Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow Computer


  • This topic is locked This topic is locked
15 replies to this topic

#1 Rancher

Rancher

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 06 March 2007 - 09:51 PM

My computer has slowed down to the point that it is not usable at times. I have Norton installed, but I sometimes think it may be part of the problem. I've run Spybot and Ad-Aware trying to find the problem, they come up empty. On start-up, I looked at the test manager and found about 40 processes running, but I don't really know which one's I really need.
A friend of mine suggested that I try HijackThis. So here I am.
Sorry. I forgot to paste the log files.

Logfile of HijackThis v1.99.1
Scan saved at 6:30:29 PM, on 3/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Palm\Hotsync.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103919016062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161366234984
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

StartupList report, 3/5/2007, 12:57:01 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Palm\Hotsync.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Brian\Start Menu\Programs\Startup]
Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
HotSync Manager.lnk = C:\Palm\Hotsync.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UpdReg = C:\WINDOWS\Updreg.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
DIAGENT = C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
AHQInit = C:\Program Files\Creative\SBLive\Program\AHQInit.exe
Logitech Utility = Logi_MwX.Exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
Norton Internet Security 2006 - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Run Full System Scan - Brian.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/wmv9dmo.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1103919016062

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1161366234984

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Internet Security Password Validation: "C:\Program Files\Norton Internet Security\ccPwdSvc.exe" (manual start)
Symantec Network Proxy: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM Host: "C:\Program Files\Norton Internet Security\comHost.exe" (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.EXE (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative SBLive! Gameport: System32\DRIVERS\ctljystk.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver: System32\DRIVERS\DM9PCI5.SYS (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
MS IEEE-1284.4 Driver: System32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Prt.sys (manual start)
Scan Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Scan.sys (manual start)
Dot4USB Filter Dot4USB Filter: System32\DRIVERS\dot4usb.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Creative SB Live! Value (WDM): system32\drivers\emu10k1f.sys (manual start)
Creative Interface Manager Driver (WDM): system32\drivers\ctlface.sys (manual start)
EraserUtilRebootDrv: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HSFHWBS2: System32\DRIVERS\HSFBS2S2.sys (manual start)
HSF_DP: System32\DRIVERS\HSFDPSP2.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: System32\DRIVERS\L8042pr2.Sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070304.025\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070304.025\NavEx15.Sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Protection Center Service: "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv4: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (system)
Symantec AVScan: "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Creative SoundFont Manager Driver (WDM): system32\drivers\sfman.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
SpeakerPhone: System32\DRIVERS\HSF_SPKP.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{08C7C8CA-F643-483A-A61D-1192FB130C2C} (manual start)
Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (autostart)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070302.001\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSFCXTS2.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 36,186 bytes
Report generated in 0.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by Rancher, 06 March 2007 - 09:56 PM.

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 14 March 2007 - 10:48 AM

Rancher :D

Welcome to Tom Coyote . Sorry about the delay in responding but we are as most times just overwhelmed with logs.

I am not looking at anything seriously wrong with your log. Lets do a few things to clean up your system and then run a spyware scan to see if something is hiding and not showing up on your log.


If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
Download and Install CCleaner
* Click on Run Cleaner
* Run the Issues Scan < -- After it scans your system, when you click on the Fix button and it asks you to backup the Registry..Say Yes
Tutorial for CCleaner



Defrag your drive.

Go to Start> All Programs> Assessories > System Tools> Disk Defragmenter.
This is the Windows Disk Defragger, run this maybe once or twice a month to help speed up your system. The first time you run it, it may take awhile.


Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop.
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG and update the definition files.
  • On the main screen select the icon Update then select the Update now link.
  • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
  • Under Reports
  • Select Automatically generate report after every scan
  • Un-Select Only if threats were found
  • Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.
Boot your computer into Safemode
  • Go to Start> Shut Off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to SAFEMODE
  • Then press the Enter on your Keyboard
Tutorial if you need it How to boot into Safemode


IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process:
  • Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
  • If you have any infections you will prompted, then select Apply all actions
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
  • make sure to remember where you saved that file, this is important
  • Close AVG Anti-Spyware 7.5

Its important that I see the AVG log along with a New HJT log please.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 Rancher

Rancher

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 20 March 2007 - 08:48 PM

Ken, thanks for the help and sorry for the delay, I was fighting other fires. I've attached the AVG l& HJT logs below. I also used Spybot to stop a few things from starting automatically. I really don't think I need I-tunes stuff starting up with my computer everytime.

:)


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:15:40 PM 3/20/2007

+ Scan result:


C:\Documents and Settings\Brian\.jpi_cache\jar\1.0\archive.jar-2b8eda29-4a2958f1.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Brian\.jpi_cache\jar\1.0\archive.jar-39bff3cd-17147b32.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Brian\.jpi_cache\jar\1.0\archive.jar-592b8f09-4b939683.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Brian\.jpi_cache\jar\1.0\archive.jar-5c245dd0-25c96631.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Brian\.jpi_cache\jar\1.0\archive.jar-611e4869-687327dd.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 9:30:16 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Palm\Hotsync.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Camio Viewer 3.2.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103919016062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161366234984
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 21 March 2007 - 04:52 AM

Rancher :D

You can remove this one also, its just a reminder to register with Creative.

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

The rest of your log looks fine and AVG cleaned a few things that would not be part of your problem. I would like you to run two scans , one is to check for a Rootkit and the other is an online virus scanner. I need to see the reports from both scans.

Download and Save Blacklight to your desktop:
  • Double-click blbeta.exe
  • Then accept the agreement
  • Click > scan then > next
  • You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
  • Copy and paste this log in your next reply.
  • Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


You will need to run this with Internet Explorer.
Run Panda's ActiveScan from here and perform a full system scan.
  • Once you are on the Panda site click the "Scan your PC" button
  • A new window will open...click the big "Check Now" button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
  • If you are on a slow connection it will take about 15 minuites for the scanner to load.
  • Click on "Local Disks" to start the scan
  • Once scan is done, click "see report" then "save report"
  • Save the log someplace you can find
  • 12. Reboot
  • Post the Panda scan results in your next reply

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 Rancher

Rancher

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 21 March 2007 - 06:08 PM

Ken, thanks again. It doen't look like the Blacklight scan found anything, but the Active scan found some more stuff. Activescan log Incident Status Location Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Brian\.jpi_cache\jar\1.0\count3.jar-3d85b982-135333a7.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Brian\.jpi_cache\jar\1.0\count3.jar-4e527ec2-68df2328.zip[Dummy.class] Virus:Trj/Mitglieder.EV Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[price_09.zip][price.cpl] Virus:Trj/Mitglieder.EX Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[new__price.zip][price.exe] Virus:Trj/Mitglieder.FO Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[Info_prices.zip][5.exe] Virus:Trj/Mitglieder.GB Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[Leonard.zip][12.exe] Virus:W32/Nuwar.B.worm Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[postcard.exe] Virus:W32/Nuwar.B.worm Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[postcard.exe] Virus:Trj/Alanchum.OD Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[Full Video.exe] Virus:Trj/Alanchum.OD Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[Click Here.exe] Virus:Trj/Alanchum.OD Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[Full Video.exe] Virus:Trj/Alanchum.OD Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[Click Here.exe] Virus:W32/Nurech.A.worm Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3[Postcard.exe] Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[~0002414.~] Virus:Trj/Mitglieder.EV Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[price_09.zip][price.cpl] Virus:Trj/Mitglieder.EX Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[new__price.zip][price.exe] Virus:Trj/Mitglieder.FO Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[Info_prices.zip][5.exe] Virus:Trj/Mitglieder.GB Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[Leonard.zip][12.exe] Virus:W32/Nuwar.B.worm Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[postcard.exe] Virus:W32/Nuwar.B.worm Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[postcard.exe] Virus:Trj/Alanchum.OD Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[Full Video.exe] Virus:Trj/Alanchum.OD Disinfected C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Junk[Click Here.exe] Virus:W32/Nurech.A.worm Blacklight scan 03/21/07 17:03:13 [Info]: BlackLight Engine 1.0.55 initialized 03/21/07 17:03:13 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/21/07 17:03:13 [Note]: 7019 4 03/21/07 17:03:13 [Note]: 7005 0 03/21/07 17:03:24 [Note]: 7006 0 03/21/07 17:03:24 [Note]: 7011 1300 03/21/07 17:03:24 [Note]: 7026 0 03/21/07 17:03:25 [Note]: 7026 0 03/21/07 17:03:37 [Note]: FSRAW library version 1.7.1021 03/21/07 17:19:18 [Note]: 7007 0

#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 21 March 2007 - 06:51 PM

This was in your Panda log, use this program to remove it. Download and install Prevx and run the tool

Trojan.MitGlieder.GB
http://info.prevx.co...n.MitGlieder.GB


Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from Kaspersky Online Virus Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Post the log along with a New HJT Log into your next reply.


Let me see both logs please along with a new HJT log

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 Rancher

Rancher

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 22 March 2007 - 08:29 PM

Ken, I loaded and ran Prevx1, the 30 day trial version, but it did not find anything and says my status is "GOOD". Shouldn't it have found Trojan.MitGlieder.GB and gotten rid of it?

#8 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 March 2007 - 04:45 AM

That was just a precaution, that bad file was in your mail and it looks like Panda removed it. I just wanted to make sure it didn't spread . Let me see a new HJT log.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#9 Rancher

Rancher

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 23 March 2007 - 09:39 PM

Ken, here are the logs from Kaspersky and HijackThis. The Kaspersky log looks particularily scary. I'll post the startup log in another reply. All three logs add up to more than 103000 charecters. Thx ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, March 23, 2007 10:24:31 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 24/03/2007 Kaspersky Anti-Virus database records: 269112 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 47795 Number of viruses found: 36 Number of infected objects: 330 / 0 Number of suspicious objects: 4 Duration of the scan process: 01:18:34 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\002A3FBE.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\002A3FBE.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\002A3FBE.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\002A3FBE.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\002A3FBE.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\002A3FBE.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\002A3FBE.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\002D69BA.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\003013B6.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00D015C9.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B10E96.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\044C7589.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06134153.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\072245B3.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\093974C9.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC65D6E.tmp Infected: Email-Worm.Win32.Zhelatin.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0ACC5710.tmp Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DE03805.tmp Infected: Email-Worm.Win32.Zhelatin.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFF4304.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFF4304.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFF4304.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFF4304.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFF4304.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFF4304.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFF4304.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\115B619E.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\115B619E.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\115B619E.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\115B619E.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\115B619E.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\115B619E.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\115B619E.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\123D6A6F.cla Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135D0B2B.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14E241F9.tmp Infected: Email-Worm.Win32.Banwarum.l skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15190BBC.tmp Infected: Email-Worm.Win32.Banwarum.l skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\151D25F3.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\155B5374.tmp Infected: Email-Worm.Win32.Zhelatin.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\156E4F5F.tmp Infected: Email-Worm.Win32.Zhelatin.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\159355A5.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\159355A5.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\159355A5.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\159355A5.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\159355A5.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\159355A5.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\159A299E.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15A07D97.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15A42794.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15A75190.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15C73CFE.tmp Infected: Email-Worm.Win32.Zhelatin.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15D005E5.cla Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161B5E29.wmf Infected: Exploit.Win32.IMG-WMF.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\175034A3.tmp Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17545EA0.tmp Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17F64A35.tmp/death.pif Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17F64A35.tmp ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17F64A35.tmp CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\186B31B4.tmp Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\197375BF.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19BC29F2.tmp/pics.scr Infected: Trojan-Downloader.Win32.Small.axr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19BC29F2.tmp ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19BC29F2.tmp CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A590E3F.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A7042F7.tmp Infected: Email-Worm.Win32.Zhelatin.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B03261E.tmp Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B104E10.tmp/[From 4df803ge2@nudak.fascinatingreport.com][Date Thu, 3 Feb 2005 14:57:24 -0600]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B104E10.tmp/[From 4df803ge2@nudak.fascinatingreport.com][Date Thu, 3 Feb 2005 14:57:24 -0600]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B104E10.tmp Mail: suspicious - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B104E10.tmp CryptFF: suspicious - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B460536.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B460536.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B460536.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B460536.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B460536.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B460536.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B460536.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B492F32.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DB010ED.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE0208E.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EC4765A.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EF7798A.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FED66AA.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FED66AA.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FED66AA.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FED66AA.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FED66AA.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FED66AA.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FED66AA.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20335617.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20A34E9C.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20A878B5.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20D11930.cla Infected: Trojan.Java.Binny.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\235A22B5.cla Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2431580A.tmp Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EC03A9.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EC03A9.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EC03A9.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EC03A9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EC03A9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EC03A9.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EC03A9.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24EF2DA5.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25CB3685.tmp Infected: Trojan.Java.Binny.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26CE47A1.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27AD2C5F.cla Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28D24A28.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29DC10A9.tmp Infected: Trojan-Downloader.Win32.Zlob.gx skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DFC0E8C.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30263D7D.cla Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31321496.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319655E1.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319655E1.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319655E1.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319655E1.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319655E1.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319655E1.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319655E1.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31997FDD.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31CA04BF.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31CA04BF.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31CA04BF.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31CA04BF.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31CA04BF.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31CA04BF.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31CA04BF.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\324C4377.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32A07A77.tmp Infected: Trojan-Downloader.Win32.Bagle.r skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33584555.tmp Infected: Email-Worm.Win32.Zhelatin.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\335B6F52.tmp Infected: Email-Worm.Win32.Zhelatin.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\371A36DC.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\371A36DC.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\371A36DC.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.af skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\371A36DC.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\371A36DC.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\371A36DC.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37BD0D0F.cla Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\381E7990.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38903D3E.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38AD1932.cla Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\391003E1.tmp Infected: Trojan-Proxy.Win32.Lager.dp skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39477535.cla Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C761AF.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C761AF.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C761AF.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C761AF.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C761AF.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C761AF.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C761AF.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A0226D7.tmp Infected: Email-Worm.Win32.Zhelatin.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AF84B7D.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D4001CD.cla Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F591E98.tmp Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\442546C9.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\448D3CCE.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\469873C9.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47FC39CC.cla Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48065C59.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48305E5D.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48330859.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48330859.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.af skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48330859.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48330859.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48330859.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C3844CD.tmp Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D8C2039.exe Infected: Trojan-Downloader.Win32.Zlob.gx skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E3C7FD9.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F4079C5.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\503F02D9.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51910E5D.tmp Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51D52B92.tmp Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52384546.cla Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\535B616F.cla Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54BE462F.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54BE462F.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54BE462F.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54BE462F.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54BE462F.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54BE462F.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54BE462F.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55202ACC.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\561E678A.tmp Infected: Trojan-Downloader.Win32.Tibs.jr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\577F1E06.tmp Infected: Email-Worm.Win32.Zhelatin.r skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58FC185B.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C853CBB.tmp Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DB71F43.cla Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E611A34.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EFB79D9.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F914DD2.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F914DD2.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F914DD2.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F914DD2.tmp ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F914DD2.tmp CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9477CE.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9477CE.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9477CE.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9477CE.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F9477CE.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\603529FB.cla Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\625E0AE0.tmp Infected: Email-Worm.Win32.Luder.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64055320.cla Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\651C7618.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669A738A.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669A738A.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669A738A.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669A738A.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669A738A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669A738A.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669A738A.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66A04783.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66A3717F.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66A71B7B.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A5E5F7D.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A5E5F7D.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A5E5F7D.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A5E5F7D.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A5E5F7D.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A5E5F7D.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A5E5F7D.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D29261F.tmp Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DC95560.wmf Infected: Exploit.Win32.IMG-WMF.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E011E12.tmp Infected: Email-Worm.Win32.Luder.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E3213DC.tmp Infected: Email-Worm.Win32.Luder.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E5667DC.tmp Infected: Email-Worm.Win32.Zhelatin.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED802EF.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED802EF.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.af skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED802EF.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.ai skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED802EF.zip ZIP: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED802EF.zip CryptFF: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED87125.tmp Infected: Email-Worm.Win32.Luder.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EDC2CEC.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F1364E4.tmp Infected: Email-Worm.Win32.Luder.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F2660CF.tmp Infected: Email-Worm.Win32.Luder.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70031829.cla Infected: Trojan.Java.Binny.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70462560.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\706810B6.exe/data0007 Infected: Trojan.Win32.Zapchast.ax skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\706810B6.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.hf skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\706810B6.exe NSIS: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\706810B6.exe UPX: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\706810B6.exe CryptFF: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71BF68B5.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72287BE3.cla Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\752A1731.tmp Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75513C33.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75522413.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7759082C.tmp Infected: Email-Worm.Win32.Zhelatin.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77A44DD9.tmp Infected: Email-Worm.Win32.Zhelatin.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77F9117C.tmp Infected: Email-Worm.Win32.Zhelatin.h skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78A642BD.tmp Infected: Email-Worm.Win32.Zhelatin.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78D73888.tmp Infected: Email-Worm.Win32.Zhelatin.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79C852F3.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A260890.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A260890.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A260890.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A260890.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A260890.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A260890.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A260890.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A2A328C.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BE1530E.cla Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C592108.cla Infected: Trojan-Downloader.Java.OpenStream.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C8D322E.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D601036.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D796F1B.cla Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DC35359.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E481C54.cla Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E930C33.tmp/sexual.doc.exe Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E930C33.tmp ZIP: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E930C33.tmp CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB55FF3.cla Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\cert8.db Object is locked skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\history.dat Object is locked skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\key3.db Object is locked skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter1/[From "Lena Mcguire" <drust@swbell.net>][Date Wed, 03 Nov 2004 20:10:16 +0100]/UNNAMED/[From Norton AntiVirus Email Protection][Date Tue, 16 Nov 2004 04:00:55 -0600]/UNNAMED/[From "Strayer Unv. (since 1892)" <Control-852-57113829-Wor@LSTMNG-BSM01.COM>][Date Thu, 25 Nov 2004 02:14:14 -0800]/UNNAMED/[From "ICopy DVD (News Included)" <Control-898-57113829-Cra@mem02bsminc.com>][Date Sun, 26 Dec 2004 12:05:55 -0800]/UNNAMED/[From pingle@lucie.wupper.de][Date Wed, 19 Jan 2005 00:14:45 +0000]/html Infected: Trojan-Spy.HTML.Bankfraud.bv skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter1/[From "Lena Mcguire" <drust@swbell.net>][Date Wed, 03 Nov 2004 20:10:16 +0100]/UNNAMED/[From Norton AntiVirus Email Protection][Date Tue, 16 Nov 2004 04:00:55 -0600]/UNNAMED/[From "Strayer Unv. (since 1892)" <Control-852-57113829-Wor@LSTMNG-BSM01.COM>][Date Thu, 25 Nov 2004 02:14:14 -0800]/UNNAMED/[From "ICopy DVD (News Included)" <Control-898-57113829-Cra@mem02bsminc.com>][Date Sun, 26 Dec 2004 12:05:55 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.bv skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter1/[From "Lena Mcguire" <drust@swbell.net>][Date Wed, 03 Nov 2004 20:10:16 +0100]/UNNAMED/[From Norton AntiVirus Email Protection][Date Tue, 16 Nov 2004 04:00:55 -0600]/UNNAMED/[From "Strayer Unv. (since 1892)" <Control-852-57113829-Wor@LSTMNG-BSM01.COM>][Date Thu, 25 Nov 2004 02:14:14 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.bv skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter1/[From "Lena Mcguire" <drust@swbell.net>][Date Wed, 03 Nov 2004 20:10:16 +0100]/UNNAMED/[From Norton AntiVirus Email Protection][Date Tue, 16 Nov 2004 04:00:55 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.bv skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter1/[From "Lena Mcguire" <drust@swbell.net>][Date Wed, 03 Nov 2004 20:10:16 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.bv skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter1 Mail Berkeley mbox: infected - 5 skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Collin Whittaker <Barbra_Kirk825@siba.fi>][Date Mon, 14 Feb 2005 03:40:59 -0800]/UNNAMED/[From "Bpwg" <gqzxr@wjauxn.watchbattleaction.com>][Date Mon, 14 Feb 2005 05:48:33 -0700]/html/[From YourReading from OF <PersonalFreeReading@confirmedgoodness.com>][Date Mon, 14 Feb 2005 07:03:04 -0800]/UNNAMED/[From Low Rate <lowrate@tx3oc.com>][Date Mon Feb 14 10:23:31 2005]/UNNAMED/text Infected: Trojan-Spy.HTML.Wamufraud.au skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Collin Whittaker <Barbra_Kirk825@siba.fi>][Date Mon, 14 Feb 2005 03:40:59 -0800]/UNNAMED/[From "Bpwg" <gqzxr@wjauxn.watchbattleaction.com>][Date Mon, 14 Feb 2005 05:48:33 -0700]/html/[From YourReading from OF <PersonalFreeReading@confirmedgoodness.com>][Date Mon, 14 Feb 2005 07:03:04 -0800]/UNNAMED/[From Low Rate <lowrate@tx3oc.com>][Date Mon Feb 14 10:23:31 2005]/UNNAMED Infected: Trojan-Spy.HTML.Wamufraud.au skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Collin Whittaker <Barbra_Kirk825@siba.fi>][Date Mon, 14 Feb 2005 03:40:59 -0800]/UNNAMED/[From "Bpwg" <gqzxr@wjauxn.watchbattleaction.com>][Date Mon, 14 Feb 2005 05:48:33 -0700]/html/[From YourReading from OF <PersonalFreeReading@confirmedgoodness.com>][Date Mon, 14 Feb 2005 07:03:04 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Wamufraud.au skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Collin Whittaker <Barbra_Kirk825@siba.fi>][Date Mon, 14 Feb 2005 03:40:59 -0800]/UNNAMED/[From "Bpwg" <gqzxr@wjauxn.watchbattleaction.com>][Date Mon, 14 Feb 2005 05:48:33 -0700]/html Infected: Trojan-Spy.HTML.Wamufraud.au skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Collin Whittaker <Barbra_Kirk825@siba.fi>][Date Mon, 14 Feb 2005 03:40:59 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Wamufraud.au skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Juzt4U <hplus@juzt4u.net>][Date Thu, 3 Mar 2005 23:41:23 -0500]/html/[From Jay Abraham <abraham@256kvga.com>][Date Thu Mar 3 20:40:14 2005]/html Infected: Trojan-Spy.HTML.Bankfraud.cm skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Juzt4U <hplus@juzt4u.net>][Date Thu, 3 Mar 2005 23:41:23 -0500]/html Infected: Trojan-Spy.HTML.Bankfraud.cm skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Juzt4U <hplus@juzt4u.net>][Date Thu, 3 Mar 2005 23:41:23 -0500]/html/[From Jay Abraham <abraham@256kvga.com>][Date Thu Mar 3 20:40:14 2005]/html Infected: Trojan-Spy.HTML.Bankfraud.cm skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Juzt4U <hplus@juzt4u.net>][Date Thu, 3 Mar 2005 23:41:23 -0500]/html/[From want a gift <noreply@momsdadsmore.com>][Date Thu, 3 Mar 2005 18:27:41 -0800]/UNNAMED/[From "Rising Value" <RisingValue@mrgoodprice.biz>][Date Thu, 03 Mar 2005 20:42:37 -0500]/UNNAMED/[From Sonic <soni ... /[From Wall ... /[From "BonusDeals" <carlnichols@ficang.famousisland.net>][Date Sat, 05 Mar 2005 13:31:53 -0800]/html Infected: Trojan-Spy.HTML.Bankfraud.cm skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Juzt4U <hplus@juzt4u.net>][Date Thu, 3 Mar 2005 23:41:23 -0500]/html/[From want a gift <noreply@momsdadsmore.com>][Date Thu, 3 Mar 2005 18:27:41 -0800]/UNNAMED/[From "Rising Value" <RisingValue@mrgoodprice.biz>][Date Thu, 03 Mar 2005 20:42:37 -0500]/UNNAMED/[From Sonic <soni ... /[From Wall Street News Alert <wallstreetnewsalert@ahead-terriers.com>][Date Sat, 05 Mar 2005 13:00:03 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.cm skipped C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\Mail\pop.swbell.yahoo-1.com\Filter3/[From "Hager" <xliwwikqtee@drust.huntven.com>][Date Mon, 24 Jan 2005 03:25:55 -0400]/text/[From Juzt4U <hplus@juzt4u.net>][Date Thu, 3 Mar 2005 23:41:23 -0500]/html/[From want a gift <noreply@momsdadsmore.com>][Date Thu, 3 Mar 2005 18:27:41 -0800]/UNNAMED/[From "Rising Value" <RisingValue@mrgoodprice.biz>][Date Thu, 03 Mar 2005 20:42:37 -0500]/UNNAMED/[From Sonic <sonic@website ... /[From PerfectPr ... /[From PaySupervisor<Cleveland@golfshore.

#10 Rancher

Rancher

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 23 March 2007 - 09:41 PM

Couldn't fit all three logs into one reply. The other two are in post #9.

Thx


StartupList report, 3/23/2007, 10:29:14 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Palm\Hotsync.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Brian\Start Menu\Programs\Startup]
Camio Viewer 3.2.lnk.disabled

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk.disabled
DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
HotSync Manager.lnk = C:\Palm\Hotsync.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UpdReg = C:\WINDOWS\Updreg.exe
NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
Logitech Utility = Logi_MwX.Exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
PrevxOne = "C:\Program Files\Prevx1\PXConsole.exe"

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=NVDESK32.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Malicious Scripts Scanner - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB}
(no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
Norton Internet Security 2006 - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Run Full System Scan - Brian.job

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1103919016062

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1161366234984

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,106 bytes
Report generated in 0.297 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by Rancher, 23 March 2007 - 09:44 PM.

    Advertisements

Register to Remove


#11 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 March 2007 - 06:55 AM

Open up Symantec and go into the Quarantine folder and delete it all, then run HJT and post a new log.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#12 Rancher

Rancher

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 24 March 2007 - 11:34 AM

Ken,
I deleted the old quarantine files in Norton. Here's the new log.

Logfile of HijackThis v1.99.1
Scan saved at 12:28:37 PM, on 3/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Palm\Hotsync.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian\Application Data\Mozilla\Profiles\default\knhphcbx.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - Startup: Camio Viewer 3.2.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103919016062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161366234984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#13 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 March 2007 - 12:00 PM

There where no malicious files from Kaspersky, just a lot of junk that Norton Quarantined . It looks like this guy was sending you some bad stuff. Jay Abraham.

We have run a few scans and basically they have found nothing earth shattering and your HJT log looks fine :thumbup:

Sometimes a slow computer can be other things besides Malware, anything from new software you just installed or new hardware. I would suggest posting at our other forum for windows problems, let them know you posted here and that your log is clean.
OTHER COMPUTER PROBLEMS




It's Not Always Malware

Slow Computer
Microsoft

Speedup Windows Windows Tips


How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.


Here are some free programs to install, don't leave home without them
  • Spybot Search and Destroy 1.4
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  • Ad-Aware SE Personal 1.06
    Check for Updates and run a Full System Scan on a regular basis.
  • Spyware Blaster It will prevent most spyware from ever being installed.
  • Spyware Guard It offers realtime protection from spyware installation attempts.
  • Win Patrol This program will warn you when any changes are being made to your system and give you the option to deny the change.
  • IE-Spyad
    IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.
Thanks for stopping by Tom Coyote , I'm glad I was able to help you. :D

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#14 Rancher

Rancher

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 24 March 2007 - 10:46 PM

Ken, thanks again for the help. I'll look into the rest of the system. The slow down might coincide with the Netscape 8.1 upgrade. I really hate upgrading stuff. It always seems to bring a new set of problems. Rancher

#15 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 25 March 2007 - 08:07 AM

Yep sometimes upgrades make things worse, but not all the time. You need to think of what you have done prior to this problem as far as installing software or a piece of hardware and then uninstall it and see if things improve. Ken :D

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users