Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Desktop and Screensaver HiJacked [RESOLVED]

Started by indngvr , Jun 04 2008 02:37 PM

This topic is locked

#1
indngvr

Posted 04 June 2008 - 02:37 PM

Member

Member
10 posts

Hello all,

I was infected with something not seen by me before. My desktop was hijacked with a blue background with a yellow box stating that my computer had been infected with spyware. I was also being attacked by an unknown source every 5 seconds or so but being blocked by Norton. I kept telling Norton to “block this instance” but finally got tired of doing that repeatedly and told Norton to “Block Permanently” and stopped seeing that. If unattended long enough, my screensaver was a bunch of bugs crawling around. I knew I was in trouble and upon searching realized I am not alone.
I could find no 2 fixes near the same and tried several with no results. So here I am asking for your help

I have copied and pasted all of the information you had requested, in order of appearance and separated by ************** , in your “read first” instructions. I should have all XP updates thru XP Service Pack 3. Hopefully I have performed all requests properly so as to enable you to help me.

***********************************

Malwarebytes' Anti-Malware 1.14
Database version: 821

9:09:28 PM 6/4/2008
mbam-log-6-4-2008 (21-09-28).txt

Scan type: Quick Scan
Objects scanned: 37718
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{699fabf8-1087-491f-b57c-80a68929d82b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{699fabf8-1087-491f-b57c-80a68929d82b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\blphcvdsj0ec0c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log

NOTE: I had to manually check several items found in scan list

Generated 06/04/2008 at 02:21 PM

Application Version : 4.15.1000

Core Rules Database Version : 3473
Trace Rules Database Version: 1464

Scan type : Complete Scan
Total Scan Time : 00:23:06

Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 5558
Registry threats detected : 2
File items scanned : 18678
File threats detected : 846

Adware.MovieLand/MediaPipe
C:\Program Files\MovieLand Terms.html
C:\Documents and Settings\default\Desktop\MoviePass Terms.lnk
C:\Documents and Settings\default\Desktop\moviepass.url
C:\Program Files\moviepass Terms.html

Adware.AlfaCleaner
C:\WINDOWS\warnhp.html

Adware.Ezula
C:\WINDOWS\system32\ezstub.exe
C:\WINDOWS\Downloaded Program Files\ezstub.dll
C:\WINDOWS\Downloaded Program Files\ezstub.INF
C:\WINDOWS\eZinstall.exe
C:\WINDOWS\LastGood\Downloaded Program Files\ezstub.INF

Trojan.Painter
C:\WINDOWS\system32\MSWINUP32.DLL
C:\WINDOWS\system32\MSWINXML.DLL
C:\WINDOWS\system32\WINLFL32.DLL

Adware.ZToolbar
C:\WINDOWS\azesearch.bmp
C:\WINDOWS\system32\azebar.xml
C:\WINDOWS\Downloaded Program Files\azesearch.inf

Adware.Apropos Media
C:\WINDOWS\system32\auto_update_uninstall.log
C:\WINDOWS\system32\auto_update_uninstall.exe

Trojan.SpySheriff
C:\WINDOWS\secure32.html
c:\secure32.html
C:\SpySheriff.lnk
C:\Documents and Settings\default\Desktop\SpySheriff.lnk
\SpySheriff.lnk

Adware.180solutions/Search Assistant
C:\WINDOWS\Downloaded Program Files\ClientAX.dll
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
C:\WINDOWS\MediaGateway.exe.bin

Adware.WebNexus
C:\WINDOWS\LastGood\wupdt.exe
C:\WINDOWS\mynexus.exe
C:\WINDOWS\system32\pbvwb.dat
C:\WINDOWS\system32\vgactl.cpl
C:\WINDOWS\system32\wuauclt.dll
C:\WINDOWS\vlpnlp.dat
C:\WINDOWS\wupdt.exe
C:\installerwebnex.exe

Trojan.SmartFinder
C:\WINDOWS\system32\mfcgy32.dll
C:\WINDOWS\system32\owdwi.dll
C:\WINDOWS\system32\sdkok32.exe
C:\WINDOWS\sysvb.exe
C:\WINDOWS\mfcbh.exe
C:\WINDOWS\sdkhk.exe
C:\WINDOWS\system32\sdkmd32.dll
C:\WINDOWS\zkowf.dll

Trojan.SpyFalcon
C:\Documents and Settings\default\Desktop\SpyFalcon.lnk
C:\WINDOWS\system32\oleext.dll
C:\WINDOWS\system32\oleext32.dll

Trojan.MalwareWipe
C:\Documents and Settings\default\Desktop\MalwareWipe.lnk
\MalwareWipe.com.lnk
C:\Documents and Settings\default\Desktop\MalwareWipe.com.lnk
C:\Documents and Settings\default\Start Menu\MalwareWipe.com 4.2.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWiped 5.2.lnk
C:\Documents and Settings\default\Start Menu\MalwareWiped 5.2.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware-Wiped 5.2.lnk
C:\Documents and Settings\default\Desktop\Malware-Wiped.lnk
C:\Documents and Settings\default\Start Menu\Malware-Wiped 5.2.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWiped 5.7.lnk
C:\Documents and Settings\default\Desktop\MalwareWiped 5.7.lnk
C:\Documents and Settings\default\Start Menu\MalwareWiped 5.7.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWiped 5.8.lnk
C:\Documents and Settings\default\Desktop\MalwareWiped 5.8.lnk
C:\Documents and Settings\default\Start Menu\MalwareWiped 5.8.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWiped 5.9.lnk
C:\Documents and Settings\default\Desktop\MalwareWiped 5.9.lnk
C:\Documents and Settings\default\Start Menu\MalwareWiped 5.9.lnk

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\drivers\FOPN.sys
C:\WINDOWS\system32\drivers\uwasfsd.sys
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\system32\stera.job
C:\Documents and Settings\default\Desktop\Install WinAntiVirus Pro 2006 .lnk
C:\Documents and Settings\default\Cookies\[email protected][2].txt
C:\Documents and Settings\default\Desktop\Summary.txt
C:\Documents and Settings\default\Desktop\WinAntiSpyware 2006 Scanner.lnk
C:\Documents and Settings\All Users\Desktop\WinAntiVirus Pro 2006.lnk
C:\Documents and Settings\All Users\Desktop\Look for answers in WinAntiVirus Pro 2007 Knowledge Base.lnk
C:\Documents and Settings\All Users\Desktop\WinAntiVirus Pro 2007.lnk

Adware.SurfSideKick
C:\Documents and Settings\default\Application Data\Sskcwrd.dll
C:\Documents and Settings\default\Application Data\Sskdmns.dll
C:\Documents and Settings\default\Application Data\Sskuknwrd.dll
C:\Documents and Settings\default\Application Data\Sskknwrd.dll

Trojan.WinFixer 2006
C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe
C:\WINDOWS\system32\dfe1.exe
C:\WINDOWS\system32\drivers\d_kmd.sys

Trojan.AdwarePunisher
C:\WINDOWS\adw.htm

Registry Cleaner Trial
C:\Documents and Settings\default\Desktop\Registry Cleaner.lnk

Trojan.Windows Overlay Components/SysMon
C:\WINDOWS\offun.exe

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax
C:\Documents and Settings\default\Start Menu\Z_Start.lnk
C:\Documents and Settings\default\Start Menu\Programs\Startup\Zeno.lnk

Adware.IST/ISTBar (Slotch Bar)
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll

Trojan.Avpe64/32
C:\WINDOWS\system32\klgcptini.dat
C:\WINDOWS\system32\stt82.ini

Adware.Adservs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._

Trojan.DCOM Server
C:\WINDOWS\system32\dcom_14.dll

Trojan.Malware
C:\WINDOWS\back.gif
C:\WINDOWS\bg.gif
C:\WINDOWS\buy-btn.gif
C:\WINDOWS\download-btn.gif
C:\WINDOWS\security.html
C:\Documents and Settings\default\Desktop\Adware Reviews.url
C:\Documents and Settings\default\Desktop\Play Poker.url
C:\Documents and Settings\default\Desktop\access
C:\Documents and Settings\default\Desktop\domains
C:\Documents and Settings\default\Desktop\map.txt
C:\asdf.txt

Adware.HotBar (Low Risk)
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf

Trojan.UnSpyPC Spyware Scanner
C:\Documents and Settings\default\Desktop\UnSpyPC Scanner & Monitor.lnk
C:\Documents and Settings\default\Desktop\SafeAndClean_report.htm

Adware.MediaMediatickets
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx

Adware.MediaMotor
C:\WINDOWS\Downloaded Program Files\mm83.ocx
C:\WINDOWS\Downloaded Program Files\amm06.inf
C:\WINDOWS\Downloaded Program Files\amm06.ocx
C:\WINDOWS\System32\safe.tlb
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\amm06.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\amm06.ocx
C:\WINDOWS\mm06y.ini
C:\WINDOWS\Downloaded Program Files\motorsix.inf

Trojan.ISA32
C:\WINDOWS\system32\drivers\isa32.sys

Trojan.PestTrap
C:\Documents and Settings\default\Desktop\PestTrap.lnk

Parasite.SpyAxe
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareAxe 3.0.lnk
C:\Documents and Settings\default\Desktop\SpywareAxe.lnk

Trojan.RazeSpyware
C:\Documents and Settings\default\Desktop\RazeSpyware.lnk

Trojan.AdwareSheriff
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\AdwareSheriff.lnk
C:\Documents and Settings\default\Desktop\AdwareSheriff.lnk
C:\Documents and Settings\default\Start Menu\asheriff.lnk

Trojan.RemedyAntiSpy
C:\Documents and Settings\default\Desktop\RemedyAntispy.lnk

Trojan.HitVirus
C:\Documents and Settings\default\Desktop\HitVirus.lnk

Trojan.Anti-Virus Pro
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Start Anti-Virus-Pro.lnk
C:\Documents and Settings\default\Desktop\Anti-Virus-Pro.lnk
C:\Documents and Settings\default\Desktop\Anti-Virus-Pro.pkg

Trojan.PSGuard
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\P.S.Guard spyware remover.lnk

Trojan.ADWareBazooka
C:\Documents and Settings\default\Desktop\ADWareBazooka.lnk

Trojan.RegiFast
C:\regifast.log
C:\RFManager.log
C:\RFSilentInstaller.log

Browser Hijacker.Favorites
C:\Documents and Settings\default\Favorites\Favorites\Cars.url
C:\Documents and Settings\default\Favorites\Favorites\Domain Names.url
C:\Documents and Settings\default\Favorites\Favorites\Finance.url
C:\Documents and Settings\default\Favorites\Favorites\Games.url
C:\Documents and Settings\default\Favorites\Favorites\Humor.url
C:\Documents and Settings\default\Favorites\Favorites\Movies.url
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies\Albums.url
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies\Artists.url
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies\AudioBooks.url
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies\Collections.url
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies\Mp3 Search.url
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies\New releases.url
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies\Ratings.url
C:\Documents and Settings\default\Favorites\Favorites\Music and Movies\Soundtracks.url
C:\Documents and Settings\default\Favorites\Favorites\Online Pharmacy.url
C:\Documents and Settings\default\Favorites\Favorites\Sex Personals.url
C:\Documents and Settings\default\Favorites\Favorites\Sports.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\ADWare Bazooka.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\Adware Punisher.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\Adware Sheriff.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\HIT Virus.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\Raze Spyware.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\Reg Freeze.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\Remedy AntiSpy.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\SPY iBlock.url
C:\Documents and Settings\default\Favorites\Favorites\Spyware Removers\The Spy Guard Site.url
C:\Documents and Settings\default\Favorites\Favorites\Viagra.url
C:\Documents and Settings\default\Favorites\Favorites\Weather.url
C:\Documents and Settings\default\Favorites\Favorites\Web Hosting.url
C:\Documents and Settings\default\Favorites\Games\Carnival Casino.url
C:\Documents and Settings\default\Favorites\Games\Club Dice Casino.url
C:\Documents and Settings\default\Favorites\Games\New York Casino.url
C:\Documents and Settings\default\Favorites\Games\USA Casino.url
C:\Documents and Settings\default\Favorites\Games\You Bingo.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Aces & Faces.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Baccarat.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Black Jack.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Caribbean Poker.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Casino War.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Cinerama.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Craps.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Deuces Wild.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Diamond Valley.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Fruit Mania.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Gold Rally.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Jacks or Better.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Magic Slots.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Mega Jacks.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Pai Gow Poker.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Red Dog Poker.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Roulette.url
C:\Documents and Settings\default\Favorites\Games\Gambling\SafeCracer.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Sic Bo.url
C:\Documents and Settings\default\Favorites\Games\Gambling\Wall St. Fever.url
C:\Documents and Settings\default\Favorites\Games\Monaco Gold Casino.url
C:\Documents and Settings\default\Favorites\Travel\Adventure Travel.url
C:\Documents and Settings\default\Favorites\Travel\Air Travel.url
C:\Documents and Settings\default\Favorites\Travel\Business Travel.url
C:\Documents and Settings\default\Favorites\Travel\Discount Travel.url
C:\Documents and Settings\default\Favorites\Travel\Food.url
C:\Documents and Settings\default\Favorites\Travel\Hawaii Travel.url
C:\Documents and Settings\default\Favorites\Travel\Lodging.url
C:\Documents and Settings\default\Favorites\Travel\London Travel.url
C:\Documents and Settings\default\Favorites\Travel\Travel Agent.url
C:\Documents and Settings\default\Favorites\Travel\Travel Insurance.url
C:\Documents and Settings\default\Favorites\Travel\Travel package.url
C:\Documents and Settings\default\Favorites\Travel\Travel Reservation.url
C:\Documents and Settings\default\Favorites\Travel\Travel Spain.url
C:\Documents and Settings\default\Favorites\Travel\Travel Web site.url
C:\Documents and Settings\default\Favorites\Travel\Vacation Cruises.url
C:\Documents and Settings\default\Favorites\Travel\Vacations.url
C:\Documents and Settings\default\Favorites\Download Free Spyware Remover.url
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url
C:\Documents and Settings\default\Favorites\NEW VIAGRA at Half Price!.url
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url
C:\Documents and Settings\default\Favorites\Online Chat With Nude Girls.url
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url
C:\Documents and Settings\default\Favorites\Order CIALIS online without leaving home..url
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url
C:\Documents and Settings\default\Favorites\PC protection in under 2 minutes!.url
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url
C:\Documents and Settings\default\Favorites\SEX Dating - Real Girls For Real SEX.url
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url
C:\Documents and Settings\default\Favorites\Stop PopUps On Your Computer.url
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url
C:\Documents and Settings\default\Favorites\VIAGRA at incredible low price. Bonus Pills!.url
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url
C:\Documents and Settings\default\Favorites\View ADULT photos of REAL GIRLS!.url
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url
C:\Documents and Settings\default\Favorites\Dating\Adult Gay Personals.url
C:\Documents and Settings\default\Favorites\Dating\Adult Personals.url
C:\Documents and Settings\default\Favorites\Dating\Bondage Personals.url
C:\Documents and Settings\default\Favorites\Dating\Chinese Personals.url
C:\Documents and Settings\default\Favorites\Dating\Christian Personals.url
C:\Documents and Settings\default\Favorites\Dating\Dating & Marriage.url
C:\Documents and Settings\default\Favorites\Dating\Dating Gay Personals.url
C:\Documents and Settings\default\Favorites\Dating\Fillipina Personals.url
C:\Documents and Settings\default\Favorites\Dating\Find Sex Partner.url
C:\Documents and Settings\default\Favorites\Dating\French Personals.url
C:\Documents and Settings\default\Favorites\Dating\German Personals.url
C:\Documents and Settings\default\Favorites\Dating\Indian Personals.url
C:\Documents and Settings\default\Favorites\Dating\Italian Personals.url
C:\Documents and Settings\default\Favorites\Dating\Jewish Personals.url
C:\Documents and Settings\default\Favorites\Dating\Senior Personals.url
C:\Documents and Settings\default\Favorites\Dating\Sex Personals.url
C:\Documents and Settings\default\Favorites\Dating\Spanish & Portuguese.url

Adware.Elite Media
C:\WINDOWS\Downloaded Program Files\elite.inf
C:\WINDOWS\Downloaded Program Files\elite.ocx
C:\WINDOWS\elitemediagroup.ini
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe
C:\WINDOWS\em06y.ini

Trojan.Freeprod
C:\Documents and Settings\default\Desktop\freeprodtb.exe

Adware.IEPlugin
C:\Documents and Settings\default\Desktop\Desktop Toolbar
C:\WINDOWS\isp.ico
C:\WINDOWS\lu.dat

Trojan.RieMon
C:\WINDOWS\system32\unirimon.exe

Adware.BookedSpace
C:\WINDOWS\bsx32.ini
C:\WINDOWS\bs2.dll
C:\WINDOWS\bs3.dll
C:\WINDOWS\bsx5.dll
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\oo4.dll
C:\WINDOWS\system32\acd.dll
C:\WINDOWS\system32\anaamon.dll
C:\WINDOWS\system32\bs2.dll
C:\WINDOWS\system32\bs3.dll
C:\WINDOWS\system32\bsx5.dll
C:\WINDOWS\system32\bxsx5.dll
C:\WINDOWS\system32\bxxs5.dll
C:\WINDOWS\system32\oo4.dll
C:\WINDOWS\system32\rem00001.dll

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\default\Favorites\Antivirus Test Online.url
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url
C:\Documents and Settings\All Users\Desktop\Find And Fix Errors.lnk

Adware.IST/YourSiteBar
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\Downloaded Program Files\ysbactivex.inf

Adware.HotBar/WOWPapers (Low Risk)
C:\Documents and Settings\All Users\Desktop\Free PC Wallpapers.lnk

Adware.Casino Games (Golden Palace Casino)
\Best Casino. $200 signup bonus!.url
C:\Documents and Settings\default\Desktop\Best Casino. $200 signup bonus!.url
C:\Documents and Settings\default\Favorites\Best Casino. $200 signup bonus!.url

Trojan.BraveSentry
C:\Documents and Settings\default\Desktop\BraveSentry.lnk

Trojan.Spy-Shield/BON
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy-Shield v4.1.lnk
C:\Documents and Settings\default\Desktop\Spy-Shield v4.1.lnk

Adware.Best Offers Network
C:\WINDOWS\tboninst.cfg

Trojan.ZQuest
C:\WINDOWS\dh.ini

Adware.Mirar/NetNucleus
C:\WINDOWS\Downloaded Program Files\WinATS.inf
C:\WINDOWS\Downloaded Program Files\Winwcd.inf

Trojan.PKL/Malware
C:\WINDOWS\system32\bpkwb.dll
C:\WINDOWS\system32\johnwb.dll
C:\WINDOWS\system32\systemwb.dll

Adware.WebHancer
C:\WINDOWS\whAgent.inf
C:\WINDOWS\whInstaller.ini

Malware.SpywareQuake
C:\Documents and Settings\default\Desktop\SpywareQuake.lnk
C:\Documents and Settings\default\Start Menu\SpywareQuake 2.0.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk
\SpyQuake2.com.lnk
C:\Documents and Settings\default\Desktop\SpyQuake2.com.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuaked 2.4.lnk
\SpywareQuaked.lnk
C:\Documents and Settings\default\Desktop\SpywareQuaked.lnk
C:\Documents and Settings\default\Start Menu\SpywareQuaked 2.4.lnk

Adware.TrustInCash
C:\WINDOWS\system32\tisa.cnf

Adware.GloboLook
C:\WINDOWS\system32\Air Tickets.ico
C:\WINDOWS\system32\Big Tits.ico
C:\WINDOWS\system32\BlackJack.ico
C:\WINDOWS\system32\Britney Spears.ico
C:\WINDOWS\system32\Car Insurance.ico
C:\WINDOWS\system32\Cheap Cigarettes.ico
C:\WINDOWS\system32\Credit Card.ico
C:\WINDOWS\system32\Cruises.ico
C:\WINDOWS\system32\Currency Trading.ico
C:\WINDOWS\system32\Lesbian Sex.ico
C:\WINDOWS\system32\MP3.ico
C:\WINDOWS\system32\Online Betting.ico
C:\WINDOWS\system32\Online Gambling.ico
C:\WINDOWS\system32\Oral Sex.ico
C:\WINDOWS\system32\Party Poker.ico
C:\WINDOWS\system32\Pharmacy.ico
C:\WINDOWS\system32\Phentermine.ico
C:\WINDOWS\system32\Pornstars.ico
C:\WINDOWS\system32\Remove Spyware.ico
C:\WINDOWS\system32\Viagra.ico

Adware.ClickSpring/Yazzle
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx

Trojan.SysProtect
C:\Documents and Settings\default\Desktop\SysProtect.lnk

Trojan.CDSC63R
C:\WINDOWS\system32\cdscsix3.dll
C:\WINDOWS\system32\cdscsix3r.sys

Adware.Tesla Plus
C:\Program Files\secure32.html

Malware.SpyCut
C:\Documents and Settings\default\Desktop\SpyCut.lnk

Malware.Spyware Soft Stop
C:\Documents and Settings\default\Desktop\Spyware Soft Stop.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Soft Stop.lnk

Malware.SpywareSheriff
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareSheriff.lnk
\SpywareSheriff.lnk

Trojan.Hackarmy Variant
C:\WINDOWS\system32\MsnMsr.exe

Trojan.XptpMM
C:\WINDOWS\system32\fux87.ini

Malware.Spyware Vanisher
C:\WINDOWS\Spyware Vanisher Setup Log.txt
\Spyware Vanisher Free Scan.lnk
C:\Documents and Settings\default\Desktop\Spyware Vanisher Free Scan.lnk

Malware.Ultimate Defender
\Ultimate Defender.lnk
\Ultimate Defender.pkg
C:\Documents and Settings\default\Desktop\Ultimate Defender.lnk
C:\Documents and Settings\default\Desktop\Ultimate Defender.pkg

Adware.TV Media
C:\WINDOWS\Downloaded Program Files\APInstall_Tiny.dll

DIaler.Super-Adult
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Night Club - Foto Annunci Video - VM18.lnk
\Night Club - Foto Annunci Video - VM18.lnk
C:\Documents and Settings\default\Desktop\Night Club - Foto Annunci Video - VM18.lnk
C:\Documents and Settings\default\Start Menu\Programs\Night Club - Foto Annunci Video - VM18.lnk

Malware.SystemDoctor
\SystemDoctor 2006.lnk
C:\Documents and Settings\default\Desktop\SystemDoctor 2006.lnk
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe

Dialer.VacPro
C:\WINDOWS\Downloaded Program Files\int_ver34.INF
C:\WINDOWS\Downloaded Program Files\int_ver34.ocx

Malware.AlertSpy
\AlertSpy.lnk
C:\Documents and Settings\default\Desktop\AlertSpy.lnk

Malware.Trust Cleaner
\Trust Cleaner.lnk
C:\Documents and Settings\default\Desktop\Trust Cleaner.lnk

Adware.Desktop Hijacker
C:\Program Files\Google\nicobitop.html

Malware.GreatMemo
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\GreatMemo.lnk
\GreatMemo.lnk
C:\Documents and Settings\default\Desktop\GreatMemo.lnk
C:\Documents and Settings\default\Start Menu\Programs\Startup\GreatMemo.lnk

Malware.TitanShield
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\TitanShield Antispyware.lnk
\TitanShield Antispyware.lnk
C:\Documents and Settings\default\Desktop\TitanShield Antispyware.lnk

Malware.RegFreeze
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\RegFreeze.lnk
\RegFreeze.lnk
C:\Documents and Settings\default\Start Menu\Programs\Startup\RegFreeze.lnk

Malware.Adware Finder
\AdwareFinder.lnk
C:\Documents and Settings\default\Desktop\AdwareFinder.lnk

Malware.SpyHeal
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyHeal 2.1.lnk
C:\Documents and Settings\default\Desktop\SpyHeal.lnk
C:\Documents and Settings\default\Start Menu\SpyHeal 2.1.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy-Heal 2.1.lnk
C:\Documents and Settings\default\Desktop\Spy-Heal.lnk
C:\Documents and Settings\default\Start Menu\Spy-Heal 2.1.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyHealer 2.2.lnk
\SpyHealer.lnk
C:\Documents and Settings\default\Start Menu\SpyHealer 2.2.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyHeals 2.3.lnk
\SpyHeals.lnk
C:\Documents and Settings\default\Desktop\SpyHeals.lnk
C:\Documents and Settings\default\Start Menu\SpyHeals 2.3.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyHeal 2.7.lnk
\SpyHeal 2.7.lnk
C:\Documents and Settings\default\Desktop\SpyHeal 2.7.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyHeal 3.5.lnk
\SpyHeal 3.5.lnk
C:\Documents and Settings\default\Desktop\SpyHeal 3.5.lnk
C:\Documents and Settings\default\Start Menu\SpyHeal 3.5.lnk

Trojan.DollarRevenue
C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard1.dat

Spyware.IEToolbar
C:\Program Files\IEToolbar\inst.bat
C:\Program Files\IEToolbar\searchbarus.dll
C:\Program Files\IEToolbar\searchbarus.inf

Malware.AntiVirusGolden
\AntivirusGolden.lnk
C:\Documents and Settings\default\Desktop\AntivirusGolden.lnk
C:\Documents and Settings\default\Start Menu\AntivirusGolden 3.3.lnk
\AntiviralGolden.lnk
C:\Documents and Settings\default\Desktop\AntiviralGolden.lnk
C:\Documents and Settings\default\Start Menu\AntiviralGolden 3.5.lnk
\AntivirusGolden 4.0.lnk
C:\Documents and Settings\default\Desktop\AntivirusGolden 4.0.lnk
C:\Documents and Settings\default\Start Menu\AntivirusGolden 4.0.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusGold 4.4.lnk
\AntivirusGold 4.4.lnk
C:\Documents and Settings\default\Desktop\AntivirusGold 4.4.lnk
C:\Documents and Settings\default\Start Menu\AntivirusGold 4.4.lnk

Malware.VirusBlast
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBlast v5.0.lnk
\VirusBlast v5.0.lnk
C:\Documents and Settings\default\Desktop\VirusBlast v5.0.lnk
C:\Documents and Settings\default\Start Menu\VirusBlast v5.0.lnk

Trojan.Media-Codec
\PornMag Pass.lnk
C:\Documents and Settings\default\Desktop\PornMag Pass.lnk
\X Password Generator.lnk
C:\Documents and Settings\default\Desktop\X Password Generator.lnk
\PornPass Manager.lnk
C:\Documents and Settings\default\Desktop\PornPass Manager.lnk
\Key Generator.lnk
C:\Documents and Settings\default\Desktop\Key Generator.lnk
C:\Documents and Settings\default\Favorites\Online Security Test.url

Trojan.ErrorSafe
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorSafe\ErrorSafe on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorSafe\Uninstall ErrorSafe.lnk

Malware.Antispyware Soldier
\Antispyware Soldier.lnk
C:\Documents and Settings\default\Start Menu\Programs\Startup\antispysoldier.lnk

Trojan.StoneDrv
C:\WINDOWS\system32\inistone.ini

Malware.VirusBurst
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBurst 6.1.lnk
\VirusBurst.lnk
C:\Documents and Settings\default\Desktop\VirusBurst.lnk
C:\Documents and Settings\default\Start Menu\VirusBurst 6.1.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Burst 6.1.lnk
\Virus-Burst.lnk
C:\Documents and Settings\default\Desktop\Virus-Burst.lnk
C:\Documents and Settings\default\Start Menu\Virus-Burst 6.1.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBurster 6.2.lnk
\VirusBurster.lnk
C:\Documents and Settings\default\Desktop\VirusBurster.lnk
C:\Documents and Settings\default\Start Menu\VirusBurster 6.2.lnk

Malware.AdProtect
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Protect v6.3.lnk
\Ad-Protect v6.3.lnk
C:\Documents and Settings\default\Desktop\Ad-Protect v6.3.lnk
C:\Documents and Settings\default\Start Menu\Ad-Protect v6.3.lnk

Malware.DriveCleaner
\DriveCleaner 2006 Free.lnk
C:\Documents and Settings\default\Desktop\DriveCleaner 2006 Free.lnk
C:\Program Files\Common Files\DriveCleaner Freeware
C:\Program Files\DriveCleaner Freeware
C:\Documents and Settings\default\Application Data\DriveCleaner Freeware
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner Freeware

Malware.VirusRescue
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRescue v3.0.1.lnk
\VirusRescue v3.0.1.lnk
C:\Documents and Settings\default\Desktop\VirusRescue v3.0.1.lnk
C:\Documents and Settings\default\Start Menu\VirusRescue v3.0.1.lnk

Malware.RepairRegistryPro
\Repair Registry Pro.lnk
C:\Documents and Settings\default\Desktop\Repair Registry Pro.lnk

Unclassified.SpywareBot (Not A Threat)
\SpywareBot.lnk
C:\Documents and Settings\default\Desktop\SpywareBot.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareBot.lnk

Malware.PestCapture
\PestCapture.lnk
C:\Documents and Settings\default\Desktop\PestCapture.lnk

Malware.AntiVermins
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVermins 2.1.lnk
C:\Documents and Settings\default\Start Menu\AntiVermins 2.1.lnk
\AntiVermins.lnk
C:\Documents and Settings\default\Desktop\AntiVermins.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVermins 2.5.lnk
\AntiVermins 2.5.lnk
C:\Documents and Settings\default\Desktop\AntiVermins 2.5.lnk
C:\Documents and Settings\default\Start Menu\AntiVermins 2.5.lnk

Worm.Spam-Strato
C:\WINDOWS\msserrv32.dat
C:\WINDOWS\msserrv32.s
C:\WINDOWS\msserrv32.wax
C:\WINDOWS\msserrv32.z
C:\WINDOWS\msserv32.dat
C:\WINDOWS\msserv32.s
C:\WINDOWS\msserv32.wax
C:\WINDOWS\msserv32.z
C:\WINDOWS\mswiizz32.dat
C:\WINDOWS\mswiizz32.s
C:\WINDOWS\mswiizz32.wax
C:\WINDOWS\mswiizz32.z
C:\WINDOWS\mswiz32.dat
C:\WINDOWS\mswiz32.s
C:\WINDOWS\mswiz32.wax

Trojan.Bagle Variant
C:\WINDOWS\system32\winupd.exeopen
C:\WINDOWS\system32\winupd.exeopenopen
C:\WINDOWS\system32\winupd.exeopenopenopen

Malware.SpyiBlock
\SpyiBlock.lnk
C:\Documents and Settings\default\Desktop\SpyiBlock.lnk

Malware.BreakSpyware
\BreakSpyware.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Break Spyware.lnk

Malware.SpyMarshal
C:\Documents and Settings\default\Desktop\SpyMarshal.lnk

Malware.MrAntiSpy
C:\Documents and Settings\default\Desktop\MrAntispy.lnk
\MrAntispy.lnk

Malware.MalwareAlarm
\MalwareAlarm.lnk
C:\Documents and Settings\default\Desktop\MalwareAlarm.lnk

Malware.SpywareKnight
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareKnight.lnk
C:\Documents and Settings\default\Desktop\SpywareKnight.lnk

Malware.SpySoldier
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpySoldier.lnk
\SpySoldier.lnk
C:\Documents and Settings\default\Desktop\SpySoldier.lnk

Malware.ContraVirus
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\ContraVirus 2.0.lnk
C:\Documents and Settings\default\Desktop\ContraVirus 2.0.lnk
C:\Documents and Settings\default\Start Menu\ContraVirus 2.0.lnk

Trojan.Rustock/LZX32
C:\WINDOWS\system32:lzx32.sys

Trojan.Rustock/HUY32
C:\WINDOWS\system32:huy32.sys

Malware.SpyDawn
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyDawn 3.1.lnk
C:\Documents and Settings\default\Desktop\SpyDawn.lnk
C:\Documents and Settings\default\Start Menu\SpyDawn 3.1.lnk

Malware.SpyLocked
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk
\SpyLocked.lnk
C:\Documents and Settings\default\Start Menu\SpyLocked 3.1.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.2.lnk
\SpywareLocked.lnk
C:\Documents and Settings\default\Start Menu\SpywareLocked 3.2.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.3.lnk
\SpywareLocked 3.3.lnk
C:\Documents and Settings\default\Desktop\SpywareLocked 3.3.lnk
C:\Documents and Settings\default\Start Menu\SpywareLocked 3.3.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.4.lnk
\SpywareLocked 3.4.lnk
C:\Documents and Settings\default\Desktop\SpywareLocked 3.4.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.5.lnk
\SpywareLocked 3.5.lnk
C:\Documents and Settings\default\Desktop\SpywareLocked 3.5.lnk
C:\Documents and Settings\default\Start Menu\SpywareLocked 3.5.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.6.lnk
\SpyLocked 3.6.lnk
C:\Documents and Settings\default\Desktop\SpyLocked 3.6.lnk
C:\Documents and Settings\default\Start Menu\SpyLocked 3.6.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.7.lnk
\SpyLocked 3.7.lnk
C:\Documents and Settings\default\Desktop\SpyLocked 3.7.lnk
C:\Documents and Settings\default\Start Menu\SpyLocked 3.7.lnk

Malware.MalwareStopper
\MalwareStopper.lnk

Dialer.InfoDialer
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\e1xplorer.lnk
\e1xplorer.lnk
C:\Documents and Settings\default\Desktop\e1xplorer.lnk
C:\Documents and Settings\default\Favorites\e1xplorer.lnk
C:\Documents and Settings\Default\My Documents\e1xplorer.lnk
C:\Documents and Settings\default\Start Menu\Programs\e1xplorer.lnk
C:\Documents and Settings\default\Start Menu\e1xplorer.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\exsplorer.lnk
\exsplorer.lnk
C:\Documents and Settings\default\Desktop\exsplorer.lnk
C:\Documents and Settings\default\Favorites\exsplorer.lnk
C:\Documents and Settings\Default\My Documents\exsplorer.lnk
C:\Documents and Settings\default\Start Menu\Programs\exsplorer.lnk
C:\Documents and Settings\default\Start Menu\exsplorer.lnk

Malware.SpyAnalyst
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy Analyst.lnk
\SpyAnalyst.lnk
C:\Documents and Settings\default\Desktop\SpyAnalyst.lnk

Malware.SpyOfficer
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Spy Officer.lnk
\SpyOfficer.lnk
C:\Documents and Settings\default\Desktop\SpyOfficer.lnk

Malware.SpywareSoftStop
\SpywareSoftStop.lnk
C:\Documents and Settings\default\Desktop\SpywareSoftStop.lnk

Malware.DrAntiSpy
\DrAntispy.lnk
C:\Documents and Settings\default\Desktop\DrAntispy.lnk

Malware.Ultimate Fixer
C:\Documents and Settings\default\Desktop\UltimateFixer 2007.lnk

Malware.VirusLocker
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusLocker 3.1.lnk
\VirusLocker.lnk
C:\Documents and Settings\default\Desktop\VirusLocker.lnk
C:\Documents and Settings\default\Start Menu\VirusLocker 3.1.lnk

Malware.SpyCrush
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyCrush 3.2.lnk
\SpyCrush 3.2.lnk
C:\Documents and Settings\default\Desktop\SpyCrush 3.2.lnk
C:\Documents and Settings\default\Start Menu\SpyCrush 3.2.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyCrush 3.3.lnk
\SpyCrush 3.3.lnk
C:\Documents and Settings\default\Desktop\SpyCrush 3.3.lnk
C:\Documents and Settings\default\Start Menu\SpyCrush 3.3.lnk

Unclassified.System Live Protect
C:\Documents and Settings\default\Desktop\System Live Protect.lnk

Malware.Spyware Sweeper
\Spyware Sweeper.lnk
C:\Documents and Settings\default\Desktop\Spyware Sweeper.lnk

Malware.VirusHeal
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeal 3.7.lnk
\VirusHeal 3.7.lnk
C:\Documents and Settings\default\Desktop\VirusHeal 3.7.lnk
C:\Documents and Settings\default\Start Menu\VirusHeal 3.7.lnk

Malware.VirusProtectPro
\VirusProtectPro 3.3.lnk
C:\Documents and Settings\default\Desktop\VirusProtectPro 3.3.lnk
C:\Documents and Settings\default\Start Menu\VirusProtectPro 3.3.lnk

Desktop Hijacker.AboutYourPrivacy
\Error Cleaner.url
\Privacy Protector.url
\Spyware&Malware Protection.url
C:\Documents and Settings\default\Desktop\Error Cleaner.url
C:\Documents and Settings\default\Desktop\Privacy Protector.url
C:\Documents and Settings\default\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\default\Favorites\Error Cleaner.url
C:\Documents and Settings\default\Favorites\Privacy Protector.url
C:\Documents and Settings\default\Favorites\Spyware&Malware Protection.url

Keylogger.Actual Spy
C:\WINDOWS\system\actualspystart.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\Actual Spy.lnk
\ActualSpy.lnk
C:\Documents and Settings\default\Desktop\ActualSpy.lnk

Malware.VirusRanger
C:\Documents and Settings\default\Start Menu\VirusRanger v3.1.0.lnk

Malware.SpyShredder
\SpyShredder.lnk
C:\Documents and Settings\default\Desktop\SpyShredder.lnk

Malware.Ultimate Cleaner
C:\Documents and Settings\All Users\Start Menu\Programs\UltimateCleaner 2007\Uninstall UltimateCleaner 2007.lnk

Malware.MalwareBurn
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareBurn 7.1.lnk
\MalwareBurn 7.1.lnk
C:\Documents and Settings\default\Desktop\MalwareBurn 7.1.lnk
C:\Documents and Settings\default\Start Menu\MalwareBurn 7.1.lnk

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\Documents and Settings\All Users\Start Menu\Programs\BestsellerAntivirus\BestsellerAntivirus.lnk
C:\Documents and Settings\All Users\Desktop\BestsellerAntivirus.lnk
\Install AVSystemCare .lnk
C:\Documents and Settings\default\Desktop\Install AVSystemCare .lnk

Malware.LocusSoftware Inc/ErrClean
\ErrClean.lnk
C:\Documents and Settings\default\Desktop\ErrClean.lnk

Rogue.XP AntiVirus
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\XPAntivirus.lnk
\XPAntivirus.lnk
C:\Documents and Settings\default\Desktop\XPAntivirus.lnk
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk
\XP Antivirus 2008.lnk
C:\Documents and Settings\default\Desktop\XP Antivirus 2008.lnk

Rogue.WinPerformance
C:\Documents and Settings\All Users\Start Menu\Programs\WinPerformance.lnk
\WinPerformance.lnk
C:\Documents and Settings\default\Desktop\WinPerformance.lnk

Rogue.VirusRay
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRay 3.8.lnk
\VirusRay 3.8.lnk
C:\Documents and Settings\default\Desktop\VirusRay 3.8.lnk
C:\Documents and Settings\default\Start Menu\VirusRay 3.8.lnk

Rogue.AdvancedCleaner
\AdvancedCleaner Free.lnk
C:\Documents and Settings\default\Desktop\AdvancedCleaner Free.lnk

Rogue.AntiSpyStorm
C:\Documents and Settings\All Users\Desktop\AntispyStorm.lnk

Rogue.AntiSpyGuard
C:\Documents and Settings\All Users\Start Menu\AntiSpyGuard 2007.lnk
C:\Documents and Settings\All Users\Desktop\AntiSpyGuard 2007.lnk

Rogue.IEDefender
\IE Defender 2.2.lnk
C:\Documents and Settings\default\Desktop\IE Defender 2.2.lnk
C:\Documents and Settings\default\Start Menu\Programs\IE Defender 2.2.lnk

Malware.VirusProtect
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtect 3.8.lnk
C:\Documents and Settings\default\Desktop\VirusProtect 3.8.lnk
C:\Documents and Settings\default\Start Menu\VirusProtect 3.8.lnk

Rogue.AntiSpywareShield
\AntiSpywareShield.lnk
C:\Documents and Settings\default\Desktop\AntiSpywareShield.lnk

Rogue.WinXDefender
\WinXDefender.lnk
C:\Documents and Settings\default\Desktop\WinXDefender.lnk

Rogue.SunshineSpy
\Sunshine Spy.lnk
C:\Documents and Settings\default\Desktop\Sunshine Spy.lnk
C:\Documents and Settings\default\Start Menu\Programs\Startup\Sunshine.lnk

Malware.LocusSoftware Inc/ConfidentSurf
\ConfidentSurf unregistered.lnk
C:\Documents and Settings\default\Desktop\ConfidentSurf unregistered.lnk

Rogue.DrProtection
\DrProtection.lnk
C:\Documents and Settings\default\Desktop\DrProtection.lnk

Rogue.OnlineGuard
\OnlineGuard.lnk
C:\Documents and Settings\default\Desktop\OnlineGuard.lnk

Rogue.LiveAntiSpy
\LiveAntispy.lnk
C:\Documents and Settings\default\Desktop\LiveAntispy.lnk

Rogue.GuardCenter
\GuardCenter.lnk
C:\Documents and Settings\default\Desktop\GuardCenter.lnk

Rogue.WinSpyKiller
\WinSpyKiller.lnk

Malware.MalwareCrush
C:\Documents and Settings\default\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareCrush 3.7.lnk
\MalwareCrush.lnk
C:\Documents and Settings\default\Desktop\MalwareCrush.lnk
C:\Documents and Settings\default\Start Menu\MalwareCrush 3.7.lnk

Adware.Unclassified/Spruce
C:\Documents and Settings\default\Start Menu\Programs\Startup\Spruce - Auto Update.lnk

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\swenumm.sys

Rogue.Installer/Trace
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico

Rogue.Files-Secure
C:\Documents and Settings\default\Start Menu\Programs\Files Secu

Attached Files

HIJACKTHIS_LOG.doc 187KB 248 downloads

Edited by indngvr, 04 June 2008 - 02:46 PM.

#2
fenzodahl512

Posted 06 June 2008 - 11:16 AM

Malware Removal
9,863 posts

Hello indngvr, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

NEXT

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
Please let your firewall allow the scanning/downloading process.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator

Please post the following logs in your next reply... Please post each log in separate post..

1. SmitfraudFix
2. Deckard System Scanner (both main.txt and extra.txt

Regards
fenzodahl512

#3
indngvr

Posted 06 June 2008 - 10:34 PM

Member

Topic Starter
Member
10 posts

SmitfraudFix Log:

SmitFraudFix v2.323

Scan done at 0:09:08.15, Sat 06/07/2008
Run from C:\Documents and Settings\Default\My Documents\b) Downloads\Recent Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Default\My Documents\b) Downloads\Recent Downloads\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Default

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Default\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Default\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link DWL-120 Wireless USB Adapter #3 - Packet Scheduler Miniport
DNS Server Search Order: 68.238.0.12
DNS Server Search Order: 68.238.112.12

Description: D-Link DWL-120 Wireless USB Adapter #3 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

Description: D-Link DWL-120 Wireless USB Adapter #3 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D519268-98EC-4DDF-81CD-EDD6BB752CE6}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5212B519-875B-43BD-912D-6B7FFCCA9F84}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5E299E61-49BB-480B-B661-192255011450}: DhcpNameServer=68.238.0.12 68.238.112.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FF4FBBA1-4F4E-4B7E-838D-8F9BE053152C}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3D519268-98EC-4DDF-81CD-EDD6BB752CE6}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5212B519-875B-43BD-912D-6B7FFCCA9F84}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5E299E61-49BB-480B-B661-192255011450}: DhcpNameServer=68.238.0.12 68.238.112.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FF4FBBA1-4F4E-4B7E-838D-8F9BE053152C}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3D519268-98EC-4DDF-81CD-EDD6BB752CE6}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5212B519-875B-43BD-912D-6B7FFCCA9F84}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5E299E61-49BB-480B-B661-192255011450}: DhcpNameServer=68.238.0.12 68.238.112.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FF4FBBA1-4F4E-4B7E-838D-8F9BE053152C}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

#4
indngvr

Posted 06 June 2008 - 10:38 PM

Member

Topic Starter
Member
10 posts

DDS Main Log

Deckard's System Scanner v20071014.68
Run by Default on 2008-06-07 00:12:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
6: 2008-06-07 04:12:28 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-06-05 17:12:20 UTC - RP5 - System Checkpoint
4: 2008-06-04 14:04:36 UTC - RP4 - System Checkpoint
3: 2008-06-05 01:14:12 UTC - RP3 - Installed SUPERAntiSpyware Free Edition
2: 2008-06-05 00:52:26 UTC - RP2 - spyware

-- First Restore Point --
1: 2008-06-05 00:52:06 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Default.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13:25, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Default\My Documents\b) Downloads\Recent Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Default.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4456 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PzWDM - c:\windows\system32\drivers\pzwdm.sys <Not Verified; Prassi Technology; PzWDM>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R3 D-Link FVNETusb (AR)® (D-Link FVNETusb (AR)® Service for D-Link DWL-120 Wireless USB Adapter) - c:\windows\system32\drivers\vnetusbr.sys <Not Verified; ATMEL; 802.11b Compliant USB Wireless Network Adapter>

S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 LXCTCustomerConnect - c:\windows\system32\spool\drivers\w32x86\3\\lxctserv.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021019&REV_78\3&267A616A&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_01021019&REV_78\3&267A616A&0&90
Service: FET5X86V

-- Scheduled Tasks -------------------------------------------------------------

2008-06-06 09:49:01 346 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2008-06-02 20:40:47 580 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Default.job

-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-05 07:16:26 1262956 -----n--- C:\WINDOWS\system32\XMNT2001.EXE
2008-06-05 07:16:26 3252 -----n--- C:\WINDOWS\system32\drivers\PQNTDRV.SYS
2008-06-05 07:16:09 0 d-------- C:\Program Files\PowerQuest
2008-06-04 21:14:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-04 21:14:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-04 21:14:13 0 d-------- C:\Documents and Settings\default\Application Data\SUPERAntiSpyware.com
2008-06-04 21:13:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 21:00:46 0 d-------- C:\Documents and Settings\default\Application Data\Malwarebytes
2008-06-04 21:00:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 21:00:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 20:36:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-04 20:23:29 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-04 15:17:31 0 d-------- C:\Program Files\Panda Security
2008-06-04 14:54:26 0 d-------- C:\Program Files\Trend Micro
2008-06-03 04:52:35 15172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys <Not Verified; Prassi Technology; PzWDM>
2008-06-03 04:52:30 413696 --a------ C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-06-03 04:52:30 114688 --a------ C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-06-03 04:52:30 91923 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-06-03 04:52:30 27965 --a------ C:\WINDOWS\system32\EPPICPresetData_JP.dat
2008-06-03 04:52:30 76956 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-06-03 04:52:30 39121 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-06-03 04:52:30 65536 --a------ C:\WINDOWS\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-06-03 04:51:13 0 d-------- C:\Program Files\HOTALBUMMyBOX
2008-06-02 10:49:22 0 d-------- C:\Documents and Settings\default\Application Data\Apple Computer
2008-06-02 10:36:40 0 d-------- C:\Program Files\QuickTime
2008-06-02 10:36:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-02 10:36:24 0 d-------- C:\Program Files\Apple Software Update
2008-06-02 10:36:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-02 05:29:48 0 d-------- C:\Documents and Settings\default\Application Data\AVS4YOU
2008-06-02 05:29:44 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-06-02 05:28:44 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-06-02 05:28:24 0 d-------- C:\Program Files\AVS4YOU
2008-05-31 09:55:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-31 09:52:04 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-29 14:11:49 0 d-------- C:\Program Files\Realtek AC97
2008-05-24 17:06:38 0 d-------- C:\Program Files\SpeedFan
2008-05-24 16:47:46 0 d-------- C:\WINDOWS\Prefetch
2008-05-24 13:21:30 0 d-------- C:\WINDOWS\system32\scripting
2008-05-24 13:21:29 0 d-------- C:\WINDOWS\l2schemas
2008-05-24 13:21:28 0 d-------- C:\WINDOWS\system32\en
2008-05-24 13:21:27 0 d-------- C:\WINDOWS\system32\bits
2008-05-07 15:07:52 0 d-------- C:\Documents and Settings\default\Application Data\Google
2008-05-07 15:05:20 0 d-------- C:\Program Files\Google

-- Find3M Report ---------------------------------------------------------------

2008-06-07 00:15:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-07 00:09:13 1596 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-05 07:16:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 06:32:38 0 d-------- C:\Documents and Settings\Default\Application Data\AdobeUM
2008-06-04 21:13:56 0 d-------- C:\Program Files\Common Files
2008-06-04 21:00:16 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-04 05:04:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-03 04:52:35 0 d-------- C:\Program Files\CASIO
2008-06-01 21:04:56 0 d-------- C:\Documents and Settings\Default\Application Data\Identities
2008-05-31 07:25:44 0 d-------- C:\Program Files\DVD Shrink <DVDSHR~1>
2008-05-31 07:25:38 0 d-------- C:\Program Files\Elaborate Bytes
2008-05-31 05:20:35 0 d-------- C:\Program Files\Symantec
2008-05-29 14:11:58 0 d-------- C:\Program Files\AvRack
2008-05-24 13:22:21 0 d-------- C:\Program Files\Messenger
2008-05-24 13:21:27 0 d-------- C:\Program Files\Movie Maker
2008-05-24 13:16:28 0 d-------- C:\Program Files\Windows NT
2008-05-20 22:09:48 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-04 15:03:57 0 d-------- C:\Documents and Settings\Default\Application Data\Adobe
2008-04-10 05:49:20 0 d-------- C:\Program Files\MSECache

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 16:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [09/12/2007 19:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/04/2008 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/04/2008 13:55 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link Air Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link Air Utility.lnk
backup=C:\WINDOWS\pss\D-Link Air Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Default^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\Default\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegKillElbyCheck]
"C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegKillTray]
"C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead Movie Wizard 3.2 SE VCD\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LXCTCustomerConnect"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-06-07 00:17:06 ------------

#5
indngvr

Posted 06 June 2008 - 10:40 PM

Member

Topic Starter
Member
10 posts

DDS Extra Log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 991.3 MiB / 646.26 MiB
Pagefile Memory (total/avail): 2389.77 MiB / 2091.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1873.03 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.05 GiB total, 128.29 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST316081 2AS SCSI Disk Device - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE1 - HP photosmart 7900 USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Default\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOMEOFFICE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Default
LOGONSERVER=\\HOMEOFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Default\LOCALS~1\Temp
TMP=C:\DOCUME~1\Default\LOCALS~1\Temp
USERDOMAIN=HOMEOFFICE
USERNAME=Default
USERPROFILE=C:\Documents and Settings\Default
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Default (admin)
Administrator (admin)
kristie
MIKE (admin)
Danny (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ahead Nero Express --> C:\WINDOWS\UNNERO.exe /UNINSTALL
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HOT ALBUM MYBOX --> C:\Program Files\HOTALBUMMyBOX\VUninst.exe /a
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Software Update --> MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
palmOne --> MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}
Photo Transport --> MsiExec.exe /X{63CFD835-FF50-4F8B-91CD-5662A8C640F8}
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninst
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ulead Burn.Now --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A99FBC32-DE3C-450D-A2C7-A39BCF08F04F}\setup.exe" -l0x9
Ulead DVD MovieFactory 2 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\Setup.exe" -l0x9
Ulead DVD PictureShow 2 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9212616-FCA2-4173-BD99-5C741EB3A068}\setup.exe" -l0x9
Ulead DVD Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DAFB84-2421-488F-B17D-102FF53396AA}\setup.exe" -l0x9
Ulead Movie Wizard 3.2 SE VCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}\Setup.exe" -l0x9
Ulead VideoStudio 7 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
VERITAS RecordNow DX --> MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0331 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type8099 / Error
Event Submitted/Written: 06/04/2008 08:41:13 PM
Event ID/Source: 0 / pctsSvc.exe
Event Description:
The service process could not connect to the service controller

Event Record #/Type8061 / Warning
Event Submitted/Written: 06/04/2008 02:14:44 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Event Record #/Type8012 / Warning
Event Submitted/Written: 06/04/2008 05:38:05 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type8010 / Error
Event Submitted/Written: 06/04/2008 05:04:24 AM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Adobe Reader 8.1.2 -- Internal Error 2350.

Event Record #/Type8009 / Error
Event Submitted/Written: 06/04/2008 05:04:23 AM
Event ID/Source: 11335 / MsiInstaller
Event Description:
Product: Adobe Reader 8.1.2 -- Error 1335.The cabinet file 'Data1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type36040 / Warning
Event Submitted/Written: 06/06/2008 11:50:04 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00055D761374. The IP address being used is 169.254.94.140.

Event Record #/Type36037 / Warning
Event Submitted/Written: 06/06/2008 11:46:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00055D761374. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type35980 / Warning
Event Submitted/Written: 06/06/2008 08:29:16 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00055D761374. The IP address being used is 169.254.94.140.

Event Record #/Type35979 / Warning
Event Submitted/Written: 06/06/2008 08:29:15 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{FF4FBBA1-4F4E-4B7E-838D-8F9BE053152C}.

Event Record #/Type35978 / Warning
Event Submitted/Written: 06/06/2008 08:29:07 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00055D761374. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

-- End of Deckard's System Scanner: finished at 2008-06-07 00:17:06 ------------

Thank you for your reply, sorry I worked so ate this evening ................. just got home and appreciate your help

J. galloway

#6
fenzodahl512

Posted 07 June 2008 - 01:48 AM

Malware Removal
9,863 posts

Hello, thanks for the reply.. Please do the following..

Please download DAFT and save it to your desktop:

Double-click the daft.exe icon.
Click on the Scan button.
Select everything it is displaying there
Click the Fix button.
Then rescan with DAFT again - it should say now that "All associations are OK"
Close DAFT if you receive that message. This means that it is fixed now.

NEXT

Lets run F-Secure online scan for Viruses, Spyware and RootKits:

Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

When the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:
This scan will only work with Internet Explorer
You must have administrator rights to run this scan
This scan can take several hours, so please be patient

Please post the following in your next reply..

1. F-Secure Online result
2. A fresh Deckard System Scanner (after F-Secure step)
3. Tell me about your computer condition..

Regards
fenzodahl512

#7
indngvr

Posted 07 June 2008 - 07:51 AM

Member

Topic Starter
Member
10 posts

F Secure Log

Scanning Report
Saturday, June 07, 2008 07:51:03 - 09:45:43
Computer name: HOMEOFFICE
Scanning type: Scan system for malware, rootkits
Target: C:\

--------------------------------------------------------------------------------

Result: 3 malware found
AdWare.Win32.Dap (spyware)
System
RiskTool.Win32.Reboot (spyware)
System
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 51037
System: 4419
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 3
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1D70B1A6-39C3-4E04-8080-67B5CD940920}.BIN
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-06-06
F-Secure AVP: 7.0.171, 2008-06-06
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#8
indngvr

Posted 07 June 2008 - 07:54 AM

Member

Topic Starter
Member
10 posts

Fresh DAFT log after F-Secure Scan

DAFT Log saved on 2008-06-07 09:52:03
-----------------------------------------------------------------------
All associations okay!

#9
indngvr

Posted 07 June 2008 - 08:08 AM

Member

Topic Starter
Member
10 posts

Computer Description

Hello,

Well actually, many of my "seen" problems disappeared after running the "geeks" first 2 "before submitting" suggestions. My desktop and screensaver were returbed to normal. And the "Bug Screensaver" was no longer an option under screensaver options dropdown.

However, I ran the last suggestion (PandaVision), it was still reporting problems I could not determine. So I decided to post anyway to get an expert opinion on what may still be running behind the scenes.

Thanks again for your help

PS / Do you know why I can no longer see my post in the main forum list ?? / it was posted on June 4th at 4:37 pm and it's gone now ??

Edited by indngvr, 07 June 2008 - 08:11 AM.

#10
fenzodahl512

Posted 07 June 2008 - 10:20 AM

Malware Removal
9,863 posts

No wonder your logs look clean to my eyes.. About your topic, I really don't know. Do you make multiple topics? If that so, that's why it was removed..

Lets run another scan just to be 100% sure..

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Regards
fenzodahl512

#11
indngvr

Posted 07 June 2008 - 11:38 AM

Member

Topic Starter
Member
10 posts

Hello Again,

If I posted in multiple forums, thus causing myself to be removed, it was unintentional. I know we are not supposed to by reading other posts.

I appreciate your staying with me to the end and I apologize for not telling you about the previous scans and results. I thought you would be able to tell from the log postings. I am new to the log-post type of forum and hope I didn't waste your time with this.

Here is the Kaspersky WebScanner log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, June 07, 2008 13:35:50
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/06/2008
Kaspersky Anti-Virus database records: 837393
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 63987
Number of viruses found: 2
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 00:50:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-06-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\DD1E6669.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\default\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\default\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\History\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temp\Perflib_Perfdata_26c.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\default\My Documents\b) Downloads\Recent Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\default\My Documents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\default\My Documents\SmitfraudFix\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\default\My Documents\SmitfraudFix\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\default\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\default\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{12B891FA-1ED1-4F21-AE07-1BF22CD25988}\RP6\A0001308.exe/WISE0021.BIN/dapiebar.dll Infected: not-a-virus:AdWare.Win32.Dap.g skipped
C:\System Volume Information\_restore{12B891FA-1ED1-4F21-AE07-1BF22CD25988}\RP6\A0001308.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Dap.g skipped
C:\System Volume Information\_restore{12B891FA-1ED1-4F21-AE07-1BF22CD25988}\RP6\A0001308.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{12B891FA-1ED1-4F21-AE07-1BF22CD25988}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#12
fenzodahl512

Posted 07 June 2008 - 12:33 PM

Malware Removal
9,863 posts

Ok, your log is clean to my eyes..

Please download OTCleanIt and save it to Desktop.

Double-click OTCleanIt.exe
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

NEXT

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NEXT

Please Install/Update Sun Java

Updating Java:

Go to Start --> Control Panel --> Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it:
Select it and click Remove. This will uninstall the previous (outdated) version of Java.
Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6

NEXT

Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK. This will flush your old System Restore.
Then please UNCHECK the Turn off System Restore.
Click again on Apply, and then click OK. This will create a new Restore Point

System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore

NEXT

I noticed that you already have:
1. Norton Internet Security consisting of your antivirus and firewall
2. MalwareBytes' Anti-Malware as your antispyware..

Lastly, to keep your operating system up to date please visit the link below monthly

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512

Edited by fenzodahl512, 07 June 2008 - 12:34 PM.

#13
indngvr

Posted 08 June 2008 - 09:34 AM

Member

Topic Starter
Member
10 posts

Hello again,

I'm just curious as to why Kaspersky WebScanner found problems, in your last post, that I did not correct, and the log still looks good to you. Are those normal items that just report as problems? Oh well, you're the expert ......... not me. As to your final suggestions:

OTCleanIt / done!

ATF Cleaner / done!

Updating Java / done!

Reset and Re-enable your System Restore / done!

Microsoft Windows Update / done!

The machine appears on the surface to be running fine. I reset my norton software to alert me and ask what to do on all traffic so I can monitor all inbound and outbound and reset all the "allow always" connections.

Thank you for your valuable time and I will be more careful in the future

j. galloway

#14
fenzodahl512

Posted 08 June 2008 - 02:25 PM

Malware Removal
9,863 posts

I'm just curious as to why Kaspersky WebScanner found problems, in your last post, that I did not correct, and the log still looks good to you. Are those normal items that just report as problems?

Its okay.. To answer your question, Kasperksy Online only find those files at System Restore and false positive from SmitfraudFix that has been used in this computer before.. That's all..

Anymore questions?

#15
indngvr

Posted 08 June 2008 - 03:58 PM

Member

Topic Starter
Member
10 posts

no more questions ............. just some info,

You're not going to believe this on !!! After all you went thru to help me. I had decided to make a back up partition on my hard-drive just in case something like this happened again I would be more prepared. I had an old version of Partition Magic (7.0) it installed fine and appeared to be working fine I asked it to create a 50 gb partition at the end of the drive. It showed the before and after shots and all appeared to be fine. It asked for a reboot to complete all requests. Upon reboot, it started performing the requested tasks. It got to step 1 of 3. It got to 10% 0verall and 31% of the 1st task and then it just hung there. I waited almost an hour with no changes. I waited another hour .......... still nothing. it was obviously and hopelessly hung.
I begrudgingly hit the restart button. Well when it rebooted, it posted fine, then showed the xp spalsh for a brief second and then BSOD !! Fatal error 0x00000024 I went to my other machine and found this to be a file system error.
No matter what I tried .......... nothing !! no safe mode, no recovery console, no "last known", no nothing. Just the same error over and over. I tried to do a repair from my xp disk and it could not see any previous installs of xp to repair. The file system on the disk was "unknown" Obviously Partition Magic did enough to screw up the file system before it hung. As there was nothing i had important enough to spend $$ on to recover, the only option I saw was to reformat and reinstall. I was out of blank cd's so i never even got my stuff backed up before I pulled the blunder.
Anyway, If I had known I was gonna do that, I could have saved you the trouble and reformatted upon infection. Live and learn I guess. I'll use Disk Management to create a new backup partition when i'm up again. I had forgotten about that utility.

Thanks so much for your time !!

J. Galloway

Edited by indngvr, 08 June 2008 - 04:00 PM.