Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ssqrp.dll malware (result from ishost.exe virus?)


  • Please log in to reply

#31
Zardok

Zardok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Heres the SmitfraudFix log i just ran:


SmitFraudFix v2.122

Scan done at 22:14:30.71, 17/11/2006
Run from C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements


#32
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Nothing wrong there! :whistling:


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#33
Zardok

Zardok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Ok, i ran F-Secure Online Scanner twice. the first time it may have froze while disinfecting, it was disinvecting and submiting 2/11 for a couple hours. lol, im impatient after 2 hours so i cancled it and got this report:

Scanning Report
Saturday, November 18, 2006 23:16:30 - 02:04:22

Computer name: IT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 11 malware found
IEHIjacker.SearchExe (spyware)

* System

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System (Submitted)
* System
* System
* System
* System
* System
* System
* System

Statistics
Scanned:

* Files: 47638
* System: 7747
* Not scanned: 14

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 10
* Submitted: 1

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\SQLITE_7RK5MLXZ4TFQ7G7
* C:\WINDOWS\TEMP\SQLITE_IZRUB8IJTNJ8Z7P
* C:\WINDOWS\TEMP\SQLITE_OAV282GZCU94DCA
* C:\WINDOWS\TEMP\SQLITE_SVAYSCZERGNVBRH
* C:\WINDOWS\TEMP\SQLITE_TVATNRRKW5G7C2S
* C:\WINDOWS\TEMP\SQLITE_XMY080R0GDUFC59
* C:\WINDOWS\SYSTEM32\PROCESS.EXE
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{CF617BFC-53C5-4DEB-8791-BDA8EFF91CAD}.BIN
* C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\MY DOCUMENTS\MY DOWNLOADS\SMITFRAUDFIX\PROCESS.EXE
* C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\DESKTOP\SMITFRAUDFIX\PROCESS.EXE
* C:\DOCUMENTS AND SETTINGS\BILLY\LOCAL SETTINGS\TEMP\HSPERFDATA_BILLY\5148

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-11-17
* F-Secure AVP: 7.0.171, 2006-11-17
* F-Secure Orion: 1.2.37, 2006-11-17
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-08-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

=====================================================================


The second scan i ran overnight while i was sleeping. i disinfected and submited this one and it took like 2 seconds, heres that report:

Scanning Report
Sunday, November 19, 2006 02:10:12 - 13:12:14

Computer name: IT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 1 malware found
IEHIjacker.SearchExe (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 47644
* System: 6989
* Not scanned: 14

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\SQLITE_5IYBTNENBMYJ9BV
* C:\WINDOWS\TEMP\SQLITE_7RK5MLXZ4TFQ7G7
* C:\WINDOWS\TEMP\SQLITE_IZRUB8IJTNJ8Z7P
* C:\WINDOWS\TEMP\SQLITE_OAV282GZCU94DCA
* C:\WINDOWS\TEMP\SQLITE_SVAYSCZERGNVBRH
* C:\WINDOWS\TEMP\SQLITE_TVATNRRKW5G7C2S
* C:\WINDOWS\TEMP\SQLITE_ZII3ONAVJCEIBC1
* C:\WINDOWS\SYSTEM32\PROCESS.EXE
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{CF617BFC-53C5-4DEB-8791-BDA8EFF91CAD}.BIN
* C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\MY DOCUMENTS\MY DOWNLOADS\SMITFRAUDFIX\PROCESS.EXE
* C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\DESKTOP\SMITFRAUDFIX\PROCESS.EXE

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-11-17
* F-Secure AVP: 7.0.171, 2006-11-17
* F-Secure Orion: 1.2.37, 2006-11-17
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-08-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#34
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets keep checking things out before we call it clear.


Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.


Please run the Bit Defender Online Scan
http://www.bitdefend...m/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here
  • 0

#35
Zardok

Zardok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Heres the uninstall log from HJT:

µTorrent
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Agere Systems PCI-SV92PP Soft Modem
Alien Outbreak 2
Ancient Sudoku
ArcSoft VideoImpression 1.6
AVG 7.5
Bejeweled 2 Deluxe
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Blaze Media Pro
Bookworm Deluxe
Bounce Symphony
BOWEP setup
ccCommon
Chuzzle Deluxe
Compaq Connections (remove only)
Customer Experience Enhancement
Diner Dash
DISCover
Enhanced Multimedia Keyboard Solution
EverQuest Titanium
ewido anti-spyware 4.0
Fairies
Family Feud
FATE
Flip Words
Fraps
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Video Player
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hollywood FX 5.5 Additional Effects
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
HP Boot Optimizer
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Software Update
HP Support Overview
HP Web Helper
HyperCam 2
InCD (Ahead Software)
Insaniquarium Deluxe
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Jewel Quest
KnightOnline
LimeWire 4.12.6
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Mah Jong Quest
MapleStory
McAfee SecurityCenter
Messenger Plus! Live
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft LifeCam
Microsoft Money 2006
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Works
Mozilla Firefox (1.5.0.8)
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Mystery Case Files
Nero
NeroMediaPlayer
NetBattle
Norton AntiSpam
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Otto
PC-Doctor 5 for Windows
Pinnacle Hollywood FX for Studio
Poker Superstars
Polar Bowler
Polar Golfer
proDAD Heroglyph 1.0
proDAD Heroglyph 2.0
Project64 1.6
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
Ready to Program with Java Technology
RealPlayer
Realtek High Definition Audio Driver
Ricochet Lost Worlds
Runescape Xplorer 3
SCRABBLE
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Slingo Deluxe
Smart Menus (Windows Live Toolbar)
SmartSound Quicktracks Plugin
Snowy The Bears Adventure
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Studio 9
Studio 9 Content CD/DVD
Super Granny
SwiftSwitch
Tennis Titans
Tornado Jockey
Tradewinds
Turing (Object Oriented Turing)
Turing 4.0.4c (Object Oriented Turing)
Ultima Online: Mondain's Legacy
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB PC Camera(SN9C102)
WebWall - Web Application Firewall 1.2.05 Build 0607
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
WinRAR archiver
World of Warcraft
Xfire (remove only)
XoftSpy

===============================================

I'm going to run the BitDefender scan now.
  • 0

#36
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Once Bit Defender is Completed,go to Add\Remove Programs and Remove:

J2SE Runtime Environment 5.0 Update 5

J2SE Runtime Environment 5.0 Update 6



Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

  • 0

#37
Zardok

Zardok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Heres the Bit Defender log, edited a bit to be more user-friendly. I saved it as a .html and it didn't look pretty when i pasted it into the forum.


BitDefender Online Scanner

Scan report generated at: Mon, Nov 20, 2006 - 18:53:48

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
03:06:51

Files
1924063

Folders
14372

Boot Sectors
3

Archives
19999

Packed Files
199244


Results

Identified Viruses
2

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4


Engines Info

Virus Definitions
317044

Engine build
AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1


Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes


Scanned File
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C355307.tmp=>(Quarantine-2)

Status
Infected with: Generic.Malware.Bdld!!.2142B184

Scanned File
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C355307.tmp=>(Quarantine-2)

Status
Disinfection failed

Scanned File
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C355307.tmp=>(Quarantine-2)

Status
Deleted

Scanned File
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP95\A0051118.exe

Status
Infected with: Trojan.Downloader.Zlob.AXT

Scanned File
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP95\A0051118.exe

Status
Disinfection failed

Scanned File
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP95\A0051118.exe

Status
Deleted

Scanned File
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP96\A0051293.exe

Status
Infected with: Trojan.Downloader.Zlob.AXT

Scanned File
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP96\A0051293.exe

Status
Disinfection failed

Scanned File
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP96\A0051293.exe

Status
Deleted


=====================================================================

Edit: When I click on "Remove" on "J2SE Runtime Environment 5.0 Update 5" and "J2SE Runtime Environment 5.0 Update 5", Add/Remove Programs says that "Another installation is already in progress. Complete that installation before proceeding with this install." but nothing is appearently runnig.

Edited by Zardok, 20 November 2006 - 08:49 PM.

  • 0

#38
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead and follow the steps for Updating Java and Clearing Cache


Restart the PC then remove those items from Add\Remove programs.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#39
Zardok

Zardok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Either way i try to update my Java, it says it is unable to because another instilation is running. I'v tried from bot the control panel and online and get the same result. :whistling:
Should i move on to Kaspersky Online Scanner, skiping updating my Java?
  • 0

#40
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Yes please go on with the Kaspersky scan and post those results along with a fresh HijackThis log,please.
  • 0

Advertisements


#41
Zardok

Zardok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OK, here is the Kaspersky log:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 22, 2006 3:11:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/11/2006
Kaspersky Anti-Virus database records: 243756
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 202596
Number of viruses found: 5
Number of infected objects: 11 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:24:00

Infected Object Name / Virus Name / Last Action
C:\Config.Msi\7452080.rbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{87AADDC7-121E-4C22-87DB-E0369C2C07F4}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{DA9F817C-E03E-4D26-9614-65130F0976A7}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F4E44D59-3731-45C6-B72F-00482FA0B81C}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\APH.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-11-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\506460F6.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CFC411C.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\cert8.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\history.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\key3.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\parent.lock Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix\Process.exe Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdMgr.exe.f0c5ac89.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_2F72_B422_7D76_76EE\dfsr.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_2F72_B422_7D76_76EE\fsr.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_2F72_B422_7D76_76EE\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_2F72_B422_7D76_76EE\tmp.edb Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bjfmpjnl.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\MSHist012006112120061122\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\hsperfdata_Compaq_Administrator\6076 Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFC3E7.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFC3FA.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\SmitfraudFix\Process.exe Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\ssfsetup5240.zip/ssfsetup5240.exe/data0009 Infected: not-a-virus:Monitor.Win32.SpySweeper.a skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\ssfsetup5240.zip/ssfsetup5240.exe Infected: not-a-virus:Monitor.Win32.SpySweeper.a skipped
C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\ssfsetup5240.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Install\cnfgsvr.out Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\WebWall\logFiles\system.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP101\change.log Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0042610.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.en skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{568FE1C1-269E-44CA-9CA5-2FA62849AC2F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CF617BFC-53C5-4DEB-8791-BDA8EFF91CAD}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_df0.dat Object is locked skipped
C:\WINDOWS\Temp\sqlite_1UpPavPbCc7s1to Object is locked skipped
C:\WINDOWS\Temp\sqlite_7Rk5mlXZ4tfQ7G7 Object is locked skipped
C:\WINDOWS\Temp\sqlite_avSPkMl1Y84NEOz Object is locked skipped
C:\WINDOWS\Temp\sqlite_aY4aYadYMguAtAS Object is locked skipped
C:\WINDOWS\Temp\sqlite_Bu6a8wYVnwtWbnI Object is locked skipped
C:\WINDOWS\Temp\sqlite_DbvFekxPEctlbuY Object is locked skipped
C:\WINDOWS\Temp\sqlite_dZCu6gSmf8kD4Le Object is locked skipped
C:\WINDOWS\Temp\sqlite_izRub8iJtnj8z7P Object is locked skipped
C:\WINDOWS\Temp\sqlite_JUjPmIBWNmo6toq Object is locked skipped
C:\WINDOWS\Temp\sqlite_KaA8qdyVNtAwi9p Object is locked skipped
C:\WINDOWS\Temp\sqlite_Kt1lESrBq9cFgY4 Object is locked skipped
C:\WINDOWS\Temp\sqlite_oAv282gzcU94dca Object is locked skipped
C:\WINDOWS\Temp\sqlite_sVaYsczERgnVbrh Object is locked skipped
C:\WINDOWS\Temp\sqlite_SvzcIU5HOruNk5J Object is locked skipped
C:\WINDOWS\Temp\sqlite_tvAtnrRKW5G7C2s Object is locked skipped
C:\WINDOWS\Temp\sqlite_tx36D2p93tytbZb Object is locked skipped
C:\WINDOWS\Temp\sqlite_ubQWF3R1FkNqWW7 Object is locked skipped
C:\WINDOWS\Temp\sqlite_ZIi3ONAVjceIbc1 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP101\change.log Object is locked skipped

Scan process completed.


=====================================================================

and a HJT log i just ran:

Logfile of HijackThis v1.99.1
Scan saved at 3:16:11 PM, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\WebWall\WebWall.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\cnfgsvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [WebWall] C:\Program Files\WebWall\WebWall.exe -startnow
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

#42
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
You need to trim the machine down so there is only on Antivirus active on the machine.

If you will,scan fresh with ComboFix and let me see if I can find whats launching the Java installation.
  • 0

#43
Zardok

Zardok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Heres a fresh ComboFix log:


Compaq_Administrator - 06-11-24 15:38:02.17 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Compaq_Administrator\My Documents\My Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-10-24 to 2006-11-24 ))))))))))))))))))))))))))))))))))


2006-11-24 01:46 23,040 --------- C:\WINDOWS\kb913800.exe
2006-11-18 12:12 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2006-11-18 12:10 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2006-11-18 12:10 35,048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-11-18 12:10 34,120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2006-11-18 12:10 31,944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2006-11-18 12:10 168,392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2006-11-18 12:10 100,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2006-11-17 22:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-17 22:14 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-17 22:14 4,570 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-17 22:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-17 22:14 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 21:00 0 --a------ C:\backup.reg
2006-11-01 20:26 126,976 --a------ C:\zip.exe
2006-11-01 07:15 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-01 07:15 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-24 15:24 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-24 03:01 -------- d-------- C:\Program Files\Windows Media Player
2006-11-23 02:22 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-11-22 20:10 -------- d-------- C:\Program Files\SiteAdvisor
2006-11-21 01:26 -------- d-------- C:\Program Files\World of Warcraft
2006-11-19 23:06 -------- d--h----- C:\Program Files\Uninstall Information
2006-11-19 23:06 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-11-19 23:06 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-19 23:00 -------- d---s---- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
2006-11-19 22:50 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-11-19 22:49 -------- d-------- C:\Program Files\Common Files\System
2006-11-19 22:48 -------- d-------- C:\Program Files\Microsoft Office
2006-11-18 12:12 -------- d-------- C:\Program Files\McAfee
2006-11-18 12:12 -------- d-------- C:\Program Files\Common Files\McAfee
2006-11-17 21:42 -------- d-------- C:\Program Files\Norton Internet Security
2006-11-17 21:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-17 21:27 -------- d-------- C:\Program Files\WebWall
2006-11-17 20:13 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-17 20:12 -------- d-------- C:\Program Files\Internet Explorer
2006-11-17 19:53 -------- d-------- C:\Program Files\XoftSpy
2006-11-06 21:20 -------- d-------- C:\Program Files\Common Files
2006-11-02 15:11 -------- d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SiteAdvisor
2006-11-02 08:01 -------- d-------- C:\Program Files\McAfee.com
2006-11-01 07:15 816288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-01 07:15 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-01 07:15 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-01 07:15 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-25 20:40 -------- d-------- C:\Program Files\MSN Messenger
2006-10-22 14:58 -------- d-------- C:\Program Files\SwiftSwitch
2006-10-20 23:44 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-10-19 15:13 -------- d-------- C:\Program Files\Google
2006-10-16 23:13 570 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\turing_files.ini
2006-10-16 20:27 403 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\ready_files.ini
2006-10-14 02:02 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 07:35 65536 --------- C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --------- C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --------- C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --------- C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-11 18:02 -------- d-------- C:\Program Files\NetBattle
2006-10-11 05:15 -------- d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2006-10-11 05:02 -------- d-------- C:\Program Files\Ready to Program
2006-10-11 03:18 -------- d-------- C:\Program Files\uTorrent
2006-10-11 03:05 -------- d--h----- C:\Program Files\Zero G Registry
2006-10-11 02:36 -------- d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\UseNeXT
2006-10-11 02:05 -------- d-------- C:\Program Files\BitComet
2006-10-04 20:10 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-04 20:10 -------- d-------- C:\Program Files\EA Games
2006-10-01 01:26 -------- d-------- C:\Program Files\Blaze Media Pro
2006-09-30 21:14 -------- d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Seven Zip
2006-09-15 21:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 13:16 262144 --a------ C:\WINDOWS\system32\Manipulate.dll
2006-09-11 09:40 233472 --a------ C:\WINDOWS\system32\erdmpg-5.0.dll
2006-09-11 09:38 155648 --a------ C:\WINDOWS\system32\DirectEncode.dll
2006-08-25 10:45 617472 --------- C:\WINDOWS\system32\comctl32.dll
2006-08-10 13:36 125221 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\Cosmos Prefs


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"RTHDCPL"="RTHDCPL.EXE"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"DISCover"="C:\\Program Files\\DISC\\DISCover.exe"
"DiscUpdateManager"="C:\\Program Files\\DISC\\DiscUpdMgr.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"PCDrProfiler"=""
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"VX3000"="C:\\WINDOWS\\vVX3000.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"USB2Check"="RUNDLL32.EXE \"C:\\WINDOWS\\system32\\PCLECoInst.dll\",CheckUSBController"
"USBToolTip"="\"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\USBTip\\USBTip.exe\""
"WebWall"="C:\\Program Files\\WebWall\\WebWall.exe -startnow"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"!mcagntps.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee.com\\agent\\mcagntps.dll"
"mcagent.exe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe -regserver"
"!mcmispps.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcmispps.dll"
"!mccfgpv.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mccfgpv.dll"
"mclogsrv.exe"="c:\\PROGRA~1\\mcafee\\msc\\mclogsrv.exe -regserver"
"!mcdbmgr.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcdbmgr.dll"
"!mcmismgr.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcmismgr.dll"
"!mcmscver.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcmscver.dll"
"mcpromgr.exe"="c:\\PROGRA~1\\mcafee\\msc\\mcpromgr.exe -regserver"
"!mcprotpv.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcprotpv.dll"
"!mcshllps.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcshllps.dll"
"!mcuicfg.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcuicfg.dll"
"mcupdmgr.exe"="c:\\PROGRA~1\\mcafee\\msc\\mcupdmgr.exe -regserver"
"mcupdui.exe"="c:\\PROGRA~1\\mcafee\\msc\\mcupdui.exe -regserver"
"mcusrmgr.exe"="c:\\PROGRA~1\\mcafee\\msc\\mcusrmgr.exe -regserver"
"!qcmisp.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mqc\\qcmisp.dll"
"!mcnmcsps.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcnmcsps.dll"
"!mcnmcsrv.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcnmcsrv.dll"
"!mcnmcprv.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcnmcprv.dll"
"!mcnmcver.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msc\\mcnmcver.dll"
"!mccoreps.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\core\\mccoreps.dll"
"!mcevtbrk.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\core\\mcevtbrk.dll"
"!MCNASV~1.DLL"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\mna\\MCNASV~1.DLL"
"mcnasvc.exe"="c:\\PROGRA~1\\COMMON~1\\mcafee\\mna\\mcnasvc.exe -regserver"
"!mcuj.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\mna\\mcuj.dll"
"mcsysmon.exe"="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcsysmon.exe -regserver"
"!mcvsps.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsps.dll"
"!naiannps.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\naiannps.dll"
"!mcvsqt.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsqt.dll"
"!mvscfg.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mvscfg.dll"
"!mvsver.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mvsver.dll"
"!mvsscan.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mvsscan.dll"
"!naiann.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\naiann.dll"
"!mcodsps.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsps.dll"
"!mcodsax.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcodsax.dll"
"mcods.exe"="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcods.exe -regserver"
"mcvsshld.exe"="c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsshld.exe -regserver"
"!mcvspp.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvspp.dll"
"!mvsap.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mvsap.dll"
"!mvslog.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mvslog.dll"
"!hwapips.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\HACKER~1\\hwapips.dll"
"hwapi.exe"="c:\\PROGRA~1\\COMMON~1\\mcafee\\HACKER~1\\hwapi.exe -regserver"
"!redirps.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\redirsvc\\redirps.dll"
"!redirver.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\redirsvc\\redirver.dll"
"redirsvc.exe"="c:\\PROGRA~1\\COMMON~1\\mcafee\\redirsvc\\redirsvc.exe -regserver"
"!empxyver.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\emproxy\\empxyver.dll"
"!fwdrvver.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\fwdriver\\fwdrvver.dll"
"!mpfp.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mpf\\mc\\mpfp.dll"
"!mpfmisp.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mpf\\mc\\mpfmisp.dll"
"mcproxy.exe"="c:\\PROGRA~1\\COMMON~1\\mcafee\\mcproxy\\mcproxy.exe -regserver"
"!proxyver.dll"="regsvr32.exe /s c:\\PROGRA~1\\COMMON~1\\mcafee\\mcproxy\\proxyver.dll"
"!mskset.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msk\\mskset.dll"
"!mcapfilt.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msk\\mcapfilt.dll"
"!mskmisp.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msk\\mskmisp.dll"
"!mskp3plg.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msk\\mskp3plg.dll"
"!mskengn.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msk\\mskengn.dll"
"!mskwm.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\msk\\mskwm.dll"
"!mpsps.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mps\\mpsps.dll"
"!mpsppm.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mps\\mpsppm.dll"
"!mpsver.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mps\\mpsver.dll"
"!mpsmisp.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mps\\mpsmisp.dll"
"!mbkprov.dll"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mbk\\mbkprov.dll"
"!MBKCLI~1.DLL"="regsvr32.exe /s c:\\PROGRA~1\\mcafee\\mbk\\MBKCLI~1.DLL"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
Completion time: 06-11-24 15:39:42.67
C:\ComboFix.txt ... 06-11-24 15:39
C:\ComboFix2.txt ... 06-11-17 20:40
C:\ComboFix3.txt ... 06-11-06 21:28

Edited by Zardok, 24 November 2006 - 02:40 PM.

  • 0

#44
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Open the taskmanager and click the Processes tab

Right Click and Select End Process for:

C:\WINDOWS\system32\msiexec.exe

There may be more than one instances running.

After both are killed,try the java updates again.
  • 0

#45
Zardok

Zardok

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
There is no msiexec.exe listed in the processes tab of the task manager...

see
Posted Image

Edited by Zardok, 24 November 2006 - 03:03 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP