Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infected pc [RESOLVED]


  • This topic is locked This topic is locked

#1
jonnyb

jonnyb

    Member

  • Member
  • PipPip
  • 47 posts
Hello,

I'v been working on my brother's pc that was badly infected. I managed to clean up 99% of the malware on it except for a pop up that says "security system warning - your pc might be infected...

Here is the hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:13 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\mjobmnsx\erurexyl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\mpoxefap.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [slgmmyhv] C:\WINDOWS\system32\mpoxefap.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uklmmwzk] C:\WINDOWS\system32\lmfuhcbs.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [lstaxdip] C:\WINDOWS\system32\yxmzovqf.exe
O4 - HKCU\..\Run: [gbezbzhz] C:\WINDOWS\system32\zwhingdi.exe
O4 - HKLM\..\Policies\Explorer\Run: [zO1hg1vdaM] C:\Documents and Settings\All Users\Application Data\mjobmnsx\erurexyl.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm021MWUS
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...point-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game3.pogo.co.../aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.co...ction-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.co...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game3.pogo.co...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...hess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.co...mino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...earts-en_US.cab
O16 - DPF: Heavy Cannon by pogo - http://www.pogo.com/...annon-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.co...fancy-en_US.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.co...fhere-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...swild-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.co...dkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.co...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.co...ascar-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.co...ppit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.co...udoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...ochet-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game3.pogo.co.../ride-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.co.../puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.co...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.co...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game3.pogo.co...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.co...ooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/.../tank-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game3.pogo.co...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...mball-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.co...lbrae-en_US.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.co...kater-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.co...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webi...6-6D5536C585C9}
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....son/Coupons.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: qdnkewfa - {240FF080-A355-4C2B-A74B-4705D51EDBB8} - C:\WINDOWS\qdnkewfa.dll
O21 - SSODL: mgsvflkw - {8DD38AEB-290A-45E1-AB2B-A21B05046FF1} - C:\WINDOWS\mgsvflkw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 21086 bytes

Thanks,
jonnyb :)

Edited by jonnyb, 07 April 2008 - 08:33 PM.

  • 0

Advertisements


#2
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello and welcome back to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

The fixes may take several attempts and my replies may take some time but stick with it, and we will be sure to get you sorted.

I will post your first set of instructions shortly :) .
  • 0

#3
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi jonnyb,

Ok lets get started….

SDFix
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.
===============================================


ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


===============================================


Needed in your next reply:

SDFix Report.txt

ComboFix text

And Fresh HijackThis log
  • 0

#4
jonnyb

jonnyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
thanks for you time :)

here are the logs you requested


SDFix: Version 1.169
Run by Administrator on Fri 04/11/2008 at 06:58 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted
C:\Documents and Settings\Keith\Desktop\programs\Privacy Protector.url - Deleted
C:\Documents and Settings\Keith\Desktop\programs\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\apoxqwfv.exe - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\Web\def.htm - Deleted


Could Not Remove C:\WINDOWS\system32smp



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 19:02:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\\Setup.exe"="F:\\Setup.exe:*:Enabled:Setup"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Keith\\Desktop\\SOF2\\SOF2\\SoF2MP.exe"="C:\\Documents and Settings\\Keith\\Desktop\\SOF2\\SOF2\\SoF2MP.exe:*:Enabled:SoF2MP"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

C:\WINDOWS\system32smp Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 11 Dec 2006 4 A..H. --- "C:\WINDOWS\uccspecb.sys"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Finished!

ComboFix 08-04-11.5 - Keith 2008-04-11 19:13:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510 [GMT -4:00]
Running from: C:\Documents and Settings\Keith\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\a.bat
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\[email protected]@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTMGR
-------\Service_ccEvtMgr


((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-11 18:56 . 2008-04-11 18:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-11 18:50 . 2008-04-11 19:07 <DIR> d-------- C:\SDFix
2008-04-08 18:59 . 2008-04-08 18:59 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-07 20:34 . 2008-04-07 20:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 20:04 . 2008-04-07 20:04 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-06 19:18 . 2008-04-06 19:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-06 19:18 . 2008-04-06 19:44 4,642 --a------ C:\WINDOWS\unins000.dat
2008-04-06 17:55 . 2008-04-06 20:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 17:55 . 2008-04-06 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 16:12 . 2008-04-06 16:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 15:07 . 2008-04-06 18:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-06 13:36 . 2008-04-06 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-06 10:33 . 2008-04-08 08:01 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\TmpRecentIcons
2008-04-05 23:04 . 2008-04-08 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjobmnsx
2008-04-02 16:44 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\towers_pc
2008-03-30 11:39 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-03-30 11:38 . 2008-03-30 11:39 <DIR> d-------- C:\Program Files\Strawberry Shortcake

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 01:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 00:39 --------- d-----w C:\Program Files\Oberon Media
2008-04-08 19:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-06 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-04-06 22:51 --------- d-----w C:\Program Files\Ahead
2008-04-06 22:35 --------- d-----w C:\Program Files\Google
2008-04-06 22:05 --------- d-----w C:\Program Files\Yahoo!
2008-04-06 19:20 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-04-06 19:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 19:02 --------- d-----w C:\Documents and Settings\Keith\Application Data\Lavasoft
2008-04-06 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 22:15 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-03-25 16:59 --------- d-----w C:\Documents and Settings\Keith\Application Data\funkitron
2008-03-24 01:30 --------- d-----w C:\Documents and Settings\Keith\Application Data\iWin
2008-03-07 02:39 --------- d-----w C:\Documents and Settings\Keith\Application Data\PlayFirst
2008-03-06 18:34 --------- d-----w C:\Documents and Settings\Keith\Application Data\Gamelab
2008-03-06 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames
2008-03-05 21:23 --------- d-----w C:\Program Files\iTunes
2008-03-05 21:23 --------- d-----w C:\Program Files\iPod
2008-03-05 21:21 --------- d-----w C:\Program Files\QuickTime
2008-02-21 18:07 --------- d-----w C:\Documents and Settings\Keith\Application Data\Chasing Dogs Studios
2008-02-21 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
2008-02-16 23:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-02-16 02:03 --------- d-----w C:\Documents and Settings\Keith\Application Data\Valusoft
2008-02-16 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Valusoft
2008-02-11 22:33 --------- d-----w C:\Documents and Settings\Keith\Application Data\TheScruffs
2006-11-13 02:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-08 13:38 1,226,074 ----a-w C:\Program Files\aresregular193_installer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-06 18:38 1481968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"slgmmyhv"="C:\WINDOWS\system32\mpoxefap.exe" [ ]
"uklmmwzk"="C:\WINDOWS\system32\lmfuhcbs.exe" [ ]
"lstaxdip"="C:\WINDOWS\system32\yxmzovqf.exe" [ ]
"gbezbzhz"="C:\WINDOWS\system32\zwhingdi.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 06:39 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 21:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 21:49 86016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 18:33 53096]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 09:19 24576]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 12:44 20480]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 21:09 842584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 23:15:54 65588]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-06 18:38 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S3 PNDIS5;PNDIS5 NDIS Protocol Driver;F:\PNDIS5.SYS []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-05-07 13:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e6fd84f-cc68-11da-94dd-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe root.ini

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 22:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-05 00:43:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Keith.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 19:16:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-11 19:20:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 23:19:59
Pre-Run: 36,437,667,840 bytes free
Post-Run: 36,351,479,808 bytes free
.
2008-04-08 23:00:19 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [slgmmyhv] C:\WINDOWS\system32\mpoxefap.exe
O4 - HKCU\..\Run: [uklmmwzk] C:\WINDOWS\system32\lmfuhcbs.exe
O4 - HKCU\..\Run: [lstaxdip] C:\WINDOWS\system32\yxmzovqf.exe
O4 - HKCU\..\Run: [gbezbzhz] C:\WINDOWS\system32\zwhingdi.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm021MWUS
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...point-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game3.pogo.co.../aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.co...ction-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.co...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game3.pogo.co...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...hess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.co...mino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...earts-en_US.cab
O16 - DPF: Heavy Cannon by pogo - http://www.pogo.com/...annon-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.co...fancy-en_US.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.co...fhere-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...swild-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.co...dkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.co...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.co...ascar-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.co...ppit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.co...udoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...ochet-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game3.pogo.co.../ride-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.co.../puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.co...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.co...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game3.pogo.co...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.co...ooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/.../tank-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game3.pogo.co...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...mball-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.co...lbrae-en_US.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.co...kater-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.co...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webi...6-6D5536C585C9}
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....son/Coupons.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....upv2.0.0.10.cab?
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 20253 bytes

thanks
jonnyb
  • 0

#5
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi jonnyb,


Disable Teatimer

Please disable Teatimer as it may interfere with the fix.

First:
*Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
*Choose Exit Spybot S&D Resident

Second:
*Open Spybot S&D
*Click Mode, check Advanced Mode
*Go To Left Panel, Click Tools, then also in left panel, click Resident
*If your firewall raises a question, say OK
*Uncheck the box labeled Resident Tea-Timer and OK any prompts.
*Use File, Exit to terminate Spybot
*Reboot your machine for the changes to take effect.

Once your log is clean you can re-enable those settings.

===============================================


Fix with HijackThis


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [slgmmyhv] C:\WINDOWS\system32\mpoxefap.exe
O4 - HKCU\..\Run: [uklmmwzk] C:\WINDOWS\system32\lmfuhcbs.exe
O4 - HKCU\..\Run: [lstaxdip] C:\WINDOWS\system32\yxmzovqf.exe
O4 - HKCU\..\Run: [gbezbzhz] C:\WINDOWS\system32\zwhingdi.exe

O8 - Extra context menu item: &Search - ?p=ZKxdm021MWUS

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....son/Coupons.cab

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Now close all windows other than HiJackThis (especially Internet Explorer!), then click Fix Checked. Close HiJackThis.


===============================================

Combofix Script.txt


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\mpoxefap.exe
C:\WINDOWS\system32\lmfuhcbs.exe
C:\WINDOWS\system32\yxmzovqf.exe
C:\WINDOWS\system32\zwhingdi.exe

Folder::
C:\WINDOWS\privacy_danger


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

===============================================

Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
===============================================


Needed in you next reply:

ComboFix log

Kaspersky WebScanner results

Fresh KijackThis log

And please let know how your system is running :)
  • 0

#6
jonnyb

jonnyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
BHowett,

I had my brother disable his McAfee and Super Spyware but when running Combo fix he said Windows security stop "EICAR TEST FILE".

He let the scans run anyways and sent me the logs

ComboFix 08-04-11.5 - Keith 2008-04-15 16:10:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.581 [GMT -4:00]
Running from: C:\Documents and Settings\Keith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Keith\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\lmfuhcbs.exe
C:\WINDOWS\system32\mpoxefap.exe
C:\WINDOWS\system32\yxmzovqf.exe
C:\WINDOWS\system32\zwhingdi.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-12 16:29 . 2008-04-12 16:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 16:29 . 2008-04-12 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 10:38 . 2008-04-15 16:00 9,017 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-12 10:37 . 2008-04-14 15:28 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-04-12 10:37 . 2008-04-14 07:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-12 10:37 . 2008-04-15 14:49 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SiteAdvisor
2008-04-12 10:37 . 2008-04-12 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-12 10:37 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-12 10:36 . 2008-04-12 10:36 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-12 10:36 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-12 10:36 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-12 10:36 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-12 10:36 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-12 10:36 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-12 10:36 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-12 10:35 . 2008-04-12 10:37 <DIR> d-------- C:\Program Files\McAfee
2008-04-12 10:35 . 2008-04-12 10:36 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-12 10:00 . 2008-04-12 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-11 18:56 . 2008-04-11 18:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-11 18:50 . 2008-04-11 19:07 <DIR> d-------- C:\SDFix
2008-04-08 18:59 . 2008-04-08 18:59 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-07 20:34 . 2008-04-07 20:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 20:04 . 2008-04-07 20:04 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-06 19:18 . 2008-04-06 19:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-06 19:18 . 2008-04-06 19:44 4,642 --a------ C:\WINDOWS\unins000.dat
2008-04-06 17:55 . 2008-04-12 10:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 17:55 . 2008-04-12 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 16:12 . 2008-04-06 16:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 15:07 . 2008-04-06 18:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-06 13:36 . 2008-04-06 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-06 10:33 . 2008-04-08 08:01 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\TmpRecentIcons
2008-04-05 23:04 . 2008-04-08 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjobmnsx
2008-04-02 16:44 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\towers_pc
2008-03-30 11:39 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-03-30 11:38 . 2008-03-30 11:39 <DIR> d-------- C:\Program Files\Strawberry Shortcake

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 22:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 16:41 5,483 ----a-w C:\WINDOWS\java\Packages\SGR93XF7.ZIP
2008-04-13 16:41 3,113,844 ----a-w C:\WINDOWS\java\Packages\7RDBTZRX.ZIP
2008-04-12 14:19 --------- d-----w C:\Program Files\BFG
2008-04-12 13:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 13:56 --------- d-----w C:\Program Files\Symantec
2008-04-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-11 17:11 5,483 ----a-w C:\WINDOWS\java\Packages\5BN77H3T.ZIP
2008-04-11 17:11 2,998,092 ----a-w C:\WINDOWS\java\Packages\CC60Y7PZ.ZIP
2008-04-11 00:39 --------- d-----w C:\Program Files\Oberon Media
2008-04-11 00:38 5,483 ----a-w C:\WINDOWS\java\Packages\8HBDRBF3.ZIP
2008-04-11 00:38 2,679,460 ----a-w C:\WINDOWS\java\Packages\Z5ZZ9VB3.ZIP
2008-04-10 01:13 5,483 ----a-w C:\WINDOWS\java\Packages\JNFNLVPN.ZIP
2008-04-10 01:13 2,488,744 ----a-w C:\WINDOWS\java\Packages\6CK5VJPR.ZIP
2008-04-09 19:59 5,483 ----a-w C:\WINDOWS\java\Packages\W0BXNTZ7.ZIP
2008-04-09 19:59 1,946,947 ----a-w C:\WINDOWS\java\Packages\QAXZRJBF.ZIP
2008-04-09 19:35 2,018,968 ----a-w C:\WINDOWS\java\Packages\UT3DBV5B.ZIP
2008-04-09 19:35 14,138 ----a-w C:\WINDOWS\java\Packages\SW93HVPR.ZIP
2008-04-06 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-04-06 22:51 --------- d-----w C:\Program Files\Ahead
2008-04-06 22:35 --------- d-----w C:\Program Files\Google
2008-04-06 22:05 --------- d-----w C:\Program Files\Yahoo!
2008-04-06 19:20 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-04-06 19:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 19:02 --------- d-----w C:\Documents and Settings\Keith\Application Data\Lavasoft
2008-04-06 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 17:15 1,474,504 ----a-w C:\WINDOWS\java\Packages\6BHNVDN5.ZIP
2008-04-02 16:32 2,662,551 ----a-w C:\WINDOWS\java\Packages\8LFT7Z57.ZIP
2008-04-01 16:54 2,521,594 ----a-w C:\WINDOWS\java\Packages\UXBZH33T.ZIP
2008-03-30 23:52 3,495,221 ----a-w C:\WINDOWS\java\Packages\DBFLVF53.ZIP
2008-03-30 23:42 3,026,983 ----a-w C:\WINDOWS\java\Packages\RZZBDB3N.ZIP
2008-03-28 22:15 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-03-27 17:39 2,416,174 ----a-w C:\WINDOWS\java\Packages\SMDBZX3D.ZIP
2008-03-25 16:59 --------- d-----w C:\Documents and Settings\Keith\Application Data\funkitron
2008-03-24 23:47 2,341,860 ----a-w C:\WINDOWS\java\Packages\NNBRFB37.ZIP
2008-03-24 01:30 --------- d-----w C:\Documents and Settings\Keith\Application Data\iWin
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 17:02 2,219,729 ----a-w C:\WINDOWS\java\Packages\XV1RT397.ZIP
2008-03-13 15:57 2,366,477 ----a-w C:\WINDOWS\java\Packages\HNJXN7TF.ZIP
2008-03-12 16:35 1,900,820 ----a-w C:\WINDOWS\java\Packages\6DBN1VVX.ZIP
2008-03-11 22:38 2,132,056 ----a-w C:\WINDOWS\java\Packages\75FDJXZZ.ZIP
2008-03-11 18:02 2,204,094 ----a-w C:\WINDOWS\java\Packages\T7F1RDJB.ZIP
2008-03-11 17:12 2,234,705 ----a-w C:\WINDOWS\java\Packages\8X7TBHZ5.ZIP
2008-03-08 18:25 109,733 ----a-w C:\WINDOWS\java\Packages\M0M8FRTV.ZIP
2008-03-08 18:25 1,893,949 ----a-w C:\WINDOWS\java\Packages\QW9B1FZ5.ZIP
2008-03-08 18:18 2,776,859 ----a-w C:\WINDOWS\java\Packages\2RD33PJZ.ZIP
2008-03-08 16:06 3,099,259 ----a-w C:\WINDOWS\java\Packages\5NVDZ3H7.ZIP
2008-03-08 16:02 1,958,664 ----a-w C:\WINDOWS\java\Packages\JLZVLJNV.ZIP
2008-03-07 18:54 1,718,493 ----a-w C:\WINDOWS\java\Packages\PVDVVTZ3.ZIP
2008-03-07 02:39 --------- d-----w C:\Documents and Settings\Keith\Application Data\PlayFirst
2008-03-06 18:34 --------- d-----w C:\Documents and Settings\Keith\Application Data\Gamelab
2008-03-06 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames
2008-03-05 21:23 --------- d-----w C:\Program Files\iTunes
2008-03-05 21:23 --------- d-----w C:\Program Files\iPod
2008-03-05 21:21 --------- d-----w C:\Program Files\QuickTime
2008-03-05 17:55 2,066,500 ----a-w C:\WINDOWS\java\Packages\I3LR1VTB.ZIP
2008-03-05 17:20 109,738 ----a-w C:\WINDOWS\java\Packages\YG3LBJXN.ZIP
2008-03-05 17:20 1,979,390 ----a-w C:\WINDOWS\java\Packages\1V5N1RX7.ZIP
2008-03-05 01:49 3,607,248 ----a-w C:\WINDOWS\java\Packages\8MJ1FVX7.ZIP
2008-03-02 16:00 2,871,058 ----a-w C:\WINDOWS\java\Packages\KJ97TBPN.ZIP
2008-03-02 01:32 1,853,181 ----a-w C:\WINDOWS\java\Packages\CGT7PB35.ZIP
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 15:51 1,982,909 ----a-w C:\WINDOWS\java\Packages\HB9JLBLF.ZIP
2008-02-26 18:38 2,631,300 ----a-w C:\WINDOWS\java\Packages\L3D317NL.ZIP
2008-02-26 18:36 1,648,735 ----a-w C:\WINDOWS\java\Packages\L7VJBBFX.ZIP
2008-02-24 02:05 2,207,833 ----a-w C:\WINDOWS\java\Packages\FR5JP7L7.ZIP
2008-02-21 18:07 --------- d-----w C:\Documents and Settings\Keith\Application Data\Chasing Dogs Studios
2008-02-21 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 03:32 1,240,023 ----a-w C:\WINDOWS\java\Packages\C4Q9BTZZ.ZIP
2008-02-16 23:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-02-16 02:03 --------- d-----w C:\Documents and Settings\Keith\Application Data\Valusoft
2008-02-16 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Valusoft
2008-02-14 19:24 2,178,651 ----a-w C:\WINDOWS\java\Packages\B5FLJ571.ZIP
2008-02-07 02:40 2,193,315 ----a-w C:\WINDOWS\java\Packages\7XJ9BJLV.ZIP
2008-02-01 21:04 2,450,535 ----a-w C:\WINDOWS\java\Packages\VLFP7XBX.ZIP
2008-01-31 22:49 9,488 ----a-w C:\WINDOWS\java\Packages\APNHFN1B.ZIP
2008-01-31 22:49 2,170,449 ----a-w C:\WINDOWS\java\Packages\SQ9FRLRX.ZIP
2008-01-30 21:58 2,879,648 ----a-w C:\WINDOWS\java\Packages\N9BLJBN9.ZIP
2008-01-26 20:42 1,923,619 ----a-w C:\WINDOWS\java\Packages\N1397B57.ZIP
2008-01-23 21:41 1,749,502 ----a-w C:\WINDOWS\java\Packages\13P71JXV.ZIP
2008-01-23 20:11 11,003 ----a-w C:\WINDOWS\java\Packages\TF97TZ7B.ZIP
2008-01-21 22:08 2,105,514 ----a-w C:\WINDOWS\java\Packages\LZNHZZZT.ZIP
2008-01-20 22:17 1,274,619 ----a-w C:\WINDOWS\java\Packages\OKN3LRBH.ZIP
2008-01-17 13:28 2,672,108 ----a-w C:\WINDOWS\java\Packages\JFHJTBFJ.ZIP
2008-01-16 19:06 2,206,619 ----a-w C:\WINDOWS\java\Packages\QJ71BF5N.ZIP
2006-11-13 02:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-08 13:38 1,226,074 ----a-w C:\Program Files\aresregular193_installer.exe
.

((((((((((((((((((((((((((((( [email protected]_19.19.49.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-15 20:05:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-15 20:05:39 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-15 20:05:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-09 17:56:56 196,960 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-13 00:20:54 196,160 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-04-15 11:38:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d88.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-06 18:38 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 06:39 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 21:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 21:49 86016]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 09:19 24576]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 12:44 20480]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 21:09 842584]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 23:15:54 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-06 18:38 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S2 0143611208010974mcinstcleanup;McAfee Application Installer Cleanup (0143611208010974);C:\DOCUME~1\Keith\LOCALS~1\Temp\014361~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 PNDIS5;PNDIS5 NDIS Protocol Driver;F:\PNDIS5.SYS []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-05-07 13:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e6fd84f-cc68-11da-94dd-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe root.ini

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 14:36:10 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-12 14:36:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 16:13:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
Completion time: 2008-04-15 16:14:16
ComboFix-quarantined-files.txt 2008-04-15 20:14:03
ComboFix2.txt 2008-04-12 20:16:15
ComboFix3.txt 2008-04-11 23:20:06
Pre-Run: 36,426,145,792 bytes free
Post-Run: 36,413,628,416 bytes free
.
2008-04-08 23:00:19 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...point-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game3.pogo.co.../aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.co...ction-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.co...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game3.pogo.co...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...hess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.co...mino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...earts-en_US.cab
O16 - DPF: Heavy Cannon by pogo - http://www.pogo.com/...annon-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.co...fancy-en_US.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.co...fhere-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...swild-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.co...dkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.co...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.co...ascar-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.co...ppit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.co...udoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...ochet-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game3.pogo.co.../ride-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.co.../puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.co...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.co...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game3.pogo.co...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.co...ooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/.../tank-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game3.pogo.co...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...mball-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.co...lbrae-en_US.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.co...kater-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.co...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Application Installer Cleanup (0143611208010974) (0143611208010974mcinstcleanup) - Unknown owner - C:\DOCUME~1\Keith\LOCALS~1\Temp\014361~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 18539 bytes

ComboFix 08-04-11.5 - Keith 2008-04-15 16:10:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.581 [GMT -4:00]
Running from: C:\Documents and Settings\Keith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Keith\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\lmfuhcbs.exe
C:\WINDOWS\system32\mpoxefap.exe
C:\WINDOWS\system32\yxmzovqf.exe
C:\WINDOWS\system32\zwhingdi.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-12 16:29 . 2008-04-12 16:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 16:29 . 2008-04-12 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 10:38 . 2008-04-15 16:00 9,017 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-12 10:37 . 2008-04-14 15:28 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-04-12 10:37 . 2008-04-14 07:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-12 10:37 . 2008-04-15 14:49 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SiteAdvisor
2008-04-12 10:37 . 2008-04-12 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-12 10:37 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-12 10:36 . 2008-04-12 10:36 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-12 10:36 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-12 10:36 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-12 10:36 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-12 10:36 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-12 10:36 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-12 10:36 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-12 10:35 . 2008-04-12 10:37 <DIR> d-------- C:\Program Files\McAfee
2008-04-12 10:35 . 2008-04-12 10:36 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-12 10:00 . 2008-04-12 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-11 18:56 . 2008-04-11 18:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-11 18:50 . 2008-04-11 19:07 <DIR> d-------- C:\SDFix
2008-04-08 18:59 . 2008-04-08 18:59 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-07 20:34 . 2008-04-07 20:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 20:04 . 2008-04-07 20:04 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-06 19:18 . 2008-04-06 19:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-06 19:18 . 2008-04-06 19:44 4,642 --a------ C:\WINDOWS\unins000.dat
2008-04-06 17:55 . 2008-04-12 10:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 17:55 . 2008-04-12 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 16:12 . 2008-04-06 16:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 15:07 . 2008-04-06 18:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-06 13:36 . 2008-04-06 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-06 10:33 . 2008-04-08 08:01 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\TmpRecentIcons
2008-04-05 23:04 . 2008-04-08 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjobmnsx
2008-04-02 16:44 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\towers_pc
2008-03-30 11:39 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-03-30 11:38 . 2008-03-30 11:39 <DIR> d-------- C:\Program Files\Strawberry Shortcake

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 22:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 16:41 5,483 ----a-w C:\WINDOWS\java\Packages\SGR93XF7.ZIP
2008-04-13 16:41 3,113,844 ----a-w C:\WINDOWS\java\Packages\7RDBTZRX.ZIP
2008-04-12 14:19 --------- d-----w C:\Program Files\BFG
2008-04-12 13:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 13:56 --------- d-----w C:\Program Files\Symantec
2008-04-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-11 17:11 5,483 ----a-w C:\WINDOWS\java\Packages\5BN77H3T.ZIP
2008-04-11 17:11 2,998,092 ----a-w C:\WINDOWS\java\Packages\CC60Y7PZ.ZIP
2008-04-11 00:39 --------- d-----w C:\Program Files\Oberon Media
2008-04-11 00:38 5,483 ----a-w C:\WINDOWS\java\Packages\8HBDRBF3.ZIP
2008-04-11 00:38 2,679,460 ----a-w C:\WINDOWS\java\Packages\Z5ZZ9VB3.ZIP
2008-04-10 01:13 5,483 ----a-w C:\WINDOWS\java\Packages\JNFNLVPN.ZIP
2008-04-10 01:13 2,488,744 ----a-w C:\WINDOWS\java\Packages\6CK5VJPR.ZIP
2008-04-09 19:59 5,483 ----a-w C:\WINDOWS\java\Packages\W0BXNTZ7.ZIP
2008-04-09 19:59 1,946,947 ----a-w C:\WINDOWS\java\Packages\QAXZRJBF.ZIP
2008-04-09 19:35 2,018,968 ----a-w C:\WINDOWS\java\Packages\UT3DBV5B.ZIP
2008-04-09 19:35 14,138 ----a-w C:\WINDOWS\java\Packages\SW93HVPR.ZIP
2008-04-06 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-04-06 22:51 --------- d-----w C:\Program Files\Ahead
2008-04-06 22:35 --------- d-----w C:\Program Files\Google
2008-04-06 22:05 --------- d-----w C:\Program Files\Yahoo!
2008-04-06 19:20 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-04-06 19:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 19:02 --------- d-----w C:\Documents and Settings\Keith\Application Data\Lavasoft
2008-04-06 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 17:15 1,474,504 ----a-w C:\WINDOWS\java\Packages\6BHNVDN5.ZIP
2008-04-02 16:32 2,662,551 ----a-w C:\WINDOWS\java\Packages\8LFT7Z57.ZIP
2008-04-01 16:54 2,521,594 ----a-w C:\WINDOWS\java\Packages\UXBZH33T.ZIP
2008-03-30 23:52 3,495,221 ----a-w C:\WINDOWS\java\Packages\DBFLVF53.ZIP
2008-03-30 23:42 3,026,983 ----a-w C:\WINDOWS\java\Packages\RZZBDB3N.ZIP
2008-03-28 22:15 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-03-27 17:39 2,416,174 ----a-w C:\WINDOWS\java\Packages\SMDBZX3D.ZIP
2008-03-25 16:59 --------- d-----w C:\Documents and Settings\Keith\Application Data\funkitron
2008-03-24 23:47 2,341,860 ----a-w C:\WINDOWS\java\Packages\NNBRFB37.ZIP
2008-03-24 01:30 --------- d-----w C:\Documents and Settings\Keith\Application Data\iWin
2008-03-19 09:47 1,845,248 ----a-w C:�
  • 0

#7
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi jonnyb,

the logs got cut off all I need is the Kaspersky WebScanner results, And please let know how your system is running.

thanks
  • 0

#8
jonnyb

jonnyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
:) sorry

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 16, 2008 17:39
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/04/2008
Kaspersky Anti-Virus database records: 710904
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: false
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 105011
Number of viruses found: 8
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 00:48:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D3F39C01-2FC0-4035-9789-0EDB9C772FD8}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Keith\Application Data\Fisher-Price\FP3 Player\CMNotifyTrace.log Object is locked skipped
C:\Documents and Settings\Keith\Application Data\MySpace\IM\Logs\MySpaceIM-20080416-075415.log Object is locked skipped
C:\Documents and Settings\Keith\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Application Data\ApplicationHistory\sspnotifier.exe.f1a33aab.ini.inuse Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\History\History.IE5\MSHist012008041620080417\index.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0063.jpg_95_4194928 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0064.jpg_96_4194980 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0066.jpg_97_4195084 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0068.mov_98_4195188 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0069.mov_99_4195240 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0070.mov_100_4195292 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0077.mov_101_4195448 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0082.jpg_102_4195344 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0083.jpg_103_4195500 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0084.jpg_104_4195396 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0085.jpg_105_4195032 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0087.jpg_106_4194876 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\000_0090.jpg_107_4195136 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2694.jpg_4_1820 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2695.jpg_5_1872 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2696.jpg_6_1924 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2697.jpg_7_1976 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2698.jpg_8_2028 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2699.jpg_9_2080 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2700.jpg_10_2132 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2702.jpg_11_2236 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2703.jpg_12_2288 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2704.jpg_13_2340 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2705.jpg_14_988 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2706.jpg_15_1040 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2707.jpg_16_1092 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2708.jpg_17_260 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2709.jpg_18_312 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2710.jpg_19_364 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2711.jpg_20_416 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2712.jpg_21_468 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2713.jpg_22_520 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2714.jpg_23_572 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2715.jpg_24_624 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2716.jpg_25_676 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2717.jpg_26_728 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2718.jpg_27_780 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2719.jpg_28_832 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2720.jpg_29_884 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2721.jpg_30_936 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2722.jpg_31_1144 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2723.jpg_32_1196 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2724.jpg_33_1248 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2725.jpg_34_1300 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2726.jpg_35_1352 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2727.jpg_36_1404 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2728.jpg_37_1456 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2729.jpg_38_1508 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2730.jpg_39_1560 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2731.jpg_40_1612 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2732.jpg_41_1664 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2733.jpg_42_1716 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2734.jpg_43_1768 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2735.jpg_44_2184 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2736.jpg_45_2392 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2737.jpg_46_2444 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2738.jpg_47_2496 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2739.jpg_48_2548 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2740.jpg_49_2600 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2741.jpg_50_2652 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2742.jpg_51_2704 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2743.jpg_52_2756 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2744.jpg_53_2808 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2745.jpg_54_2860 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2746.jpg_55_2912 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2747.jpg_56_2964 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2748.jpg_57_3016 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2749.jpg_58_3068 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2750.jpg_59_3120 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2751.jpg_60_3172 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2752.jpg_61_3224 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2753.jpg_62_3276 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2754.jpg_63_65536 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2755.jpg_64_65588 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2756.jpg_65_65640 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2757.jpg_66_65692 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2758.jpg_67_65744 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2759.jpg_68_65796 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2760.jpg_69_65848 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2761.jpg_70_65900 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2762.jpg_71_65952 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2763.jpg_72_66004 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2764.jpg_73_66056 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2765.jpg_74_66108 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2766.jpg_75_66160 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2767.jpg_76_66212 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2768.jpg_77_66264 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2769.jpg_78_66316 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2770.jpg_79_66368 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2771.jpg_80_66420 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2772.jpg_81_66472 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2773.jpg_82_66524 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2774.jpg_83_66576 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2775.jpg_84_66628 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2776.jpg_85_66680 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2777.jpg_86_66732 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2778.jpg_87_66784 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2779.jpg_88_66836 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2780.jpg_89_66888 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2781.jpg_90_66940 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2782.jpg_91_66992 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-1-2008-4-16-12-56-35-343\100_2783.jpg_92_67044 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-2-2008-4-16-12-56-39-937\brg00001.jpg_112_4195552 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-2-2008-4-16-12-56-39-937\brg00003.jpg_113_4195604 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\FromCamera1908-2-2008-4-16-12-56-39-937\brg00004.jpg_114_4195656 Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\Perflib_Perfdata_6e0.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\~DF5420.tmp Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\~DF9FBF.tmp Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Keith\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Keith\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP691\A0282468.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP691\A0282481.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP691\A0282489.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP693\A0282632.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP699\A0286225.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dsx skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP701\A0286340.exe Infected: not-a-virus:AdWare.Win32.Vapsup.dty skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP701\A0286346.exe Infected: not-a-virus:AdWare.Win32.Vapsup.dty skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP702\A0286539.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\System Volume Information\_restore{A8AF3D3D-1D0C-4155-B8C6-0D5E4C120514}\RP705\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_1cT5EjKObwvc9Sy Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Ea4ZS4Mxr4qK101 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_epoVh6BBf28SHLF Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_c50.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

My brother told me it's running great
jonnyb
  • 0

#9
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi jonnyb,

The logs are looking good :) , and don’t be discouraged because of the kerspersky results, all it found was old system restore points, witch we are about to clean out. Just a few more steps before I give the all clear.


Fix with HijackThis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


===============================================


I noticed there are left overs of Symantec Corporation still running, most likely at one time your brother had Norton installed. We can clean that up with the Norton removal tool.

Download and run the Norton Removal Tool

Please visit Symantec support by clicking HERE

Choose the Norton product you had installed.

Then follow the steps listed on the page that opens.

===============================================

ComboFix Removal
  • Follow these steps to uninstall Combofix and tools used in the removal of malware
    [List]
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
===============================================


Reset your restore points

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

===============================================



Now please post a fresh HijackThis log, and we should be good to go.
  • 0

#10
jonnyb

jonnyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
here you go

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.co...point-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game3.pogo.co.../aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.co...ction-en_US.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.co...tarfb-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Backgammon by pogo - http://game3.pogo.co...ammon-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game3.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game3.pogo.co...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.co...hess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game3.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game3.pogo.co...mino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...earts-en_US.cab
O16 - DPF: Heavy Cannon by pogo - http://www.pogo.com/...annon-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.co...fancy-en_US.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.co...fhere-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...swild-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.co...dkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.co...jong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.co...ascar-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.co...allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.co...aigow-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...popfu-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.co...ppit2-en_US.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.co...udoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.co...ochet-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game3.pogo.co.../ride-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.co.../puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game3.pogo.co...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.co...pooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.co...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game3.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Super Dominoes by pogo - http://game3.pogo.co...omino-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.co...ooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/.../tank-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game3.pogo.co...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.co...mball-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.co...lbrae-en_US.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.co...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game3.pogo.co...mbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.co...kater-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.co...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.co...class-en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Application Installer Cleanup (0143611208010974) (0143611208010974mcinstcleanup) - Unknown owner - C:\DOCUME~1\Keith\LOCALS~1\Temp\014361~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 17548 bytes

I do appreciate your time and effort on this.

jonnyb
  • 0

#11
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have.

I know you already have some of the programs like Antivirus, or 3rd party firewall, but I still like to share the information incase you ever need them, or want to change them.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Posted Image 1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

Posted Image 2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

Posted Image 3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

Posted Image 4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

Posted Image 5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

Posted Image 6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

Posted Image 7.) Another excellent program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

Posted Image 8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

Posted Image 9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

Posted Image 10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. [/list]
Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!
  • 0

#12
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP