Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Qoobox? [CLOSED]

Started by Famoustar , Mar 04 2008 10:12 PM

  • This topic is locked This topic is locked

#1
Famoustar
Posted 04 March 2008 - 10:12 PM

Famoustar

    Member

  • Member
  • PipPip
  • 45 posts
Well I was trying to get a hex editor, and I visited this really nice site that looked like it was made by an average college student, so I downloaded the hex editor. Didn't turn out so well.

My computer made a large amount of beeping sounds so I knew it wouldn't be good

I looked in the process list and noticed 4 new processes of which 3 were coming from temp. I end tasked them and they did not return. My first idea was to clear the temp files with atf cleaner, but it would close a few seconds after I opened it. My next thought was to get into safemode and I promptly unplugged my adapter.

Safemode didn't work for me. It just restarted my computer. So I used safebootfix.reg and went into safemode where I found ATF cleaner to be deleted off my system. I proceeded to then use CleanUp! I then used Hijack This! but didn't notice any anomalies which was odd. I went to Comboscan but I didn't know how to read that scan. So I went to Ad-Aware SE (Which happens to be my only virus protection atm. This is what came up

ArchiveData(auto-quarantine- 2008-03-04 19-39-31.bckp)
Referencefile : SE1R210 27.12.2007
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Admin\Application Data\microsoft\office\recent\1199112607303.gif.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Admin\recent\??.txt.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Admin\Application Data\microsoft\office\recent\Act I Scene iii.doc.LNK
obj[3]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\direct3d\mostrecentapplication name
obj[4]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[5]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\direct3d\mostrecentapplication name
obj[6]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[7]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[8]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\directinput\mostrecentapplication name
obj[9]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\directinput\mostrecentapplication id
obj[10]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\mediaplayer\player\recentfilelist
obj[11]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru value
obj[12]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[13]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[14]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[15]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[16]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[17]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[18]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.log
obj[19]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.png
obj[20]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.psd
obj[21]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.rar
obj[22]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[23]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.wmv
obj[24]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[25]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[27]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\microsoft\windows media\wmsdk\general computername
obj[28]=MRU RegReference : S-1-5-21-4253786913-2071758419-1731425918-1005\software\winrar\dialogedithistory\extrpath

WIN32.SALITY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[16]=RegValue : system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list "c:\windows\explorer.exe"
obj[17]=Regkey : system\currentcontrolset\services\ndisfileservices32
obj[18]=RegValue : system\currentcontrolset\services\ndisfileservices32 "Start"
obj[19]=RegValue : system\currentcontrolset\services\ndisfileservices32 "ImagePath"
obj[20]=RegValue : system\currentcontrolset\services\ndisfileservices32 "ErrorControl"
obj[21]=RegValue : system\currentcontrolset\services\ndisfileservices32 "DisplayName"
obj[22]=Regkey : system\currentcontrolset\enum\root\legacy_ndisfileservices32
obj[23]=RegValue : system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list "c:\windows\explorer.exe"
obj[24]=Regkey : system\controlset001\services\ndisfileservices32
obj[25]=RegValue : system\controlset001\services\ndisfileservices32 "Start"
obj[26]=RegValue : system\controlset001\services\ndisfileservices32 "ImagePath"
obj[27]=RegValue : system\controlset001\services\ndisfileservices32 "ErrorControl"
obj[28]=RegValue : system\controlset001\services\ndisfileservices32 "DisplayName"
obj[29]=Regkey : system\controlset001\enum\root\legacy_ndisfileservices32
obj[30]=Process : C:\WINDOWS\system32\wmdrtc32.dll
obj[31]=Process : C:\WINDOWS\system32\wmdrtc32.dll
obj[32]=File : C:\WINDOWS\system32\wmdrtc32.dll
obj[34]=File : C:\WINDOWS\system32\drivers\fngjmg.sys

WIN32.HACKTOOL.TOOLEVID
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[33]=File : C:\WINDOWS\system32\winresponse32.exe

I then proceeded to open !Killbox and put C:\WINDOWS\system32\wmdrtc32.dll as well as C:\WINDOWS\system32\wmdrtc32.dl_ as the kill on reboot. Everything went successfully. I don't notice any problems except I can't access virusscan.jotti. Can you please help me? I also noticed that I have a QooBox folder in my C:\ drive but it is empty. I know it to be a variant of a trojan, or am I wrong?

And on a side note, I'm sorry for having different topics. I have 3 computers and 3 children, as well as 1 father that do not know how to use a computer yet they use it for several hours a day every day.

Thank you for your help.

I can attach the comboscan report + the file I opened if you would like.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:30 PM, on 03/04/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
D:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\windnifjm.exe
C:\WINDOWS\TEMP\wininvuve.exe
C:\WINDOWS\TEMP\winqbrn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\TEMP\windnifjm.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Kremlin Sentry.lnk = D:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.co...er/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185849481843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185849458718
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6429 bytes
  • 0

Advertisements

#2
sarahw
Posted 09 March 2008 - 07:56 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)
  • 0

#3
sarahw
Posted 09 March 2008 - 07:56 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Download ComboFix from Here, Here, or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#4
Famoustar
Posted 12 March 2008 - 05:47 PM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Admin - 08-03-11 22:41:01.45 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Admin\Desktop\Spyware Stuff

((((((((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))


2008-03-11 19:04 548,864 --a------ C:\WINDOWS\system32\winffc7.dll
2008-03-11 19:04 548,864 --a------ C:\WINDOWS\system32\win1236.dll
2008-03-11 19:04 49,664 --a------ C:\WINDOWS\system32\e4edb6.dll
2008-03-11 15:07 548,864 --a------ C:\WINDOWS\system32\wina4c6.dll
2008-03-11 15:07 548,864 --a------ C:\WINDOWS\system32\win9b02.dll
2008-03-11 15:07 49,664 --a------ C:\WINDOWS\system32\b91bb.dll
2008-03-10 19:10 548,864 --a------ C:\WINDOWS\system32\win7239.dll
2008-03-10 19:10 548,864 --a------ C:\WINDOWS\system32\win6911.dll
2008-03-10 19:10 49,664 --a------ C:\WINDOWS\system32\db5fca.dll
2008-03-10 15:23 548,864 --a------ C:\WINDOWS\system32\win9b31.dll
2008-03-10 15:23 548,864 --a------ C:\WINDOWS\system32\win912e.dll
2008-03-10 15:23 49,664 --a------ C:\WINDOWS\system32\b8806.dll
2008-03-10 00:05 548,864 --a------ C:\WINDOWS\system32\win96f9.dll
2008-03-10 00:04 548,864 --a------ C:\WINDOWS\system32\win8834.dll
2008-03-10 00:04 49,664 --a------ C:\WINDOWS\system32\857d18.dll
2008-03-09 21:02 548,864 --a------ C:\WINDOWS\system32\win833c.dll
2008-03-09 21:02 548,864 --a------ C:\WINDOWS\system32\win79e6.dll
2008-03-09 21:02 49,664 --a------ C:\WINDOWS\system32\1ab70be.dll
2008-03-09 17:05 548,864 --a------ C:\WINDOWS\system32\win4335.dll
2008-03-09 17:04 548,864 --a------ C:\WINDOWS\system32\win39fe.dll
2008-03-09 17:04 49,664 --a------ C:\WINDOWS\system32\d230c6.dll
2008-03-09 13:18 548,864 --a------ C:\WINDOWS\system32\win7034.dll
2008-03-09 13:17 548,864 --a------ C:\WINDOWS\system32\win5a5b.dll
2008-03-09 13:17 49,664 --a------ C:\WINDOWS\system32\25181.dll
2008-03-09 01:02 548,864 --a------ C:\WINDOWS\system32\wind18e.dll
2008-03-09 01:02 548,864 --a------ C:\WINDOWS\system32\winc847.dll
2008-03-09 01:02 49,664 --a------ C:\WINDOWS\system32\2e3bf1f.dll
2008-03-08 23:08 548,864 --a------ C:\WINDOWS\system32\win2317.dll
2008-03-08 23:08 548,864 --a------ C:\WINDOWS\system32\win19ff.dll
2008-03-08 23:08 49,664 --a------ C:\WINDOWS\system32\27b10e7.dll
2008-03-08 19:11 548,864 --a------ C:\WINDOWS\system32\winf408.dll
2008-03-08 19:11 548,864 --a------ C:\WINDOWS\system32\wineb4e.dll
2008-03-08 19:11 49,664 --a------ C:\WINDOWS\system32\1a1e1e7.dll
2008-03-08 15:03 548,864 --a------ C:\WINDOWS\system32\win65cd.dll
2008-03-08 15:03 548,864 --a------ C:\WINDOWS\system32\win54f5.dll
2008-03-08 15:03 49,664 --a------ C:\WINDOWS\system32\bf494c.dll
2008-03-08 11:47 548,864 --a------ C:\WINDOWS\system32\wina022.dll
2008-03-08 11:47 548,864 --a------ C:\WINDOWS\system32\win96ac.dll
2008-03-08 11:47 49,664 --a------ C:\WINDOWS\system32\b8d46.dll
2008-03-07 20:05 548,864 --a------ C:\WINDOWS\system32\win7390.dll
2008-03-07 20:05 548,864 --a------ C:\WINDOWS\system32\win6a3a.dll
2008-03-07 20:05 49,664 --a------ C:\WINDOWS\system32\db6102.dll
2008-03-07 16:07 548,864 --a------ C:\WINDOWS\system32\win3c92.dll
2008-03-07 16:07 548,864 --a------ C:\WINDOWS\system32\win307c.dll
2008-03-07 16:07 49,664 --a------ C:\WINDOWS\system32\226f6.dll
2008-03-06 21:10 548,864 --a------ C:\WINDOWS\system32\winfd14.dll
2008-03-06 21:10 548,864 --a------ C:\WINDOWS\system32\win61d.dll
2008-03-06 21:10 49,664 --a------ C:\WINDOWS\system32\d1f43a.dll
2008-03-06 17:33 548,864 --a------ C:\WINDOWS\system32\win910f.dll
2008-03-06 17:33 548,864 --a------ C:\WINDOWS\system32\win86be.dll
2008-03-06 17:33 49,664 --a------ C:\WINDOWS\system32\b7d77.dll
2008-03-06 00:06 548,864 --a------ C:\WINDOWS\system32\win4d71.dll
2008-03-06 00:06 548,864 --a------ C:\WINDOWS\system32\win4459.dll
2008-03-06 00:06 49,664 --a------ C:\WINDOWS\system32\1392f4b.dll
2008-03-05 20:09 548,864 --a------ C:\WINDOWS\system32\wineddc.dll
2008-03-05 20:09 548,864 --a------ C:\WINDOWS\system32\wine33d.dll
2008-03-05 20:09 49,664 --a------ C:\WINDOWS\system32\5fd776.dll
2008-03-05 16:00 548,864 --a------ C:\WINDOWS\system32\win61cd.dll
2008-03-05 16:00 548,864 --a------ C:\WINDOWS\system32\win57da.dll
2008-03-05 15:59 49,664 --a------ C:\WINDOWS\system32\24de7.dll
2008-03-05 03:44 548,864 --a------ C:\WINDOWS\system32\winff02.dll
2008-03-05 03:44 548,864 --a------ C:\WINDOWS\system32\winf56d.dll
2008-03-05 03:44 49,664 --a------ C:\WINDOWS\system32\17aebd8.dll
2008-03-04 23:23 306 --a------ C:\WINDOWS\system32\8c362a.exe
2008-03-04 23:00 28,160 --a------ C:\WINDOWS\system32\7692bc.exe
2008-03-04 22:13 28,160 --a------ C:\WINDOWS\system32\4bbece.exe
2008-03-04 21:50 28,160 --a------ C:\WINDOWS\system32\367d18.exe
2008-03-04 21:26 306 --a------ C:\WINDOWS\system32\2139ad.exe
2008-03-04 21:03 548,864 --a------ C:\WINDOWS\system32\wincc53.dll
2008-03-04 21:03 548,864 --a------ C:\WINDOWS\system32\winc2dd.dll
2008-03-04 21:03 49,664 --a------ C:\WINDOWS\system32\bb948.dll
2008-03-04 20:51 40,960 --a------ C:\WINDOWS\system32\wmdrtc32.dll
2008-03-03 23:29 548,864 --a------ C:\WINDOWS\system32\win3b81.dll
2008-03-03 23:29 548,864 --a------ C:\WINDOWS\system32\win3353.dll
2008-03-03 23:29 49,664 --a------ C:\WINDOWS\system32\6c9278c.dll
2008-03-03 23:29 20,992 --a------ C:\WINDOWS\system32\6c9975d.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-03-11 22:41 5477 --a------ C:\WINDOWS\system32\drivers\fngjmg.sys
2008-03-11 22:38 -------- d-------- C:\Program Files\Mozilla Firefox
2008-03-11 15:10 -------- d-------- C:\Documents and Settings\Admin\Application Data\Vidalia
2008-03-11 15:10 -------- d-------- C:\Documents and Settings\Admin\Application Data\tor
2008-03-09 01:46 -------- d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-03-06 22:50 -------- d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-03-06 22:50 -------- d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-04 21:10 -------- d-------- C:\Program Files\Trend Micro
2008-03-03 23:29 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-02-27 22:25 -------- d-------- C:\Program Files\Common Files\INCA Shared
2008-02-27 22:25 -------- d-------- C:\Program Files\Common Files
2008-02-27 22:20 -------- d-------- C:\Program Files\Xentare
2008-02-04 17:24 -------- d-------- C:\Program Files\Veoh Networks
2008-01-25 23:31 -------- d-------- C:\Program Files\DivX
2008-01-04 14:59 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 14:58 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 14:58 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 14:58 129784 --------- C:\WINDOWS\system32\pxafs.dll
2008-01-04 14:58 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 14:58 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 14:58 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 14:57 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 14:57 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 14:57 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-01-04 14:57 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 14:57 682496 --a------ C:\WINDOWS\system32\DivX.dll
2008-01-04 14:57 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 14:57 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2008-01-04 14:57 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 14:57 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2008-01-04 14:57 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2008-01-04 14:57 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2008-01-04 14:57 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-01-04 14:56 156992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 14:56 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-15 07:48 90112 --a------ C:\WINDOWS\system32\XCoreLib.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"Vidalia"="\"D:\\Program Files\\Vidalia Bundle\\Vidalia\\vidalia.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,e0,02,00,00,91,00,00,00,c5,00,00,00,7f,00,00,00,fe,\
ff,ff,3f,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e0,02,00,00,91,00,00,00,c5,00,00,00,7f,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,af,01,a8,9a,83,7c,40,9a,80,7c,ff,ff,ff,ff,36,9a,\
80,7c,36,9a,80,7c

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"D:\\Program Files\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\eFax 4.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="J2GDllCmd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\eFax Messenger 4.1\\J2GDllCmd.exe\" /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1188353953.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

Completion time: 03/11/08 22:42:05.43
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:00 PM, on 03/12/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\TEMP\winpove.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\TEMP\winxhwgef.exe
C:\WINDOWS\TEMP\winaiicl.exe
C:\WINDOWS\TEMP\wintwvjx.exe
C:\WINDOWS\TEMP\winhghdl.exe
C:\WINDOWS\TEMP\winbvdj.exe
C:\WINDOWS\system32\367e080.exe
C:\WINDOWS\TEMP\winwegt.exe
C:\WINDOWS\TEMP\winetdnk.exe
C:\WINDOWS\TEMP\winukhhb.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\TEMP\winxhwgef.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Kremlin Sentry.lnk = D:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.co...er/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185849481843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185849458718
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7034 bytes
  • 0

#5
sarahw
Posted 12 March 2008 - 08:46 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#6
Famoustar
Posted 16 March 2008 - 01:54 PM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
It is not allowing me to go onto that website

I have full access, I am the administrator
  • 0

#7
sarahw
Posted 16 March 2008 - 02:17 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Whats not allowing you?
Whats the error you get?
  • 0

#8
Famoustar
Posted 23 March 2008 - 12:09 AM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

It is not allowing me to go onto that website

I have full access, I am the administrator


I get a "This page cannot be loaded"

I haven't tried recently and I can't get on it now though to see if it went away

It was also doing this for virusscan.jotti
  • 0

#9
sarahw
Posted 01 April 2008 - 04:10 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Message sent Via PM
Requested URL
  • 0

#10
sarahw
Posted 01 April 2008 - 04:10 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

#11
sarahw
Posted 02 April 2008 - 09:55 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
User returned :)
  • 0

#12
Famoustar
Posted 03 April 2008 - 08:23 PM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Further instructions please? :)
  • 0

#13
sarahw
Posted 03 April 2008 - 09:56 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

  • 0

#14
Famoustar
Posted 07 April 2008 - 12:15 AM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I'm downloading it now, just thought I'd say that I'll post back tomorrow so it doesn't get closed

Edit: I was scanning through and my computer randomly reset

On reboot it said one of the virus processes failed to initialize so I terminated it

I cannot get the logfile of it unless it was auto-saved

However, I am using peergaurdian now and it works fine without resets

Edited by Famoustar, 07 April 2008 - 12:31 AM.

  • 0

#15
Famoustar
Posted 07 April 2008 - 04:05 PM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Do forms of Dr Web automatically save?

My brother had to print directions and didn't know what I was doing on the computer, he saw infected; should delete, ect and said yes. Then apparently it said it needed to reboot
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP