Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problems installing antivirus software [RESOLVED]

Started by collinsdayle , Mar 14 2008 11:27 AM

  • This topic is locked This topic is locked

#1
collinsdayle
Posted 14 March 2008 - 11:27 AM

collinsdayle

    Member

  • Member
  • PipPip
  • 15 posts
Hi,

I've been using McAfee quite happily for some time. However, the other day a little red X icon appeared in the system tray and told me that I was no longer protected. I opened the software and it advised me to click a big button called "Fix". It then said that McAfee could not be fixed due to some errors. It advsed me to restart the computer, I did, but it didn't make any difference. So I uninstalled McAfee and tried to re-install it and now it won't install any of the components. I fear my computer has caught something nasty!

I've run various online scanners, for example, the BitDefender scanner told me I had various malware including Trojan.KillAV which sounded quite bad.

Can you help?

Thanks,

Dayle
  • 0

Advertisements

#2
kahdah
Posted 14 March 2008 - 06:40 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello collinsdayle

Welcome to G2Go. :)
=====================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
collinsdayle
Posted 15 March 2008 - 02:39 AM

collinsdayle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,

I downloaded HJTSetup.exe and installed it as requested. Unfortunately, when I try to run the HiJackThis.exe application from the shortcuts it creates on the desktop and in my start menu I get an error saying this "is this not a valid Win32 application". If I try to run HiJackThis.exe directly from the folder "c:\Program Files\Trend Micro\HiJack This\" it just hangs the file explorer.

Thanks,

Dayle
  • 0

#4
kahdah
Posted 15 March 2008 - 06:55 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Okay you have a very nasty infection called Bagle.
It will corrupt most antivirus and security software.
So please do the following:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#5
collinsdayle
Posted 16 March 2008 - 12:21 PM

collinsdayle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,

Ok, after about 24 hours of my computer sounding like it is going to take off, ComboFix finally finished. I've attached the ComboFix.txt log file below. Also, the HiJackThis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:57, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quidco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {D78ED111-04CC-4062-BECE-3A1CF9A248CD} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.ofoto.co.uk
O15 - Trusted Zone: http://www.thetrainline.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - https://extraweb-eme...aweb/iNotes.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-eme...05/iNotes6W.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {61CE1CA1-6577-49B6-AE2C-43007A942429} - https://webcast.acce...WebcastInfo.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132256974015
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://www.virtualp...g.com/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddcbyab - ddcbyab.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Program Files\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\Program Files\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 10093 bytes

Attached Files


  • 0

#6
collinsdayle
Posted 16 March 2008 - 12:22 PM

collinsdayle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Note: When I clicked on the ComboFix.txt attachment all the formatting had gone so I've pasted the content below:

ComboFix 08-03-14.4 - Dayle Collins 2008-03-15 13:25:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.668 [GMT 0:00]
Running from: C:\Documents and Settings\Dayle Collins\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Program Files\SecCenter
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\10013359.exe
C:\WINDOWS\system32\drivers\down\10017187.exe
C:\WINDOWS\system32\drivers\down\104062.exe
C:\WINDOWS\system32\drivers\down\104468.exe
C:\WINDOWS\system32\drivers\down\107843.exe
C:\WINDOWS\system32\drivers\down\109562.exe
C:\WINDOWS\system32\drivers\down\110140.exe
C:\WINDOWS\system32\drivers\down\110656.exe
C:\WINDOWS\system32\drivers\down\111703.exe
C:\WINDOWS\system32\drivers\down\112906.exe
C:\WINDOWS\system32\drivers\down\116640.exe
C:\WINDOWS\system32\drivers\down\117093.exe
C:\WINDOWS\system32\drivers\down\118718.exe
C:\WINDOWS\system32\drivers\down\119546.exe
C:\WINDOWS\system32\drivers\down\122281.exe
C:\WINDOWS\system32\drivers\down\122984.exe
C:\WINDOWS\system32\drivers\down\123437.exe
C:\WINDOWS\system32\drivers\down\123625.exe
C:\WINDOWS\system32\drivers\down\123781.exe
C:\WINDOWS\system32\drivers\down\123890.exe
C:\WINDOWS\system32\drivers\down\126125.exe
C:\WINDOWS\system32\drivers\down\129171.exe
C:\WINDOWS\system32\drivers\down\130031.exe
C:\WINDOWS\system32\drivers\down\130171.exe
C:\WINDOWS\system32\drivers\down\131750.exe
C:\WINDOWS\system32\drivers\down\133375.exe
C:\WINDOWS\system32\drivers\down\133500.exe
C:\WINDOWS\system32\drivers\down\137156.exe
C:\WINDOWS\system32\drivers\down\138125.exe
C:\WINDOWS\system32\drivers\down\139187.exe
C:\WINDOWS\system32\drivers\down\140953.exe
C:\WINDOWS\system32\drivers\down\141812.exe
C:\WINDOWS\system32\drivers\down\144078.exe
C:\WINDOWS\system32\drivers\down\144140.exe
C:\WINDOWS\system32\drivers\down\14586031.exe
C:\WINDOWS\system32\drivers\down\14586281.exe
C:\WINDOWS\system32\drivers\down\14598750.exe
C:\WINDOWS\system32\drivers\down\14600234.exe
C:\WINDOWS\system32\drivers\down\14602015.exe
C:\WINDOWS\system32\drivers\down\14604328.exe
C:\WINDOWS\system32\drivers\down\14607546.exe
C:\WINDOWS\system32\drivers\down\14608234.exe
C:\WINDOWS\system32\drivers\down\14616812.exe
C:\WINDOWS\system32\drivers\down\14621453.exe
C:\WINDOWS\system32\drivers\down\14622687.exe
C:\WINDOWS\system32\drivers\down\14624625.exe
C:\WINDOWS\system32\drivers\down\14629859.exe
C:\WINDOWS\system32\drivers\down\14635218.exe
C:\WINDOWS\system32\drivers\down\14635890.exe
C:\WINDOWS\system32\drivers\down\14636062.exe
C:\WINDOWS\system32\drivers\down\14637515.exe
C:\WINDOWS\system32\drivers\down\14667203.exe
C:\WINDOWS\system32\drivers\down\14669062.exe
C:\WINDOWS\system32\drivers\down\14740656.exe
C:\WINDOWS\system32\drivers\down\14743656.exe
C:\WINDOWS\system32\drivers\down\14750890.exe
C:\WINDOWS\system32\drivers\down\14771546.exe
C:\WINDOWS\system32\drivers\down\14780187.exe
C:\WINDOWS\system32\drivers\down\14781984.exe
C:\WINDOWS\system32\drivers\down\14784453.exe
C:\WINDOWS\system32\drivers\down\14795000.exe
C:\WINDOWS\system32\drivers\down\14798718.exe
C:\WINDOWS\system32\drivers\down\14799890.exe
C:\WINDOWS\system32\drivers\down\14800281.exe
C:\WINDOWS\system32\drivers\down\14803140.exe
C:\WINDOWS\system32\drivers\down\148156.exe
C:\WINDOWS\system32\drivers\down\14832093.exe
C:\WINDOWS\system32\drivers\down\14833812.exe
C:\WINDOWS\system32\drivers\down\148671.exe
C:\WINDOWS\system32\drivers\down\149328.exe
C:\WINDOWS\system32\drivers\down\151390.exe
C:\WINDOWS\system32\drivers\down\157218.exe
C:\WINDOWS\system32\drivers\down\158796.exe
C:\WINDOWS\system32\drivers\down\171171.exe
C:\WINDOWS\system32\drivers\down\172875.exe
C:\WINDOWS\system32\drivers\down\177296.exe
C:\WINDOWS\system32\drivers\down\178546.exe
C:\WINDOWS\system32\drivers\down\180187.exe
C:\WINDOWS\system32\drivers\down\183843.exe
C:\WINDOWS\system32\drivers\down\195468.exe
C:\WINDOWS\system32\drivers\down\196109.exe
C:\WINDOWS\system32\drivers\down\200859.exe
C:\WINDOWS\system32\drivers\down\201750.exe
C:\WINDOWS\system32\drivers\down\204968.exe
C:\WINDOWS\system32\drivers\down\211578.exe
C:\WINDOWS\system32\drivers\down\222000.exe
C:\WINDOWS\system32\drivers\down\222750.exe
C:\WINDOWS\system32\drivers\down\223468.exe
C:\WINDOWS\system32\drivers\down\228765.exe
C:\WINDOWS\system32\drivers\down\230140.exe
C:\WINDOWS\system32\drivers\down\230609.exe
C:\WINDOWS\system32\drivers\down\23186562.exe
C:\WINDOWS\system32\drivers\down\23187171.exe
C:\WINDOWS\system32\drivers\down\23196062.exe
C:\WINDOWS\system32\drivers\down\23198171.exe
C:\WINDOWS\system32\drivers\down\23202890.exe
C:\WINDOWS\system32\drivers\down\23223109.exe
C:\WINDOWS\system32\drivers\down\23229015.exe
C:\WINDOWS\system32\drivers\down\23230703.exe
C:\WINDOWS\system32\drivers\down\23234281.exe
C:\WINDOWS\system32\drivers\down\23243187.exe
C:\WINDOWS\system32\drivers\down\23246765.exe
C:\WINDOWS\system32\drivers\down\23247406.exe
C:\WINDOWS\system32\drivers\down\23247812.exe
C:\WINDOWS\system32\drivers\down\23252468.exe
C:\WINDOWS\system32\drivers\down\23284093.exe
C:\WINDOWS\system32\drivers\down\23285828.exe
C:\WINDOWS\system32\drivers\down\235828.exe
C:\WINDOWS\system32\drivers\down\241750.exe
C:\WINDOWS\system32\drivers\down\24426890.exe
C:\WINDOWS\system32\drivers\down\24427359.exe
C:\WINDOWS\system32\drivers\down\24445250.exe
C:\WINDOWS\system32\drivers\down\24446109.exe
C:\WINDOWS\system32\drivers\down\24449531.exe
C:\WINDOWS\system32\drivers\down\24451921.exe
C:\WINDOWS\system32\drivers\down\24481296.exe
C:\WINDOWS\system32\drivers\down\244890.exe
C:\WINDOWS\system32\drivers\down\24490312.exe
C:\WINDOWS\system32\drivers\down\24494531.exe
C:\WINDOWS\system32\drivers\down\24496953.exe
C:\WINDOWS\system32\drivers\down\24502390.exe
C:\WINDOWS\system32\drivers\down\24511468.exe
C:\WINDOWS\system32\drivers\down\24514500.exe
C:\WINDOWS\system32\drivers\down\24515687.exe
C:\WINDOWS\system32\drivers\down\24515859.exe
C:\WINDOWS\system32\drivers\down\24520703.exe
C:\WINDOWS\system32\drivers\down\24555750.exe
C:\WINDOWS\system32\drivers\down\24561281.exe
C:\WINDOWS\system32\drivers\down\248171.exe
C:\WINDOWS\system32\drivers\down\249828.exe
C:\WINDOWS\system32\drivers\down\250218.exe
C:\WINDOWS\system32\drivers\down\253468.exe
C:\WINDOWS\system32\drivers\down\259750.exe
C:\WINDOWS\system32\drivers\down\275906.exe
C:\WINDOWS\system32\drivers\down\281156.exe
C:\WINDOWS\system32\drivers\down\282921.exe
C:\WINDOWS\system32\drivers\down\29074921.exe
C:\WINDOWS\system32\drivers\down\29076281.exe
C:\WINDOWS\system32\drivers\down\29077453.exe
C:\WINDOWS\system32\drivers\down\29081406.exe
C:\WINDOWS\system32\drivers\down\29096281.exe
C:\WINDOWS\system32\drivers\down\29103078.exe
C:\WINDOWS\system32\drivers\down\29104359.exe
C:\WINDOWS\system32\drivers\down\29107578.exe
C:\WINDOWS\system32\drivers\down\29113718.exe
C:\WINDOWS\system32\drivers\down\29116468.exe
C:\WINDOWS\system32\drivers\down\29117312.exe
C:\WINDOWS\system32\drivers\down\29117484.exe
C:\WINDOWS\system32\drivers\down\29119140.exe
C:\WINDOWS\system32\drivers\down\29151031.exe
C:\WINDOWS\system32\drivers\down\29153375.exe
C:\WINDOWS\system32\drivers\down\291875.exe
C:\WINDOWS\system32\drivers\down\29241187.exe
C:\WINDOWS\system32\drivers\down\29241859.exe
C:\WINDOWS\system32\drivers\down\29246796.exe
C:\WINDOWS\system32\drivers\down\29248390.exe
C:\WINDOWS\system32\drivers\down\29250781.exe
C:\WINDOWS\system32\drivers\down\29263265.exe
C:\WINDOWS\system32\drivers\down\29275796.exe
C:\WINDOWS\system32\drivers\down\29283250.exe
C:\WINDOWS\system32\drivers\down\29284984.exe
C:\WINDOWS\system32\drivers\down\29286796.exe
C:\WINDOWS\system32\drivers\down\29315609.exe
C:\WINDOWS\system32\drivers\down\29318718.exe
C:\WINDOWS\system32\drivers\down\29322203.exe
C:\WINDOWS\system32\drivers\down\29326156.exe
C:\WINDOWS\system32\drivers\down\29331734.exe
C:\WINDOWS\system32\drivers\down\29359734.exe
C:\WINDOWS\system32\drivers\down\29361953.exe
C:\WINDOWS\system32\drivers\down\293625.exe
C:\WINDOWS\system32\drivers\down\298984.exe
C:\WINDOWS\system32\drivers\down\312500.exe
C:\WINDOWS\system32\drivers\down\315468.exe
C:\WINDOWS\system32\drivers\down\322343.exe
C:\WINDOWS\system32\drivers\down\331828.exe
C:\WINDOWS\system32\drivers\down\371046.exe
C:\WINDOWS\system32\drivers\down\371671.exe
C:\WINDOWS\system32\drivers\down\376046.exe
C:\WINDOWS\system32\drivers\down\378437.exe
C:\WINDOWS\system32\drivers\down\381921.exe
C:\WINDOWS\system32\drivers\down\39003687.exe
C:\WINDOWS\system32\drivers\down\39004109.exe
C:\WINDOWS\system32\drivers\down\39022281.exe
C:\WINDOWS\system32\drivers\down\39023890.exe
C:\WINDOWS\system32\drivers\down\39050750.exe
C:\WINDOWS\system32\drivers\down\39083703.exe
C:\WINDOWS\system32\drivers\down\39096578.exe
C:\WINDOWS\system32\drivers\down\39099656.exe
C:\WINDOWS\system32\drivers\down\39102390.exe
C:\WINDOWS\system32\drivers\down\39106296.exe
C:\WINDOWS\system32\drivers\down\39110656.exe
C:\WINDOWS\system32\drivers\down\39115406.exe
C:\WINDOWS\system32\drivers\down\39116187.exe
C:\WINDOWS\system32\drivers\down\39116546.exe
C:\WINDOWS\system32\drivers\down\39126031.exe
C:\WINDOWS\system32\drivers\down\39167468.exe
C:\WINDOWS\system32\drivers\down\39171078.exe
C:\WINDOWS\system32\drivers\down\391828.exe
C:\WINDOWS\system32\drivers\down\398984.exe
C:\WINDOWS\system32\drivers\down\400421.exe
C:\WINDOWS\system32\drivers\down\401828.exe
C:\WINDOWS\system32\drivers\down\407359.exe
C:\WINDOWS\system32\drivers\down\415296.exe
C:\WINDOWS\system32\drivers\down\418453.exe
C:\WINDOWS\system32\drivers\down\425109.exe
C:\WINDOWS\system32\drivers\down\426609.exe
C:\WINDOWS\system32\drivers\down\427343.exe
C:\WINDOWS\system32\drivers\down\428015.exe
C:\WINDOWS\system32\drivers\down\437515.exe
C:\WINDOWS\system32\drivers\down\43788156.exe
C:\WINDOWS\system32\drivers\down\43788484.exe
C:\WINDOWS\system32\drivers\down\43794609.exe
C:\WINDOWS\system32\drivers\down\43794750.exe
C:\WINDOWS\system32\drivers\down\43796171.exe
C:\WINDOWS\system32\drivers\down\43797984.exe
C:\WINDOWS\system32\drivers\down\43800328.exe
C:\WINDOWS\system32\drivers\down\43818968.exe
C:\WINDOWS\system32\drivers\down\43825468.exe
C:\WINDOWS\system32\drivers\down\43826765.exe
C:\WINDOWS\system32\drivers\down\43828328.exe
C:\WINDOWS\system32\drivers\down\43833375.exe
C:\WINDOWS\system32\drivers\down\43838562.exe
C:\WINDOWS\system32\drivers\down\43841921.exe
C:\WINDOWS\system32\drivers\down\43843156.exe
C:\WINDOWS\system32\drivers\down\43844593.exe
C:\WINDOWS\system32\drivers\down\43870156.exe
C:\WINDOWS\system32\drivers\down\43871828.exe
C:\WINDOWS\system32\drivers\down\445078.exe
C:\WINDOWS\system32\drivers\down\452484.exe
C:\WINDOWS\system32\drivers\down\457546.exe
C:\WINDOWS\system32\drivers\down\467718.exe
C:\WINDOWS\system32\drivers\down\487218.exe
C:\WINDOWS\system32\drivers\down\491515.exe
C:\WINDOWS\system32\drivers\down\493656.exe
C:\WINDOWS\system32\drivers\down\496015.exe
C:\WINDOWS\system32\drivers\down\506359.exe
C:\WINDOWS\system32\drivers\down\509859.exe
C:\WINDOWS\system32\drivers\down\512171.exe
C:\WINDOWS\system32\drivers\down\512531.exe
C:\WINDOWS\system32\drivers\down\516546.exe
C:\WINDOWS\system32\drivers\down\53578109.exe
C:\WINDOWS\system32\drivers\down\53580078.exe
C:\WINDOWS\system32\drivers\down\53583671.exe
C:\WINDOWS\system32\drivers\down\53598156.exe
C:\WINDOWS\system32\drivers\down\53639578.exe
C:\WINDOWS\system32\drivers\down\53651046.exe
C:\WINDOWS\system32\drivers\down\53654343.exe
C:\WINDOWS\system32\drivers\down\53666875.exe
C:\WINDOWS\system32\drivers\down\53670937.exe
C:\WINDOWS\system32\drivers\down\53691109.exe
C:\WINDOWS\system32\drivers\down\53698156.exe
C:\WINDOWS\system32\drivers\down\53705296.exe
C:\WINDOWS\system32\drivers\down\53708859.exe
C:\WINDOWS\system32\drivers\down\53715890.exe
C:\WINDOWS\system32\drivers\down\53771265.exe
C:\WINDOWS\system32\drivers\down\53772828.exe
C:\WINDOWS\system32\drivers\down\549859.exe
C:\WINDOWS\system32\drivers\down\552781.exe
C:\WINDOWS\system32\drivers\down\56265.exe
C:\WINDOWS\system32\drivers\down\57515.exe
C:\WINDOWS\system32\drivers\down\57984.exe
C:\WINDOWS\system32\drivers\down\58203.exe
C:\WINDOWS\system32\drivers\down\58275859.exe
C:\WINDOWS\system32\drivers\down\58276156.exe
C:\WINDOWS\system32\drivers\down\58280531.exe
C:\WINDOWS\system32\drivers\down\58280625.exe
C:\WINDOWS\system32\drivers\down\58281578.exe
C:\WINDOWS\system32\drivers\down\58284906.exe
C:\WINDOWS\system32\drivers\down\58296609.exe
C:\WINDOWS\system32\drivers\down\58301671.exe
C:\WINDOWS\system32\drivers\down\58302890.exe
C:\WINDOWS\system32\drivers\down\58304671.exe
C:\WINDOWS\system32\drivers\down\58310953.exe
C:\WINDOWS\system32\drivers\down\58313656.exe
C:\WINDOWS\system32\drivers\down\58314359.exe
C:\WINDOWS\system32\drivers\down\58314593.exe
C:\WINDOWS\system32\drivers\down\58316062.exe
C:\WINDOWS\system32\drivers\down\58344515.exe
C:\WINDOWS\system32\drivers\down\58345640.exe
C:\WINDOWS\system32\drivers\down\58546.exe
C:\WINDOWS\system32\drivers\down\619093.exe
C:\WINDOWS\system32\drivers\down\619953.exe
C:\WINDOWS\system32\drivers\down\625312.exe
C:\WINDOWS\system32\drivers\down\627203.exe
C:\WINDOWS\system32\drivers\down\65281.exe
C:\WINDOWS\system32\drivers\down\655390.exe
C:\WINDOWS\system32\drivers\down\66343.exe
C:\WINDOWS\system32\drivers\down\665781.exe
C:\WINDOWS\system32\drivers\down\66843.exe
C:\WINDOWS\system32\drivers\down\671656.exe
C:\WINDOWS\system32\drivers\down\673359.exe
C:\WINDOWS\system32\drivers\down\67390.exe
C:\WINDOWS\system32\drivers\down\68178140.exe
C:\WINDOWS\system32\drivers\down\68181156.exe
C:\WINDOWS\system32\drivers\down\68243078.exe
C:\WINDOWS\system32\drivers\down\68243953.exe
C:\WINDOWS\system32\drivers\down\68269390.exe
C:\WINDOWS\system32\drivers\down\68283875.exe
C:\WINDOWS\system32\drivers\down\68293500.exe
C:\WINDOWS\system32\drivers\down\68295062.exe
C:\WINDOWS\system32\drivers\down\68299421.exe
C:\WINDOWS\system32\drivers\down\68303984.exe
C:\WINDOWS\system32\drivers\down\68312890.exe
C:\WINDOWS\system32\drivers\down\68339890.exe
C:\WINDOWS\system32\drivers\down\68340109.exe
C:\WINDOWS\system32\drivers\down\68341765.exe
C:\WINDOWS\system32\drivers\down\683968.exe
C:\WINDOWS\system32\drivers\down\68401625.exe
C:\WINDOWS\system32\drivers\down\68402828.exe
C:\WINDOWS\system32\drivers\down\694296.exe
C:\WINDOWS\system32\drivers\down\69515.exe
C:\WINDOWS\system32\drivers\down\697515.exe
C:\WINDOWS\system32\drivers\down\698468.exe
C:\WINDOWS\system32\drivers\down\698812.exe
C:\WINDOWS\system32\drivers\down\70125.exe
C:\WINDOWS\system32\drivers\down\701750.exe
C:\WINDOWS\system32\drivers\down\70781.exe
C:\WINDOWS\system32\drivers\down\753000.exe
C:\WINDOWS\system32\drivers\down\754718.exe
C:\WINDOWS\system32\drivers\down\76312.exe
C:\WINDOWS\system32\drivers\down\79000.exe
C:\WINDOWS\system32\drivers\down\80000.exe
C:\WINDOWS\system32\drivers\down\80500.exe
C:\WINDOWS\system32\drivers\down\81562.exe
C:\WINDOWS\system32\drivers\down\81765.exe
C:\WINDOWS\system32\drivers\down\82816812.exe
C:\WINDOWS\system32\drivers\down\82817156.exe
C:\WINDOWS\system32\drivers\down\82818343.exe
C:\WINDOWS\system32\drivers\down\82829125.exe
C:\WINDOWS\system32\drivers\down\82833218.exe
C:\WINDOWS\system32\drivers\down\82849437.exe
C:\WINDOWS\system32\drivers\down\82857625.exe
C:\WINDOWS\system32\drivers\down\82860437.exe
C:\WINDOWS\system32\drivers\down\82866671.exe
C:\WINDOWS\system32\drivers\down\82869328.exe
C:\WINDOWS\system32\drivers\down\82886109.exe
C:\WINDOWS\system32\drivers\down\82886671.exe
C:\WINDOWS\system32\drivers\down\82890796.exe
C:\WINDOWS\system32\drivers\down\82893140.exe
C:\WINDOWS\system32\drivers\down\82925234.exe
C:\WINDOWS\system32\drivers\down\82926453.exe
C:\WINDOWS\system32\drivers\down\84906.exe
C:\WINDOWS\system32\drivers\down\86671.exe
C:\WINDOWS\system32\drivers\down\87031.exe
C:\WINDOWS\system32\drivers\down\87687.exe
C:\WINDOWS\system32\drivers\down\895062.exe
C:\WINDOWS\system32\drivers\down\91359.exe
C:\WINDOWS\system32\drivers\down\91593.exe
C:\WINDOWS\system32\drivers\down\923359.exe
C:\WINDOWS\system32\drivers\down\925500.exe
C:\WINDOWS\system32\drivers\down\9922453.exe
C:\WINDOWS\system32\drivers\down\9924312.exe
C:\WINDOWS\system32\drivers\down\9926546.exe
C:\WINDOWS\system32\drivers\down\9940218.exe
C:\WINDOWS\system32\drivers\down\9954703.exe
C:\WINDOWS\system32\drivers\down\9961390.exe
C:\WINDOWS\system32\drivers\down\9963171.exe
C:\WINDOWS\system32\drivers\down\9965515.exe
C:\WINDOWS\system32\drivers\down\9967125.exe
C:\WINDOWS\system32\drivers\down\9972125.exe
C:\WINDOWS\system32\drivers\down\9974937.exe
C:\WINDOWS\system32\drivers\down\9975453.exe
C:\WINDOWS\system32\drivers\down\9975921.exe
C:\WINDOWS\system32\drivers\down\9978687.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\Tasks.\ISP signup reminder 1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\IntelC52


((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-15 08:27 . 2008-03-15 08:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 14:48 . 2008-03-14 16:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-14 14:46 . 2008-03-14 14:46 <DIR> d-------- C:\Program Files\AirScanner AV For SmartPhones
2008-03-14 07:51 . 2008-03-14 07:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-06 19:41 . 2008-03-14 17:23 <DIR> d-------- C:\Program Files\SlimBrowser
2008-03-06 19:41 . 2008-03-15 09:21 <DIR> d-------- C:\Documents and Settings\Dayle Collins\Application Data\SlimBrowser
2008-02-23 17:25 . 2008-02-23 17:25 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 17:44 --------- d-----w C:\Documents and Settings\Dayle Collins\Application Data\Skype
2008-03-16 17:09 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-13 03:56 --------- d-----w C:\Program Files\eMule
2008-02-23 17:26 --------- d-----w C:\Program Files\iTunes
2008-02-11 18:59 --------- d-----w C:\Program Files\QuickTime
2008-01-26 09:16 --------- d-----w C:\Documents and Settings\Dayle Collins\Application Data\Apple Computer
2008-01-26 09:15 --------- d-----w C:\Program Files\Apple Software Update
2006-03-15 18:32 74,272 ----a-w C:\Documents and Settings\Dayle Collins\Application Data\GDIPFONTCACHEV1.DAT
2006-08-25 15:45 617,472 --sha-w C:\WINDOWS\SYSTEM32\comctl32.dll
2005-11-29 14:36 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2007-09-16 08:49 1,336,718 --sh--w C:\WINDOWS\SYSTEM32\rtstv.bak1
2007-09-20 17:46 1,309,408 --sh--w C:\WINDOWS\SYSTEM32\rtstv.bak2
2007-09-20 18:48 1,310,431 --sh--w C:\WINDOWS\SYSTEM32\rtstv.ini2
2004-08-04 07:56 30,749 --sha-w C:\WINDOWS\SYSTEM32\vbajet32.dll
2007-08-31 22:33 15,509,792 --sha-w C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-08-31 22:33 762,144 --sha-w C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D78ED111-04CC-4062-BECE-3A1CF9A248CD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-03 12:46 4800512]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-25 01:04 122939]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12 488984]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 01:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-31 22:16 9216 C:\WINDOWS\SYSTEM32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyab]
ddcbyab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 11:23]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 07:01]
S3 wampapache;wampapache;"c:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice []
S3 wampmysqld;wampmysqld;"c:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=c:\Program Files\wamp\mysql\my.ini" wampmysqld []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 09:15:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-01 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-12 08:40:29 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-09 21:09:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-09-01 20:13:13 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 17:44:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-03-16 17:51:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 17:51:42
.
2008-03-12 19:02:00 --- E O F ---
  • 0

#7
kahdah
Posted 16 March 2008 - 12:28 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\drivers\srosa.sys 
C:\WINDOWS\SYSTEM32\rtstv.bak1
C:\WINDOWS\SYSTEM32\rtstv.bak2
C:\WINDOWS\SYSTEM32\rtstv.ini2
Driver::
srosa
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyab]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
collinsdayle
Posted 16 March 2008 - 01:53 PM

collinsdayle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OK, here is the new ComboFix.txt log:

ComboFix 08-03-14.4 - Dayle Collins 2008-03-16 19:23:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.659 [GMT 0:00]
Running from: C:\Documents and Settings\Dayle Collins\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Dayle Collins\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\SYSTEM32\rtstv.bak1
C:\WINDOWS\SYSTEM32\rtstv.bak2
C:\WINDOWS\SYSTEM32\rtstv.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\rtstv.bak1
C:\WINDOWS\SYSTEM32\rtstv.bak2
C:\WINDOWS\SYSTEM32\rtstv.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\srosa


((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-15 08:27 . 2008-03-15 08:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 14:48 . 2008-03-14 16:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-14 14:46 . 2008-03-14 14:46 <DIR> d-------- C:\Program Files\AirScanner AV For SmartPhones
2008-03-14 07:51 . 2008-03-14 07:51 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-06 19:41 . 2008-03-14 17:23 <DIR> d-------- C:\Program Files\SlimBrowser
2008-03-06 19:41 . 2008-03-15 09:21 <DIR> d-------- C:\Documents and Settings\Dayle Collins\Application Data\SlimBrowser
2008-02-23 17:25 . 2008-02-23 17:25 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 19:27 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-16 18:50 --------- d-----w C:\Documents and Settings\Dayle Collins\Application Data\Skype
2008-03-13 03:56 --------- d-----w C:\Program Files\eMule
2008-02-23 17:26 --------- d-----w C:\Program Files\iTunes
2008-02-11 18:59 --------- d-----w C:\Program Files\QuickTime
2008-01-26 09:16 --------- d-----w C:\Documents and Settings\Dayle Collins\Application Data\Apple Computer
2008-01-26 09:15 --------- d-----w C:\Program Files\Apple Software Update
2006-03-15 18:32 74,272 ----a-w C:\Documents and Settings\Dayle Collins\Application Data\GDIPFONTCACHEV1.DAT
2006-08-25 15:45 617,472 --sha-w C:\WINDOWS\SYSTEM32\comctl32.dll
2005-11-29 14:36 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2004-08-04 07:56 30,749 --sha-w C:\WINDOWS\SYSTEM32\vbajet32.dll
2007-08-31 22:33 15,509,792 --sha-w C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-08-31 22:33 762,144 --sha-w C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D78ED111-04CC-4062-BECE-3A1CF9A248CD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 12:34 25263144]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-03 12:46 4800512]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-25 01:04 122939]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12 488984]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 01:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-31 22:16 9216 C:\WINDOWS\SYSTEM32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 11:23]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 07:01]
S3 wampapache;wampapache;"c:\Program Files\wamp\apache2\bin\Apache.exe" -k runservice []
S3 wampmysqld;wampmysqld;"c:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=c:\Program Files\wamp\mysql\my.ini" wampmysqld []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 09:15:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-01 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-12 08:40:29 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-09 21:09:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-09-01 20:13:13 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 19:44:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-03-16 19:47:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 19:47:09
ComboFix2.txt 2008-03-16 17:51:46
.
2008-03-12 19:02:00 --- E O F ---
  • 0

#9
collinsdayle
Posted 16 March 2008 - 01:54 PM

collinsdayle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
And here is the new HiJackThis.log log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:23, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quidco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {D78ED111-04CC-4062-BECE-3A1CF9A248CD} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.ofoto.co.uk
O15 - Trusted Zone: http://www.thetrainline.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - https://extraweb-eme...aweb/iNotes.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-eme...05/iNotes6W.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {61CE1CA1-6577-49B6-AE2C-43007A942429} - https://webcast.acce...WebcastInfo.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132256974015
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://www.virtualp...g.com/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Program Files\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\Program Files\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 9950 bytes
  • 0

#10
kahdah
Posted 16 March 2008 - 02:09 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {3AD6B13D-A0AB-46bb-8BC5-D89874EEAB3C} - (no file)
O2 - BHO: (no name) - {D78ED111-04CC-4062-BECE-3A1CF9A248CD} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Now click on Fix Checked and then close Hijackthis.
====================================================
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

Doing this unistalls Combofix and does the following:

  • Deletes ComboFix and its associated files and folders.
  • Deletes VundoFix backups, if present
  • Deletes the C:\Deckard folder, if present
  • Deletes the C:_OtMoveIt folder, if present
  • Resets the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.
============================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#11
collinsdayle
Posted 17 March 2008 - 01:33 AM

collinsdayle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,

Here is the Kaspersky report:

KASPERSKY ONLINE SCANNER REPORT
Monday, March 17, 2008 7:33:13 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/03/2008
Kaspersky Anti-Virus database records: 634270


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 92880
Number of viruses found 1
Number of infected objects 0
Number of suspicious objects 2
Duration of the scan process 01:56:36

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped

C:\Documents and Settings\All Users\Documents\ESBK.mb Object is locked skipped

C:\Documents and Settings\All Users\Documents\ESBK.mbb Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\AlbumArtSmall.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Large.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Small.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Folder.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\PIXPhotoStory.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Small.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Favorites -- 4 and 5 star rated.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Favorites -- Have not heard recently.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Favorites -- Listen to late at night.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Favorites -- Listen to on Weekdays.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Favorites -- Listen to on Weekends.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Favorites -- One Audio CD worth.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Favorites -- One Data CD-R worth.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Fresh tracks -- yet to be played.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Fresh tracks -- yet to be rated.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Fresh tracks.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\High bitrate media in my library.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Low bitrate media in my library.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Music tracks I dislike.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Music tracks I have not rated.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\00976C96\Music tracks with content protection.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\desktop.ini Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\01_Music_auto_rated_at_5_stars.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\02_Music_added_in_the_last_month.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\03_Music_rated_at_4_or_5_stars.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\04_Music_played_in_the_last_month.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\05_Pictures_taken_in_the_last_month.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\06_Pictures_rated_4_or_5_stars.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\07_TV_recorded_in_the_last_week.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\08_Video_rated_at_4_or_5_stars.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\09_Music_played_the_most.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\10_All_Music.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\11_All_Pictures.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\07015756\12_All_Video.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\desktop.ini Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\$_hpcst$.hpc Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\call256.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\chat512.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\index2.dat Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\profile16384.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\user1024.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\user256.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Application Data\Skype\amyanddayle\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Dayle Collins\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Dayle Collins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Dayle Collins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Dayle Collins\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Dayle Collins\Local Settings\Temp\WCESLog.log Object is locked skipped

C:\Documents and Settings\Dayle Collins\Local Settings\Temp\~DF60A6.tmp Object is locked skipped

C:\Documents and Settings\Dayle Collins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Dayle Collins\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Dayle Collins\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Downloads\SpecForceSetup.exe/data0036 Suspicious: Packed.Win32.PePatch.dk skipped

C:\Downloads\SpecForceSetup.exe NSIS: suspicious - 1 skipped

C:\itouch_crash_info.txt Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP869\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Wavexpre.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#12
kahdah
Posted 17 March 2008 - 03:21 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#13
collinsdayle
Posted 17 March 2008 - 02:35 PM

collinsdayle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks a million. I must confess that I have no idea what you did but thanks for making it nice and easy to follow. Everything seems to be better now. Not sure what the "going rate" is but I've donated $30 via PayPal. Hope that's OK and thanks again :)
  • 0

#14
kahdah
Posted 17 March 2008 - 05:37 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome and thank you for the donation :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#15
kahdah
Posted 17 March 2008 - 05:37 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP