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/#WINDOWS
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$WWKeywordLinks/BTree
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$WWKeywordLinks/Data
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$WWKeywordLinks/Map
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$WWKeywordLinks/Property
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$WWAssociativeLinks/BTree
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$WWAssociativeLinks/Data
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$WWAssociativeLinks/Map
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$WWAssociativeLinks/Property
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$OBJINST
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/$FIftiMain
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/#IDXHDR
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/#TOPICS
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/#URLTBL
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/#URLSTR
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.chm=>/#STRINGS
Clean

C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
Clean

C:\WINDOWS\ServicePackFiles\i386\iexpress.exe
Clean

C:\WINDOWS\ServicePackFiles\i386\ifmon.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\igmpagnt.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\iis.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\iis.inf
Clean

C:\WINDOWS\ServicePackFiles\i386\iis.inf=>(unicode)
Clean

C:\WINDOWS\ServicePackFiles\i386\ils.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\imaadp32.acm
Clean

C:\WINDOWS\ServicePackFiles\i386\imagehlp.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\imapi.exe
Clean

C:\WINDOWS\ServicePackFiles\i386\imapi.sys
Clean

C:\WINDOWS\ServicePackFiles\i386\imeshare.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\imgutil.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\imm32.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\ims.cat
Clean

C:\WINDOWS\ServicePackFiles\i386\ims.inf
Clean

C:\WINDOWS\ServicePackFiles\i386\inetcfg.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\inetcomm.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\inetcpl.cpl
Clean

C:\WINDOWS\ServicePackFiles\i386\inetmib1.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\inetpp.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\inetppui.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\inetpref.xml
Clean

C:\WINDOWS\ServicePackFiles\i386\inetres.dll
Clean

C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe
Clean

C:\WINDOWS\ServicePackFiles\i386\infrared.chm
Clean

C:\WINDOWS\ServicePackFiles\i386\infrared.chm=>/#SYSTEM
Clean

C:\WINDOWS\ServicePackFiles\i386\infrared.chm=>/compile_date.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\infrared.chm=>/add_irda_device.htm
Clean

C:\WINDOWS\ServicePackFiles\i386\infrared.chm=>/change_location.htm
Clean
  • 0

#8
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
How is everything now?
  • 0

#9
Apok451

Apok451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Still having the same problem. I still have the six or seven files that popup on startup from the system32 that say the progs are missing and may cause problems when running. I ran a new hijackthis without using my registry mechanic, and it took a very long time without running registry mechanic to get back here.

I dont know if this will help, but I also included a copy of the report from Registry Mechanic 5.2. It found 18 items and cleaned them out. For the moment everything is running properly, but as soon as I shut down and restart the problems will reappear.


Logfile of HijackThis v1.99.1
Scan saved at 6:39:35 PM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKLM\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKLM\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKLM\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKLM\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKLM\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [c0n3i1.exe] C:\WINDOWS\System32\c0n3i1.exe /k
O4 - HKCU\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKCU\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKCU\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKCU\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKCU\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKCU\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cprplussuppo.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



----------------------------------------------------------------------------------------------------
Registry Mechanic 5.2.0.310
----------------------------------------------------------------------------------------------------
Start of Scan
10/31/2006 6:42:28 PM
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 569732
MEMORY TOTAL: 1047852
VIRTUAL FREE: 2016024
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

----------------------------------------------------------------------------------------------------
Running processes: Process ID
----------------------------------------------------------------------------------------------------
[System Process] 0
System 4
smss.exe 1784
csrss.exe 1840
winlogon.exe 1864
services.exe 1908
lsass.exe 1920
ati2evxx.exe 172
svchost.exe 180
svchost.exe 260
svchost.exe 616
svchost.exe 752
svchost.exe 840
spoolsv.exe 1056
ati2evxx.exe 1576
explorer.exe 1640
AluSchedulerSvc.exe 1328
guard.exe 1340
CCSETMGR.EXE 1368
CTSVCCDA.EXE 1380
NAVAPSVC.EXE 1440
NPFMNTOR.EXE 1472
SNDSrvc.exe 520
SPBBCSvc.exe 704
symlcsvc.exe 768
wdfmgr.exe 852
SpySweeper.exe 924
CCEVTMGR.EXE 1540
alg.exe 2360
svchost.exe 3172
rundll32.exe 3052
Center.exe 3240
PDVDServ.exe 3248
CTSysVol.exe 3256
CTDVDDET.exe 3264
atiptaxx.exe 3444
iTouch.exe 3656
hpztsb09.exe 3840
EM_EXEC.EXE 3848
CCAPP.EXE 3856
MotiveSB.exe 1704
realsched.exe 3916
SpySweeperUI.exe 1720
avgas.exe 528
RegMech.exe 980
iTunesHelper.exe 2236
jusched.exe 2248
RcMan.exe 2196
aim.exe 396
WCESCOMM.EXE 2464
iPodService.exe 2504
ssu.exe 3668
mpbtn.exe 3900
msmsgs.exe 2316
----------------------------------------------------------------------------------------------------
Sections Scanned:
----------------------------------------------------------------------------------------------------

SUP - 2
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : c0n3i1.exe = C:\WINDOWS\System32\c0n3i1.exe /k
Parsed : C:\WINDOWS\System32\c0n3i1.exe

SUP - 3
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : vu404c.exe = C:\WINDOWS\System32\vu404c.exe /k
Parsed : C:\WINDOWS\System32\vu404c.exe

SUP - 4
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : f3jr0t.exe = C:\WINDOWS\System32\f3jr0t.exe /k
Parsed : C:\WINDOWS\System32\f3jr0t.exe

SUP - 5
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : tfmg3c.exe = C:\WINDOWS\System32\tfmg3c.exe /k
Parsed : C:\WINDOWS\System32\tfmg3c.exe

SUP - 6
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : uyvgmor.exe = C:\WINDOWS\System32\uyvgmor.exe /k
Parsed : C:\WINDOWS\System32\uyvgmor.exe

SUP - 7
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : f1e9a6.exe = C:\WINDOWS\System32\f1e9a6.exe /k
Parsed : C:\WINDOWS\System32\f1e9a6.exe

SUP - 8
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : 1fz4q.exe = C:\WINDOWS\System32\1fz4q.exe /k
Parsed : C:\WINDOWS\System32\1fz4q.exe

SUP - 9
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Value : outlook = C:\Program Files\outlook\outlook.exe /auto
Parsed : C:\Program Files\outlook\outlook.exe

SUP - 10
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : vu404c.exe = C:\WINDOWS\System32\vu404c.exe /k
Parsed : C:\WINDOWS\System32\vu404c.exe

SUP - 11
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : f3jr0t.exe = C:\WINDOWS\System32\f3jr0t.exe /k
Parsed : C:\WINDOWS\System32\f3jr0t.exe

SUP - 12
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : tfmg3c.exe = C:\WINDOWS\System32\tfmg3c.exe /k
Parsed : C:\WINDOWS\System32\tfmg3c.exe

SUP - 13
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : uyvgmor.exe = C:\WINDOWS\System32\uyvgmor.exe /k
Parsed : C:\WINDOWS\System32\uyvgmor.exe

SUP - 14
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : f1e9a6.exe = C:\WINDOWS\System32\f1e9a6.exe /k
Parsed : C:\WINDOWS\System32\f1e9a6.exe

SUP - 15
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : 1fz4q.exe = C:\WINDOWS\System32\1fz4q.exe /k
Parsed : C:\WINDOWS\System32\1fz4q.exe

DEEP - 16
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe
Value : f = C:\Documents and Settings\user\Desktop\mirc62.exe
Parsed : C:\Documents and Settings\user\Desktop\mirc62.exe

DEEP - 17
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt
Value : b = C:\Documents and Settings\user\Desktop\bruteforce.txt
Parsed : C:\Documents and Settings\user\Desktop\bruteforce.txt

DEEP - 18
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt
Value : c = C:\Documents and Settings\user\Desktop\instructions.txt
Parsed : C:\Documents and Settings\user\Desktop\instructions.txt

DEEP - 19
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt
Value : d = C:\Documents and Settings\user\Desktop\Report-Scan-20061030-190805.txt
Parsed : C:\Documents and Settings\user\Desktop\Report-Scan-20061030-190805.txt

----------------------------------------------------------------------------------------------------
Registry Mechanic 5.2.0.310
----------------------------------------------------------------------------------------------------
End of Scan
10/31/2006 6:44:58 PM
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 569732
MEMORY TOTAL: 1047852
VIRTUAL FREE: 2016024
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

Edited by Apok451, 31 October 2006 - 05:48 PM.

  • 0

#10
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
** Before you proceed with the removal directions below you need to turn off SpySweeper's realtime protection as it will interfere with the changes we are trying to make.
  • Open Spysweeper and click on the "Options" button on the left.
  • Click on the "Program Options" tab and uncheck "Load at windows startup".
  • On the left click on the "Shields" button.
  • Click the "Internet Explorer" tab and then uncheck everything there.
  • Click on the "Startup Programs" tab and uncheck "Startup Shield"
  • Click on the "Browser Add-ons" tab and uncheck "Browser Helper Object (BHO) Shield"
  • Exit Spysweeper.
  • Leave them disabled until we are finished here.
  • Important! Make sure you remember to re-enable these options when we are finished.

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k

O4 - HKLM\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k

O4 - HKLM\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k

O4 - HKLM\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k

O4 - HKLM\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k

O4 - HKLM\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k

O4 - HKCU\..\RunOnce: [c0n3i1.exe] C:\WINDOWS\System32\c0n3i1.exe /k

O4 - HKCU\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k

O4 - HKCU\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k

O4 - HKCU\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k

O4 - HKCU\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k

O4 - HKCU\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k

O4 - HKCU\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k



* Restart your computer,

Come back here and post a new log. Let me know how it is acting now.
  • 0

Advertisements


#11
Apok451

Apok451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
When I went to delete the files you mentioned above they werent showing up, and didnt show back up after multiple restarts. Nor did it come back after a majority of the day, about 14 hours. Looks good for now. But here is the new hijackthis. Hopefully we have it cleared up. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 5:59:14 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cprplussuppo.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • 0

#12
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* If I had you use Killbox to delete any files, go ahead and delete the C:\!Killbox folder then empty the Recycle Bin.


* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#13
Apok451

Apok451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It all came back about a day after my last post. This time I was able to use hijack this to find the files that you indicated, except for this one:
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
After I deleted those I ran regiatry mechanic again and it found 4 files in the deep scan which it removed. I will attach the log for that as well as the new hijack this log. Seems like whatever I happened across here is a persistent little bugger. Also the only "High Priority Updates" available for XP was the Internet Explorer 7.0, but it wouldnt install for some reason.

Logfile of HijackThis v1.99.1
Scan saved at 9:03:30 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKLM\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKLM\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKLM\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKLM\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKLM\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [c0n3i1.exe] C:\WINDOWS\System32\c0n3i1.exe /k
O4 - HKCU\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKCU\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKCU\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKCU\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKCU\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKCU\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cprplussuppo.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

And here is the log from Registry Mechanic.
----------------------------------------------------------------------------------------------------
Registry Mechanic 5.2.0.310
----------------------------------------------------------------------------------------------------
Start of Scan
11/3/2006 9:06:30 PM
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 566552
MEMORY TOTAL: 1047852
VIRTUAL FREE: 2018072
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

----------------------------------------------------------------------------------------------------
Running processes: Process ID
----------------------------------------------------------------------------------------------------
[System Process] 0
System 4
smss.exe 1784
csrss.exe 1840
winlogon.exe 1864
services.exe 1908
lsass.exe 1920
ati2evxx.exe 168
svchost.exe 192
svchost.exe 268
svchost.exe 616
svchost.exe 732
svchost.exe 912
spoolsv.exe 1156
ati2evxx.exe 1576
explorer.exe 1656
AluSchedulerSvc.exe 1360
guard.exe 1384
CCSETMGR.EXE 1420
CTSVCCDA.EXE 1440
NAVAPSVC.EXE 1476
NPFMNTOR.EXE 1504
SNDSrvc.exe 540
SPBBCSvc.exe 768
symlcsvc.exe 796
wdfmgr.exe 904
SpySweeper.exe 972
CCEVTMGR.EXE 1596
alg.exe 2376
svchost.exe 3184
rundll32.exe 524
Center.exe 900
PDVDServ.exe 928
CTSysVol.exe 1028
CTDVDDET.exe 1024
atiptaxx.exe 2116
iTouch.exe 2292
hpztsb09.exe 456
CCAPP.EXE 2388
EM_EXEC.EXE 2192
MotiveSB.exe 2760
realsched.exe 2768
avgas.exe 3104
RegMech.exe 3392
iTunesHelper.exe 3448
jusched.exe 3456
SpySweeperUI.exe 3756
iPodService.exe 3796
RcMan.exe 3848
aim.exe 3856
WCESCOMM.EXE 3868
wuauclt.exe 2788
ssu.exe 3828
notepad.exe 2344
notepad.exe 2348
msmsgs.exe 2324
AUPDATE.EXE 4036
LUCOMS~1.EXE 108
LuCallbackProxy.exe 4068
LuCallbackProxy.exe 2528
LuCallbackProxy.exe 3580
----------------------------------------------------------------------------------------------------
Sections Scanned:
----------------------------------------------------------------------------------------------------

DEEP - 2
Location: HKEY_CURRENT_USER\Software\Microsoft\Keyboard\Native Media Players\QuickTime Player
Value : ExePath = C:\PROGRA~1\QUICKT~
Parsed : C:\PROGRA~1\QUICKT

DEEP - 3
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value : C:\WINDOWS\SoftwareDistribution\Download\Install\IE7-WindowsXP-x86-enu.exe = C:\WINDOWS\SoftwareDistribution\Download\Install\IE7-WindowsXP-x86-enu.exe
Parsed : C:\WINDOWS\SoftwareDistribution\Download\Install\IE7-WindowsXP-x86-enu.exe

DEEP - 4
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value : c:\dc024aee25f9f6fb1de32f44ec\update\iesetup.exe = c:\dc024aee25f9f6fb1de32f44ec\update\iesetup.exe
Parsed : c:\dc024aee25f9f6fb1de32f44ec\update\iesetup.exe

DEEP - 5
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
Value : ServicePackCachePath = c:\windows\ServicePackFiles\ServicePackCache
Parsed : c:\windows\ServicePackFiles\ServicePackCache

----------------------------------------------------------------------------------------------------
Registry Mechanic 5.2.0.310
----------------------------------------------------------------------------------------------------
End of Scan
11/3/2006 9:09:06 PM
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 566552
MEMORY TOTAL: 1047852
VIRTUAL FREE: 2018072
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)
  • 0

#14
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download Dr.Web CureIt and save it to your desktop.
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.

Edited by flrman1, 03 November 2006 - 09:47 PM.

  • 0

#15
Apok451

Apok451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Incurable.Moved.;
am_ptvalues_mask.dat;C:\Program Files\spinpalace\global\spectacular3;Modification of Win95.Murkry.983;Moved.;



Logfile of HijackThis v1.99.1
Scan saved at 12:45:17 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\user\Desktop\drweb-cureit.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\cureit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fark.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] "C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKLM\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKLM\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKLM\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKLM\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKLM\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [c0n3i1.exe] C:\WINDOWS\System32\c0n3i1.exe /k
O4 - HKCU\..\RunOnce: [vu404c.exe] C:\WINDOWS\System32\vu404c.exe /k
O4 - HKCU\..\RunOnce: [f3jr0t.exe] C:\WINDOWS\System32\f3jr0t.exe /k
O4 - HKCU\..\RunOnce: [tfmg3c.exe] C:\WINDOWS\System32\tfmg3c.exe /k
O4 - HKCU\..\RunOnce: [uyvgmor.exe] C:\WINDOWS\System32\uyvgmor.exe /k
O4 - HKCU\..\RunOnce: [f1e9a6.exe] C:\WINDOWS\System32\f1e9a6.exe /k
O4 - HKCU\..\RunOnce: [1fz4q.exe] C:\WINDOWS\System32\1fz4q.exe /k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cprplussuppo.../ra/ieatgpc.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP