Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

worm.win32.netsky Please help! [CLOSED]

Started by nickbrooks , Jan 28 2008 08:44 PM

This topic is locked

#1
nickbrooks

Posted 28 January 2008 - 08:44 PM

Member

Member
12 posts

Cant update my games and still getting internet popups and a red sign on my desktop.
happy to donate if fixed!

Here is my HiJack Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:54 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~e5.0001
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" /START
O21 - SSODL: agrlmvp - {FF415364-B57F-4788-B20F-EA99018028C4} - C:\WINDOWS\agrlmvp.dll
O21 - SSODL: bmlvqkn - {404EA935-2C2E-466B-B6DD-1DB0C4F0684E} - C:\WINDOWS\bmlvqkn.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7872 bytes

Edited by nickbrooks, 28 January 2008 - 08:46 PM.

#2
Stamper19

Posted 29 January 2008 - 07:27 AM

Expert

Expert
1,992 posts

Hi nickbrooks,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

Close all applications and windows.
Double-click on DSS.exe to run it, and follow the prompts.
The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:

main.txt and extra.txt from DSS

#3
nickbrooks

Posted 29 January 2008 - 04:28 PM

Member

Topic Starter
Member
12 posts

I only got a main text document to come up.
Here it is
Thanks for the help.

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2008-01-29 15:27:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:04 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~e5.0001
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" /START
O21 - SSODL: agrlmvp - {FF415364-B57F-4788-B20F-EA99018028C4} - C:\WINDOWS\agrlmvp.dll
O21 - SSODL: bmlvqkn - {404EA935-2C2E-466B-B6DD-1DB0C4F0684E} - C:\WINDOWS\bmlvqkn.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7827 bytes

-- Files created between 2007-12-29 and 2008-01-29 -----------------------------

2008-01-29 15:24:34 0 d-------- C:\WINDOWS\privacy_danger
2008-01-28 16:34:40 0 d-------- C:\WINDOWS\LastGood
2008-01-28 16:19:32 0 d-------- C:\Program Files\Activision
2008-01-28 16:17:26 0 d--hs---- C:\WINDOWS\ftpcache
2008-01-27 14:52:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-27 14:52:43 15360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
2008-01-27 14:52:43 122368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
2008-01-27 14:52:43 15872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
2008-01-27 14:52:43 14848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
2008-01-27 14:52:40 155648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-01-27 14:52:40 684032 --a------ C:\WINDOWS\system32\libeay32.dll
2008-01-27 14:52:39 0 d-------- C:\Program Files\Webroot
2008-01-27 14:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-27 14:52:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Webroot
2008-01-26 20:48:40 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-01-26 20:33:06 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-26 20:32:52 0 d-------- C:\Program Files\McAfee
2008-01-26 20:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-01-26 20:32:34 0 d-------- C:\Program Files\McAfee.com
2008-01-22 15:16:31 0 d-------- C:\f2d5eb9655b04b6239e4f9
2008-01-15 22:07:06 0 d-------- C:\Program Files\ScanSpyware v3.8
2008-01-15 18:45:09 0 d-------- C:\Program Files\XoftSpySE
2008-01-15 18:40:59 0 d-------- C:\Program Files\Trend Micro
2008-01-15 18:33:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 22:38:52 81920 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-14 22:38:52 299008 --a------ C:\WINDOWS\agrlmvp.dll <Not Verified; ; agrlmvp>
2008-01-07 19:07:33 0 d-------- C:\Program Files\Bonjour

-- Find3M Report ---------------------------------------------------------------

2008-01-29 15:25:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-01-28 23:42:21 0 d-------- C:\Program Files\Warcraft III
2008-01-28 16:33:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-26 20:49:26 335 --a------ C:\WINDOWS\nsreg.dat
2008-01-26 20:45:58 0 d-------- C:\Program Files\Steam
2008-01-26 20:29:40 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-25 18:18:43 0 d-------- C:\Program Files\World of Warcraft
2008-01-23 15:42:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-01-23 00:15:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-15 21:56:35 0 d-------- C:\Program Files\Google
2008-01-15 21:24:10 374 --a------ C:\Documents and Settings\HP_Administrator\Application Data\internaldb6334.dat
2008-01-15 20:50:40 555 --a------ C:\Documents and Settings\HP_Administrator\Application Data\internaldb8467.dat
2008-01-15 20:50:40 18432 --a------ C:\Documents and Settings\HP_Administrator\Application Data\internaldb41.dat
2008-01-15 18:02:03 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Hamachi
2008-01-09 21:23:11 0 d-------- C:\Program Files\Sonic
2008-01-09 21:23:00 0 d-------- C:\Program Files\Common Files
2008-01-07 21:44:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-01-07 21:06:35 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-01-07 19:07:30 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-31 19:10:57 0 d-------- C:\Program Files\Microsoft Money 2006

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"PCDrProfiler"="" []
"NvCplDaemon"="RUNDLL32.exe" [08/09/2004 09:00 PM C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/31/2006 07:33 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [02/17/2004 03:51 PM]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [02/17/2004 03:51 PM]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [02/17/2004 03:50 PM]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [06/01/2005 02:05 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [07/01/2005 07:22 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [07/08/2005 05:16 PM]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [07/30/2005 02:10 AM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 06:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [07/01/2005 08:42 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [07/01/2005 08:42 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [11/17/2006 04:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 09:00 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [07/20/2005 06:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"= {FF415364-B57F-4788-B20F-EA99018028C4} - C:\WINDOWS\agrlmvp.dll [01/14/2008 10:23 AM 299008]
"bmlvqkn"= {404EA935-2C2E-466B-B6DD-1DB0C4F0684E} - C:\WINDOWS\bmlvqkn.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caeca06-5dba-11db-ba9b-806d6172696f}]
AutoRun\command- E:\autoplay.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PNKBSTRA
*Newly Created Service* - PNKBSTRK

-- End of Deckard's System Scanner: finished at 2008-01-29 15:27:24 ------------

#4
Stamper19

Posted 29 January 2008 - 04:44 PM

Expert

Expert
1,992 posts

Hi nickbrooks,

I see evidence of multiple AntiVirus programs running (TrendMicro, Symantec, McAfee). Running two, or more, anti-virus programs in real time can cause conflicts resulting in less, not more, protection. Unless you have, or can, configure one to work only "on-demand", you will need to choose your favorite and uninstall the others.

----------------------------------------------------------------

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
----------------------------------------------------------------

Information to include in your next post:

ComboFix Log

#5
nickbrooks

Posted 29 January 2008 - 05:14 PM

Member

Topic Starter
Member
12 posts

Ok i ran it and its completed here are the 2 logs.

ComboFix 08-01-30.1 - HP_Administrator 2008-01-29 16:08:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1126 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\HP_Administrator\Favorites\Error Cleaner.url
C:\Documents and Settings\HP_Administrator\Favorites\Privacy Protector.url
C:\Documents and Settings\HP_Administrator\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\UpMedia\ContentTool.dll

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-28 16:35 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-28 16:35 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-28 16:35 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-28 16:35 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-28 16:35 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-28 16:35 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-28 16:35 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-28 16:35 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-01-28 16:35 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-28 16:33 . 2008-01-28 17:58 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-28 16:33 . 2008-01-28 16:36 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-28 16:33 . 2008-01-28 17:58 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-28 16:33 . 2008-01-28 16:33 22,328 --a------ C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
2008-01-28 16:33 . 2008-01-28 16:33 319 --a------ C:\WINDOWS\game.ini
2008-01-28 16:19 . 2008-01-28 16:19 <DIR> d-------- C:\Program Files\Activision
2008-01-28 16:17 . 2008-01-28 16:17 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-27 14:52 . 2008-01-27 14:52 <DIR> d-------- C:\Program Files\Webroot
2008-01-27 14:52 . 2008-01-27 14:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-27 14:52 . 2008-01-27 14:52 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Webroot
2008-01-27 14:52 . 2008-01-27 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-27 14:52 . 2002-08-13 06:09 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2008-01-27 14:52 . 2002-08-13 06:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-01-27 14:52 . 2006-11-17 16:05 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-27 14:52 . 2006-11-17 16:05 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-27 14:52 . 2006-11-17 16:05 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-27 14:52 . 2006-11-17 16:05 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-01-27 12:48 . 2005-07-14 12:33 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2008-01-26 20:48 . 2008-01-26 20:48 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2008-01-26 20:33 . 2008-01-26 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-26 20:32 . 2008-01-27 12:48 <DIR> d-------- C:\Program Files\McAfee.com
2008-01-26 20:32 . 2008-01-26 20:48 <DIR> d-------- C:\Program Files\McAfee
2008-01-26 20:32 . 2008-01-27 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-01-26 20:32 . 2005-07-18 09:03 349,760 -ra------ C:\WINDOWS\system32\mcinsctl.dll
2008-01-26 20:32 . 2005-05-24 16:23 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2008-01-22 15:16 . 2008-01-22 15:40 <DIR> d-------- C:\f2d5eb9655b04b6239e4f9
2008-01-16 09:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-15 22:07 . 2008-01-15 22:07 <DIR> d-------- C:\Program Files\ScanSpyware v3.8
2008-01-15 18:54 . 2008-01-15 18:54 <DIR> d-------- C:\Deckard
2008-01-15 18:45 . 2008-01-15 18:45 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-15 18:40 . 2008-01-18 15:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 18:33 . 2008-01-15 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 22:38 . 2008-01-14 10:23 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-10 14:43 . 2008-01-10 14:43 268 --ah----- C:\sqmdata19.sqm
2008-01-10 14:43 . 2008-01-10 14:43 244 --ah----- C:\sqmnoopt19.sqm
2008-01-09 21:08 . 2008-01-09 21:08 268 --ah----- C:\sqmdata18.sqm
2008-01-09 21:08 . 2008-01-09 21:08 244 --ah----- C:\sqmnoopt18.sqm
2008-01-09 14:44 . 2008-01-09 14:44 268 --ah----- C:\sqmdata17.sqm
2008-01-09 14:44 . 2008-01-09 14:44 244 --ah----- C:\sqmnoopt17.sqm
2008-01-07 19:14 . 2008-01-07 19:14 268 --ah----- C:\sqmdata16.sqm
2008-01-07 19:14 . 2008-01-07 19:14 244 --ah----- C:\sqmnoopt16.sqm
2008-01-07 19:07 . 2008-01-07 19:07 <DIR> d-------- C:\Program Files\Bonjour
2007-12-16 12:54 . 2007-12-16 12:54 268 --ah----- C:\sqmdata15.sqm
2007-12-16 12:54 . 2007-12-16 12:54 244 --ah----- C:\sqmnoopt15.sqm
2007-12-15 13:13 . 2007-12-15 13:13 268 --ah----- C:\sqmdata14.sqm
2007-12-15 13:13 . 2007-12-15 13:13 244 --ah----- C:\sqmnoopt14.sqm
2007-12-15 13:06 . 2007-12-15 13:06 268 --ah----- C:\sqmdata13.sqm
2007-12-15 13:06 . 2007-12-15 13:06 244 --ah----- C:\sqmnoopt13.sqm
2007-12-12 18:38 . 2008-01-27 14:57 268 --ah----- C:\sqmdata12.sqm
2007-12-12 18:38 . 2008-01-27 14:57 244 --ah----- C:\sqmnoopt12.sqm
2007-12-06 14:55 . 2008-01-27 14:51 268 --ah----- C:\sqmdata11.sqm
2007-12-06 14:55 . 2008-01-27 14:51 244 --ah----- C:\sqmnoopt11.sqm
2007-12-05 14:43 . 2008-01-27 12:48 268 --ah----- C:\sqmdata10.sqm
2007-12-05 14:43 . 2008-01-27 12:48 244 --ah----- C:\sqmnoopt10.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 23:08 --------- d-----w C:\Program Files\Warcraft III
2008-01-29 22:25 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-01-28 23:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 03:45 --------- d-----w C:\Program Files\Steam
2008-01-27 03:29 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-26 01:18 --------- d-----w C:\Program Files\World of Warcraft
2008-01-23 22:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-01-23 07:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-23 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-16 04:56 --------- d-----w C:\Program Files\Google
2008-01-16 04:24 374 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\internaldb6334.dat
2008-01-16 03:50 555 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\internaldb8467.dat
2008-01-16 03:50 18,432 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\internaldb41.dat
2008-01-16 01:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Hamachi
2008-01-10 04:23 --------- d-----w C:\Program Files\Sonic
2008-01-08 04:44 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-01-08 02:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-01 02:10 --------- d-----w C:\Program Files\Microsoft Money 2006
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 00:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-28 00:39 228,864 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:57 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:57 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:57 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-04-24 02:30 608 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2006-12-10 19:40 8,331,420 ----a-w C:\Program Files\BearShare_Pro_v5[1].2.4.1-.rar
2006-02-19 17:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-09-27 22:01 88 --sh--r C:\WINDOWS\system32\91CA845591.sys
2007-09-27 22:01 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-07-20 06:00 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-09 21:00 33280 C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-31 07:33 180269]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" [2005-06-01 14:05 368714]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 17:16 212992]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masalert.exe" [2005-07-30 02:10 311296]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42 49152]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-11-17 16:14 4806656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"= {FF415364-B57F-4788-B20F-EA99018028C4} - C:\WINDOWS\agrlmvp.dll [ ]
"bmlvqkn"= {404EA935-2C2E-466B-B6DD-1DB0C4F0684E} - C:\WINDOWS\bmlvqkn.dll [ ]

S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-07-25 22:32]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-07-25 22:35]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]
S3 RenameMe;RenameMe;C:\WINDOWS\system32\RenameMe.sys [2006-08-12 19:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
*Newly Created Service* - PNKBSTRA
*Newly Created Service* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 16:09:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 03:34:02 C:\WINDOWS\Tasks\McAfee AntiSpyware.job"
- c:\progra~1\mcafee\MCAFEE~1\MASCon.exe
"2008-01-26 03:00:16 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-01-29 00:00:12 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-27 01:49:55 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 16:12:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 16:13:13
ComboFix-quarantined-files.txt 2008-01-30 23:13:11
.
2008-01-18 22:26:50 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:15 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~e5.0001
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" /START
O21 - SSODL: agrlmvp - {FF415364-B57F-4788-B20F-EA99018028C4} - C:\WINDOWS\agrlmvp.dll (file missing)
O21 - SSODL: bmlvqkn - {404EA935-2C2E-466B-B6DD-1DB0C4F0684E} - C:\WINDOWS\bmlvqkn.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7218 bytes

#6
Stamper19

Posted 29 January 2008 - 06:12 PM

Expert

Expert
1,992 posts

Hi nickbrooks,

Good job. We are making progress.

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O21 - SSODL: agrlmvp - {FF415364-B57F-4788-B20F-EA99018028C4} - C:\WINDOWS\agrlmvp.dll (file missing)
O21 - SSODL: bmlvqkn - {404EA935-2C2E-466B-B6DD-1DB0C4F0684E} - C:\WINDOWS\bmlvqkn.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

----------------------------------------------------------------

Information to include in your next post:

Kapersky Scan Log
Fresh HiJack This Log
Let me know how things are running

#7
nickbrooks

Posted 29 January 2008 - 06:27 PM

Member

Topic Starter
Member
12 posts

The scan is going right now but i have a quick question
would the stuff i might be infected with cut off some of my games to the internet?
because i also noticed along with pop ups that i couldnt connect to servers.
or is this a whole nother problem?

#8
Stamper19

Posted 29 January 2008 - 06:40 PM

Expert

Expert
1,992 posts

My first inclination is that its not related to the malware, but lets see what the Kapersky scan comes back with. You should be seeing some improvement with the other issues at this point.

#9
nickbrooks

Posted 29 January 2008 - 07:07 PM

Member

Topic Starter
Member
12 posts

ok well i started the second scan and its only at 5%
supposed to be this slow?

EDIT: jumped to 60% back on track sorry for gettin anxious heh.

Edited by nickbrooks, 29 January 2008 - 07:12 PM.

#10
nickbrooks

Posted 29 January 2008 - 09:55 PM

Member

Topic Starter
Member
12 posts

Here are the results (not good)
and the other logs.

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 30, 2008 8:53:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/01/2008
Kaspersky Anti-Virus database records: 536623

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects 176331
Number of viruses found 8
Number of infected objects 16
Number of suspicious objects 0
Duration of the scan process 02:40:12

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\097100CA.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BC205BC.tmp Infected: Backdoor.Win32.IRCBot.dd skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BCF2DAE.tmp Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F2D1D41.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10665BE8.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\146065CF.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49821F0F.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1483104549_46661632_81795 Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{77205772-605F-46D4-8E54-171906E84C5F}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\cert8.db Object is locked skipped

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\history.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\key3.db Object is locked skipped

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\parent.lock Object is locked skipped

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\search.sqlite Object is locked skipped

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Desktop\Junk\Setup.exe Infected: not-a-virus:AdTool.Win32.Zango.b skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3x53oqzq.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Administrator\Shared\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0189432A-35EC-4936-AAF4-CD59D198DA1D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS08A066DC-26D6-4C77-A004-3BBA97FDDBE0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0A54E93F-7D38-45A3-9AE2-597189108447.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E85D064-24D6-4D9A-90E1-C1982DE0DD7B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F2BC12A-2655-49BC-9800-470F27DF4383.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11912957-DE2B-4761-9D14-CDAA98D47396.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS15D60E57-8EE8-44B1-A1BF-CC4E8ECB6B34.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1957167F-9C53-4348-B584-33823397D28F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1E2B11F7-F4AE-4748-A7DD-0074851D8F77.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B0F579C-5FB0-4942-94E3-5CED8F8A0E02.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E9CFCC7-8365-44F8-8EE8-6B4BD9E2E582.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3560079A-2278-476D-A35F-23F898CE54AC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C3AEF97-3F88-4FF3-A616-A2F92375AB9D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3CBF59A5-F4A0-4E23-8528-96D931664621.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44D3F2B2-5422-42C6-AB21-25998830763E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4BE8A1E2-6DE1-40A7-AECA-E2A10C649E08.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58081B8B-0D73-45C5-ABB2-CAD1BED592CD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5AE8E616-582A-4B47-B528-BFCCDF5888BB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS63B56857-564D-4E07-8250-5B112F3B3981.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS64073895-A4CD-480C-8A6A-F4A4D235BC92.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6792AB34-B0B2-4F18-A4A7-69B47898D616.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS67A237E7-52FD-4DA7-9B49-CE684405D051.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6B13ECE3-87A6-4B89-AC19-9CCE6364A435.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS724D6AD9-D80C-49D2-AA1B-031EB48A2ADC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS725367BC-1E7A-4A6E-AB02-28EF97DEEE5C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7BD0ED97-7554-4DA6-BC09-D17205842FC0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS80DE8570-D123-4880-95D5-5A0977440790.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8307E417-2CE6-4157-9E91-D9D8FB95650C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS862B35BA-5CDD-432D-92BE-36CBB4B22AEA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87476C27-585D-4BC5-95E8-818ED668B305.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS875AB360-E1F7-40CE-98F1-904F5C2D82B4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8911C326-791E-4AD9-8FEA-7877E02B6412.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS89E48A64-7876-41D8-86FD-04E8B362EB01.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8BB2A12F-88B6-4B44-872C-CF6144BBB0A3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8CDA24B6-95B3-4ACF-9F63-94E39961CA12.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94E90170-CE63-4097-83E0-18BEAE318C39.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA29228E2-E948-4BA2-8E90-2D072D2E60D1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA48417A6-A3E4-4F78-9854-0A3B0C3167A2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFBF563C-30EA-4E69-BDC4-4C2E2BA1C0BE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2313AD3-09F8-4154-8034-CE892039F731.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB2FBA969-05C4-4EEE-80B2-80B8C6EBA74B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB3264D7B-68DE-4365-AF87-4D49FF9CB50A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB41FD4CE-DB3A-47B9-9E5C-9DD18752FE46.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB5CF17A5-92C7-4EF6-A58E-22232CDD69DE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB71CDB65-EB4E-49B1-8250-C985AA402D6A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB75FD8AD-B53D-476B-A7B9-2518C3F415B0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB00BF93-96E2-4E0B-A9DB-120D4CA655BD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC6377CA-E901-41D3-AFDB-B76A544E5A41.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC0B12611-967F-4935-BAC5-B7188E570926.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC1D56826-7951-4D0D-94F4-058F8F8E870E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCAE56D5B-C2A2-47DE-AC95-8DF77F0AA90C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCFF9BEA8-1CD2-4DA2-82BF-2FCEB49A509E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1A621D6-D7C1-48C2-B0BE-305A86BF3482.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD245841E-2632-4779-99FF-FF6677563E5B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD25EB419-53BF-481D-8DAD-C28BBE6A9957.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD749DB7B-E6AD-4633-8B47-4EFED739B89D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8B67C7D-B690-4FB4-A423-234CB6B63942.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA433DBD-0F23-486D-B2C1-A1C5EA14F943.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB0FBFAC-6717-4140-BBC0-6F073F6C8795.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE0EBE6DE-9E6C-49AE-8E4B-A3F67B001282.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE45D8EA7-11F1-4FBD-BD82-5AD536C737BB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE6E6A6A1-052F-461A-9A01-5CDF4373C1D9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEFCB4E70-03BA-4658-8D5F-FFB080B09552.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF31401BA-867C-4DA9-9349-51BBC4D0F350.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF585872F-D5C9-4C97-843D-439915BF64C5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFC406FAA-968E-495B-A235-0F3DB2862E60.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFD14FF90-0EBF-4978-8B46-9BA3870F404C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFD2D3CA0-8A58-47C3-974F-E2D59AAEDA9B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF1AE4CD-67AB-435F-9FDC-538D693F2FED.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0436NAV~.TMP Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0965NAV~.TMP Object is locked skipped

C:\Program Files\Warcraft III\bncache.dat Object is locked skipped

C:\Program Files\Warcraft III\TempReplay.w3g Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP378\A0202294.exe Infected: not-a-virus:AdWare.Win32.Vapsup.aay skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP380\A0203558.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP398\change.log Object is locked skipped

C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe NSIS: infected - 3 skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\fxtqdrl.exe Infected: not-a-virus:AdWare.Win32.Vapsup.aay skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7208F4A8-14B3-4E50-BBE8-88ECB6D95CAC}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:58 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~e5.0001
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" /START
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7088 bytes

#11
Stamper19

Posted 30 January 2008 - 06:53 AM

Expert

Expert
1,992 posts

Hey nickbrooks,

The Kapersky isnt as bad as ya think. Still, a few things for us to get rid of there, so lets get it taken care of.

Lets delete some ill mannered files.

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\HP_Administrator\Desktop\Junk\Setup.exe
C:\Documents and Settings\HP_Administrator\Shared\Top of Charts - 2003.wma
C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
C:\WINDOWS\fxtqdrl.exe
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum along with a fresh HiJack This log.

Also, let me know how the computer is running.

#12
nickbrooks

Posted 30 January 2008 - 03:44 PM

Member

Topic Starter
Member
12 posts

The link to download it comes up as a 404 error, but
i searched the web and found it on another site.

Edited by nickbrooks, 30 January 2008 - 03:46 PM.

#13
nickbrooks

Posted 30 January 2008 - 03:49 PM

Member

Topic Starter
Member
12 posts

I think its pretty much gone because, i have not had 1 internet pop up.
nor the big red sign on my screen.
Does this mean im cleansed?

#14
Stamper19

Posted 30 January 2008 - 05:57 PM

Expert

Expert
1,992 posts

Good to hear things are running better. Did OT MoveIt produce a report?

#15
Stamper19

Posted 18 February 2008 - 10:05 AM

Expert

Expert
1,992 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.