WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
my log
Started by
sdutcher
, Mar 14 2007 05:03 AM
83 replies to this topic
#31
IndiGenus
-
- Authentic Member
-
- 5,251 posts
Teacher Emeritus
- Interests:Computer Security, Music, Sports
Posted 27 March 2007 - 08:05 AM
IndiGenus
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
Register to Remove
#32
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 27 March 2007 - 10:20 AM
here is the panda scan
Incident Status Location
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Andrew Horsfall\Application Data\Mozilla\Firefox\Profiles\ckvtd3k4.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Andrew Horsfall\Cookies\andrew horsfall@perf.overture[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Andrew Horsfall\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Andrew Horsfall\DoctorWeb\Quarantine\f3PSSavr.scr
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Andrew Horsfall\DoctorWeb\Quarantine\Process.exe
Adware:adware/wintools Not disinfected C:\Documents and Settings\Andrew Horsfall\Favorites\Search the Web for Everything in One Click!.url
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Adware:Adware/Startpage.MC Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\mswsc10.dll
Adware:adware/ncase Not disinfected C:\WINDOWS\180ax.exe
Adware:adware/clickalchemy Not disinfected C:\WINDOWS\alchem.ini
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\BOOTSTAT.DAT:bzehr
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\BOOTSTAT.DAT:yxqls
Adware:adware/easysearch Not disinfected C:\WINDOWS\dialup.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Adware:Adware Program Not disinfected C:\WINDOWS\Downloaded Program Files\WildApp.inf
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\DtcInstall.log:lomjo
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\Greenstone.bmp:zcdso
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\INF\alchem.inf
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\ipld.dll:kicam
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\mfcwo.dll:ckaip
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\mssys.com:grgej
Adware:Adware/Startpage.CDA Not disinfected C:\WINDOWS\mssys.com
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\nsreg.dat:ediqi
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\OCGEN.LOG:njvsb
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\ODBCINST.INI:nclih
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\orun32.isu:boylo
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\orun32.isu:ctlan
Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\Q816981.log:nqrec
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\Q816982.log:ledpp
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\QUICKEN.INI:wsfeq
Adware:adware/superspider Not disinfected C:\WINDOWS\runwin32.exe
Adware:adware/twain-tech Not disinfected C:\WINDOWS\satmat.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\SchedLgU.Txt:hcyde
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\Soap Bubbles.bmp:zpdva
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\SUSP.exe
Adware:adware/ipbill Not disinfected C:\WINDOWS\SYSTEM32\dload.exe
Adware:adware/topconvert Not disinfected C:\WINDOWS\updatetc.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\VBADDIN.INI:tgcxo
Adware:adware/conspy Not disinfected C:\WINDOWS\waol.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\WINNT.BMP:jpjvp
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\WINNT256.BMP:dpghv
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\wintj32.dll:elopk
Adware:adware program Not disinfected C:\WINDOWS\x.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\_DEFAULT.PIF:geqgq
#33
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 27 March 2007 - 10:26 AM
from combofix
Start Time= Tue 03/27/2007 11:18:34.68
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-26 22:51:12 139264 ( A.... ) "C:\WINDOWS\SYSTEM32\javaws.exe"
2007-03-26 22:51:12 135168 ( A.... ) "C:\WINDOWS\SYSTEM32\javaw.exe"
2007-03-26 22:51:12 135168 ( A.... ) "C:\WINDOWS\SYSTEM32\java.exe"
2007-03-26 22:26:28 ( .D... ) "C:\Program Files\CleanUp!"
2007-03-26 22:12:04 ( .D... ) "C:\Documents and Settings\Andrew Horsfall\Application Data\Sun"
2007-03-17 17:28:28 ( .D... ) "C:\Documents and Settings\Andrew Horsfall\Application Data\AVG7"
2007-03-16 06:26:22 ( .D... ) "C:\Program Files\Grisoft"
2007-03-13 21:35:30 ( .D... ) "C:\Program Files\Lavasoft"
2007-03-13 21:25:02 ( .D... ) "C:\Program Files\Common Files\Wise Installation Wizard"
2007-03-13 21:23:32 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2007-03-13 20:57:20 ( .D... ) "C:\Documents and Settings\Andrew Horsfall\Application Data\PC Tools"
2007-03-12 08:33:12 55 ( A.... ) "C:\WINDOWS\SYSTEM32\pfxzmtwbmail.dll"
2007-03-12 08:33:12 55 ( A.... ) "C:\WINDOWS\SYSTEM32\pfxzmticq.dll"
2007-03-12 08:33:12 55 ( A.... ) "C:\WINDOWS\SYSTEM32\pfxzmtgtal.dll"
2007-03-12 08:33:12 55 ( A.... ) "C:\WINDOWS\SYSTEM32\pfxzmtforum.dll"
2007-03-12 08:33:12 55 ( A.... ) "C:\WINDOWS\SYSTEM32\pfxzmtaim.dll"
2007-03-10 14:37:40 26112 ( A.... ) "C:\WINDOWS\SYSTEM32\vxddsk.exe"
2007-03-10 14:37:40 9728 ( A.... ) "C:\WINDOWS\vxddsk.exe"
2007-03-10 14:37:38 31488 ( A.... ) "C:\WINDOWS\SYSTEM32\wml.exe"
2007-03-10 14:37:36 21760 ( A.... ) "C:\WINDOWS\SUSP.exe"
2007-03-10 14:37:36 12800 ( A.... ) "C:\WINDOWS\wml.exe"
2007-03-10 14:37:34 11008 ( A.... ) "C:\WINDOWS\satmat.exe"
2007-03-10 14:37:28 27392 ( A.... ) "C:\WINDOWS\7search.dll"
2007-03-10 14:37:26 28672 ( A.... ) "C:\WINDOWS\764.exe"
2007-03-10 14:37:26 12800 ( A.... ) "C:\WINDOWS\flt.dll"
2007-03-10 14:37:24 29696 ( A.... ) "C:\WINDOWS\voiceip.dll"
2007-03-10 14:37:24 19456 ( A.... ) "C:\WINDOWS\pbar.dll"
2007-03-10 14:37:24 17920 ( A.... ) "C:\WINDOWS\stcloader.exe"
2007-03-10 14:37:20 30464 ( A.... ) "C:\WINDOWS\cdsm32.dll"
2007-03-10 14:37:20 14336 ( A.... ) "C:\WINDOWS\swin32.dll"
2007-03-10 14:37:18 30208 ( A.... ) "C:\WINDOWS\bokja.exe"
2007-03-10 14:37:14 28928 ( A.... ) "C:\WINDOWS\mspphe.dll"
2007-03-10 14:37:14 10752 ( A.... ) "C:\WINDOWS\mssvr.exe"
2007-03-10 14:37:12 25856 ( A.... ) "C:\WINDOWS\bjam.dll"
2007-03-10 14:37:08 29440 ( A.... ) "C:\WINDOWS\SYSTEM32\MSIXU.DLL"
2007-03-10 14:37:06 23808 ( A.... ) "C:\WINDOWS\180ax.exe"
2007-03-10 14:37:06 9216 ( A.... ) "C:\WINDOWS\SYSTEM32\WER8274.DLL"
2007-03-10 14:37:04 31232 ( A.... ) "C:\WINDOWS\updatetc.exe"
2007-03-10 14:37:04 19968 ( A.... ) "C:\WINDOWS\salm.exe"
2007-03-10 14:36:56 9472 ( A.... ) "C:\WINDOWS\saiemod.dll"
2007-03-10 14:33:48 8704 ( A.... ) "C:\WINDOWS\SYSTEM32\sporder.dll"
2007-03-10 08:32:20 ( .D... ) "C:\Program Files\Webroot"
2007-03-10 08:28:36 ( .D... ) "C:\Documents and Settings\Andrew Horsfall\Application Data\Webroot"
2007-03-10 08:01:48 ( .D... ) "C:\Program Files\SpyAway"
2007-01-28 15:18:08 ( .D... ) "C:\Program Files\ABBYY FineReader 6.0"
2007-01-28 15:18:08 ( .D... ) "C:\Program Files\ABBYY FineReader 5.0 Sprint"
2007-01-28 15:10:52 ( .D... ) "C:\Program Files\Lexmark 1200 Series"
2007-01-15 08:31:58 23808 ( A.... ) "C:\WINDOWS\SYSTEM32\winmuse.exe"
2007-01-15 08:31:58 8960 ( A.... ) "C:\WINDOWS\SYSTEM32\msmsn.exe"
2007-01-15 08:31:56 29184 ( A.... ) "C:\WINDOWS\SYSTEM32\POPCORN72.EXE"
2007-01-15 08:31:56 23040 ( A.... ) "C:\WINDOWS\SYSTEM32\kernels64.exe"
2007-01-15 08:31:56 12032 ( A.... ) "C:\WINDOWS\SYSTEM32\netstat2.exe"
2007-01-15 08:31:56 9472 ( A.... ) "C:\WINDOWS\SYSTEM32\anti_troj.exe"
2007-01-15 08:31:56 8960 ( A.... ) "C:\WINDOWS\SYSTEM32\perfont.exe"
2007-01-15 08:31:54 32256 ( A.... ) "C:\WINDOWS\SYSTEM32\mpsegment.exe"
2007-01-15 08:31:54 16128 ( A.... ) "C:\WINDOWS\SYSTEM32\proqlaim.exe"
2007-01-15 08:31:50 24576 ( A.... ) "C:\WINDOWS\SYSTEM32\iewd.exe"
2007-01-15 08:31:48 22272 ( A.... ) "C:\WINDOWS\SYSTEM32\dload.exe"
2007-01-15 08:31:48 13568 ( A.... ) "C:\WINDOWS\SYSTEM32\win32hp.dll"
2007-01-15 08:31:34 18176 ( A.... ) "C:\WINDOWS\spp3.dll"
2007-01-15 08:31:12 32512 ( A.... ) "C:\WINDOWS\wininet32.exe"
2007-01-15 08:31:10 26880 ( A.... ) "C:\WINDOWS\runwin32.exe"
2007-01-15 08:31:08 26368 ( A.... ) "C:\WINDOWS\y.exe"
2007-01-15 08:31:08 16128 ( A.... ) "C:\WINDOWS\dialup.exe"
2007-01-15 08:31:06 13568 ( A.... ) "C:\WINDOWS\xplugin.dll"
2007-01-15 08:31:04 25088 ( A.... ) "C:\WINDOWS\x.exe"
2007-01-15 08:31:04 20992 ( A.... ) "C:\WINDOWS\window.exe"
2007-01-15 08:31:04 16640 ( A.... ) "C:\WINDOWS\winmgnt.exe"
2007-01-15 08:31:04 13824 ( A.... ) "C:\WINDOWS\winajbm.dll"
2007-01-15 08:31:02 27392 ( A.... ) "C:\WINDOWS\time.exe"
2007-01-15 08:31:02 23808 ( A.... ) "C:\WINDOWS\win64.exe"
2007-01-15 08:31:02 19456 ( A.... ) "C:\WINDOWS\waol.exe"
2007-01-15 08:31:02 19200 ( A.... ) "C:\WINDOWS\users32.exe"
2007-01-15 08:31:02 14336 ( A.... ) "C:\WINDOWS\win32e.exe"
2007-01-15 08:31:00 26112 ( A.... ) "C:\WINDOWS\olehelp.exe"
2007-01-15 08:31:00 14848 ( A.... ) "C:\WINDOWS\systemcritical.exe"
2007-01-15 08:31:00 9728 ( A.... ) "C:\WINDOWS\systeem.exe"
2007-01-15 08:30:58 13056 ( A.... ) "C:\WINDOWS\clrssn.exe"
2007-01-15 08:30:58 11520 ( A.... ) "C:\WINDOWS\cpan.dll"
2007-01-15 08:30:56 15872 ( A.... ) "C:\WINDOWS\accesss.exe"
2007-01-15 08:30:54 24576 ( A.... ) "C:\WINDOWS\SYSTEM32\ace16win.dll"
2007-01-15 08:30:54 11264 ( A.... ) "C:\WINDOWS\inetdctr.dll"
2006-12-31 20:01:32 14848 ( A.... ) "C:\WINDOWS\SYSTEM32\protector(2).exe"
2006-12-31 19:32:48 18944 ( A.... ) "C:\WINDOWS\SYSTEM32\ntio256.sys"
2006-12-31 19:32:48 14848 ( A.... ) "C:\WINDOWS\SYSTEM32\protector.exe"
2006-12-31 18:34:26 12800 ( A.... ) "C:\WINDOWS\SYSTEM32\svchost.exe"
((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Verizon Internet Security Suite"="\"C:\\Program Files\\Verizon\\Verizon Internet Security Suite\\Rps.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~2\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
"A Verizon App"="C:\\PROGRA~1\\VERIZO~2\\HELPSU~1\\VERIZO~1.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"Lexmark 1200 Series"="\"C:\\Program Files\\Lexmark 1200 Series\\lxczbmgr.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"adirka"="C:\\WINDOWS\\System32\\adirka.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"adirka"="C:\\WINDOWS\\System32\\adirka.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RebateNation0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RebateNation0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Rebate_Nation\\RebateNation0.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBundleOuterDL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BundleOuter"
"hkey"="HKLM"
"command"="C:\\Program Files\\VBouncer\\BundleOuter.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VerizonServicepoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0400"
"hkey"="HKLM"
"command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="yop"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YPC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\PARENT~1\\ypc.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient"=dword:00000002
"w32time"=dword:00000002
"TapiSrv"=dword:00000003
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
Completion time: Tue 03/27/2007 11:19:45.14
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
#34
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 27 March 2007 - 10:28 AM
Logfile of HijackThis v1.99.1
Scan saved at 11:24:04 AM, on 3/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Documents and Settings\Andrew Horsfall\Desktop\help files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcoyote.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~2\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~2\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: TrueSwitch Wizard Verizon Yahoo.lnk = C:\Program Files\TrueSwitchVerizonYahoo\TrueInstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.micros...b?1165785661687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O16 - DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} - https://netservices..../DSLControl.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...TrueInstall.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Scan saved at 11:24:04 AM, on 3/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Documents and Settings\Andrew Horsfall\Desktop\help files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcoyote.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~2\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~2\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: TrueSwitch Wizard Verizon Yahoo.lnk = C:\Program Files\TrueSwitchVerizonYahoo\TrueInstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.micros...b?1165785661687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O16 - DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} - https://netservices..../DSLControl.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...TrueInstall.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
#35
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 27 March 2007 - 05:11 PM
i was able to get the registry merge to work!
here is a new hjt
Logfile of HijackThis v1.99.1
Scan saved at 6:07:05 PM, on 3/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Documents and Settings\Andrew Horsfall\Desktop\help files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcoyote.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~2\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~2\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.micros...b?1165785661687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O16 - DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} - https://netservices..../DSLControl.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
i'll be back in a couple hours to check in
thanks
here is a new hjt
Logfile of HijackThis v1.99.1
Scan saved at 6:07:05 PM, on 3/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Documents and Settings\Andrew Horsfall\Desktop\help files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcoyote.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~2\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~2\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.micros...b?1165785661687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O16 - DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} - https://netservices..../DSLControl.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
i'll be back in a couple hours to check in
thanks
#36
IndiGenus
-
- Authentic Member
-
- 5,251 posts
Teacher Emeritus
- Interests:Computer Security, Music, Sports
Posted 27 March 2007 - 05:20 PM
Excellent 
But there are still major infections present, including a rootkit. I've asked some of the experts in these forums to help me here and we're working on a fix.
Dave
But there are still major infections present, including a rootkit. I've asked some of the experts in these forums to help me here and we're working on a fix.
Dave
IndiGenus
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#37
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 27 March 2007 - 08:17 PM
ok thanks,,,,,
i am running some more scans over nite,
and,
i used shootthemessenger to stop all those
windows from coming up while scanning
panda, f-secure, and even trend micro online scans
will not "finish", errors happen..
even though they find some stuff
i'm off for the nite, will check in the morning
thanks
#38
IndiGenus
-
- Authentic Member
-
- 5,251 posts
Teacher Emeritus
- Interests:Computer Security, Music, Sports
Posted 28 March 2007 - 07:22 PM
Hi and sorry for the delay in getting back to you. I've been going straight out with work and family stuff...
Let's try this:
Please download the OTMoveIt by OldTimer.
Let's try this:
Please download the OTMoveIt by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\SYSTEM32\pfxzmtwbmail.dll
C:\WINDOWS\SYSTEM32\pfxzmticq.dll
C:\WINDOWS\SYSTEM32\pfxzmtgtal.dll
C:\WINDOWS\SYSTEM32\pfxzmtforum.dll
C:\WINDOWS\SYSTEM32\pfxzmtaim.dll
C:\WINDOWS\SYSTEM32\vxddsk.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\SYSTEM32\wml.exe
C:\WINDOWS\SUSP.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\764.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\voiceip.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\SYSTEM32\MSIXU.DLL
C:\WINDOWS\180ax.exe
C:\WINDOWS\SYSTEM32\WER8274.DLL
C:\WINDOWS\updatetc.exe
C:\WINDOWS\salm.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\SYSTEM32\sporder.dll
C:\WINDOWS\SYSTEM32\winmuse.exe
C:\WINDOWS\SYSTEM32\msmsn.exe
C:\WINDOWS\SYSTEM32\POPCORN72.EXE
C:\WINDOWS\SYSTEM32\kernels64.exe
C:\WINDOWS\SYSTEM32\netstat2.exe
C:\WINDOWS\SYSTEM32\anti_troj.exe
C:\WINDOWS\SYSTEM32\perfont.exe
C:\WINDOWS\SYSTEM32\mpsegment.exe
C:\WINDOWS\SYSTEM32\proqlaim.exe
C:\WINDOWS\SYSTEM32\iewd.exe
C:\WINDOWS\SYSTEM32\dload.exe
C:\WINDOWS\SYSTEM32\win32hp.dll
C:\WINDOWS\spp3.dll
C:\WINDOWS\wininet32.exe
C:\WINDOWS\runwin32.exe
C:\WINDOWS\y.exe
C:\WINDOWS\dialup.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\x.exe
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\time.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\accesss.exe
C:\WINDOWS\SYSTEM32\ace16win.dll
C:\WINDOWS\inetdctr.dll
C:\WINDOWS\SYSTEM32\protector(2).exe
C:\WINDOWS\SYSTEM32\ntio256.sys
C:\WINDOWS\SYSTEM32\protector.exe
- Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
- Close OTMoveIt
IndiGenus
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#39
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 28 March 2007 - 08:28 PM
LoadLibrary failed for C:\WINDOWS\SYSTEM32\pfxzmticq.dll
C:\WINDOWS\SYSTEM32\pfxzmticq.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pfxzmticq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\pfxzmtgtal.dll
C:\WINDOWS\SYSTEM32\pfxzmtgtal.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pfxzmtgtal.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\pfxzmtforum.dll
C:\WINDOWS\SYSTEM32\pfxzmtforum.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pfxzmtforum.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\pfxzmtaim.dll
C:\WINDOWS\SYSTEM32\pfxzmtaim.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pfxzmtaim.dll moved successfully.
C:\WINDOWS\SYSTEM32\vxddsk.exe moved successfully.
C:\WINDOWS\vxddsk.exe moved successfully.
C:\WINDOWS\SYSTEM32\wml.exe moved successfully.
C:\WINDOWS\SUSP.exe moved successfully.
C:\WINDOWS\wml.exe moved successfully.
C:\WINDOWS\satmat.exe moved successfully.
File/Folder C:\WINDOWS\7search.dll not found.
File/Folder C:\WINDOWS\764.exe not found.
LoadLibrary failed for C:\WINDOWS\flt.dll
C:\WINDOWS\flt.dll NOT unregistered.
C:\WINDOWS\flt.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\voiceip.dll
C:\WINDOWS\voiceip.dll NOT unregistered.
C:\WINDOWS\voiceip.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\pbar.dll
C:\WINDOWS\pbar.dll NOT unregistered.
C:\WINDOWS\pbar.dll moved successfully.
C:\WINDOWS\stcloader.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cdsm32.dll NOT unregistered.
C:\WINDOWS\cdsm32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\swin32.dll
C:\WINDOWS\swin32.dll NOT unregistered.
C:\WINDOWS\swin32.dll moved successfully.
C:\WINDOWS\bokja.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\mspphe.dll
C:\WINDOWS\mspphe.dll NOT unregistered.
C:\WINDOWS\mspphe.dll moved successfully.
C:\WINDOWS\mssvr.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\bjam.dll
C:\WINDOWS\bjam.dll NOT unregistered.
C:\WINDOWS\bjam.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\MSIXU.DLL
C:\WINDOWS\SYSTEM32\MSIXU.DLL NOT unregistered.
C:\WINDOWS\SYSTEM32\MSIXU.DLL moved successfully.
File/Folder C:\WINDOWS\180ax.exe not found.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\WER8274.DLL
C:\WINDOWS\SYSTEM32\WER8274.DLL NOT unregistered.
C:\WINDOWS\SYSTEM32\WER8274.DLL moved successfully.
C:\WINDOWS\updatetc.exe moved successfully.
C:\WINDOWS\salm.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\saiemod.dll
C:\WINDOWS\saiemod.dll NOT unregistered.
C:\WINDOWS\saiemod.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\sporder.dll
C:\WINDOWS\SYSTEM32\sporder.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\sporder.dll moved successfully.
C:\WINDOWS\SYSTEM32\winmuse.exe moved successfully.
C:\WINDOWS\SYSTEM32\msmsn.exe moved successfully.
C:\WINDOWS\SYSTEM32\POPCORN72.EXE moved successfully.
C:\WINDOWS\SYSTEM32\kernels64.exe moved successfully.
C:\WINDOWS\SYSTEM32\netstat2.exe moved successfully.
C:\WINDOWS\SYSTEM32\anti_troj.exe moved successfully.
C:\WINDOWS\SYSTEM32\perfont.exe moved successfully.
C:\WINDOWS\SYSTEM32\mpsegment.exe moved successfully.
C:\WINDOWS\SYSTEM32\proqlaim.exe moved successfully.
C:\WINDOWS\SYSTEM32\iewd.exe moved successfully.
C:\WINDOWS\SYSTEM32\dload.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\win32hp.dll
C:\WINDOWS\SYSTEM32\win32hp.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\win32hp.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\spp3.dll
C:\WINDOWS\spp3.dll NOT unregistered.
C:\WINDOWS\spp3.dll moved successfully.
C:\WINDOWS\wininet32.exe moved successfully.
C:\WINDOWS\runwin32.exe moved successfully.
File/Folder C:\WINDOWS\y.exe not found.
C:\WINDOWS\dialup.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\xplugin.dll
C:\WINDOWS\xplugin.dll NOT unregistered.
C:\WINDOWS\xplugin.dll moved successfully.
File/Folder C:\WINDOWS\x.exe not found.
C:\WINDOWS\window.exe moved successfully.
C:\WINDOWS\winmgnt.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\winajbm.dll
C:\WINDOWS\winajbm.dll NOT unregistered.
C:\WINDOWS\winajbm.dll moved successfully.
C:\WINDOWS\time.exe moved successfully.
C:\WINDOWS\win64.exe moved successfully.
C:\WINDOWS\waol.exe moved successfully.
C:\WINDOWS\users32.exe moved successfully.
C:\WINDOWS\win32e.exe moved successfully.
C:\WINDOWS\olehelp.exe moved successfully.
C:\WINDOWS\systemcritical.exe moved successfully.
C:\WINDOWS\systeem.exe moved successfully.
C:\WINDOWS\clrssn.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\cpan.dll
C:\WINDOWS\cpan.dll NOT unregistered.
C:\WINDOWS\cpan.dll moved successfully.
C:\WINDOWS\accesss.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\ace16win.dll
C:\WINDOWS\SYSTEM32\ace16win.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ace16win.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\inetdctr.dll
C:\WINDOWS\inetdctr.dll NOT unregistered.
C:\WINDOWS\inetdctr.dll moved successfully.
C:\WINDOWS\SYSTEM32\protector(2).exe moved successfully.
C:\WINDOWS\SYSTEM32\ntio256.sys moved successfully.
C:\WINDOWS\SYSTEM32\protector.exe moved successfully.
Created on 03/28/2007 21:24:14
#40
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 28 March 2007 - 08:30 PM
just for kicks:
Logfile of HijackThis v1.99.1
Scan saved at 9:25:45 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Andrew Horsfall\Desktop\help files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcoyote.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~2\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~2\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Logfile of HijackThis v1.99.1
Scan saved at 9:25:45 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Andrew Horsfall\Desktop\help files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcoyote.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~2\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~2\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Register to Remove
#41
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 29 March 2007 - 05:25 AM
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 29, 2007 6:23:44 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/03/2007
Kaspersky Anti-Virus database records: 288357
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 55071
Number of viruses found: 5
Number of infected objects: 110 / 0
Number of suspicious objects: 2
Duration of the scan process: 00:56:48
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f089bd22bcf453ccf810126980056fe_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3905f0a0a26ca29aa4901d5c45e85501_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ad2a42c17daf75b38f2e4a7d6d6e4a1_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\569dd682d9ab39adb7a62975b2256a79_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\684022895e042d95da3395278522a327_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68b5a73dac7cc6e14f1e263f43a263fc_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cd41c6f0419848b802e6ad96fea065d_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7224bcd4e9c279dc8a90ccaf4b9e671_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f96db401122ef1904f57836808d8dd71_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/VXH8JKDQ6.EXE Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Andrew Horsfall\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\DoctorWeb\Quarantine\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\History\History.IE5\MSHist012007032820070329\index.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\ntuser.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Becky\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jare'\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jare'\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\2 baby teacups.doc Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\alex youngg.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\alexs page.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\alexx 2.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\alexx.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\angel.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\Desktop.ini Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\dont matter.doc Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\Fave Songs.doc Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\henry.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\iTunes.lnk Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\pitty.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\poe.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\Rockstar.doc Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\soonsi.jpg Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\Thumbs.db Object is locked skipped
C:\Documents and Settings\Skittlez45689\Desktop\Hannah's folder\titanic pics 1.doc Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\20061118024722.zip Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat Object is locked skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080962.dll:ckaip:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080962.dll:ckaip:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080962.dll:ckaip:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080962.dll:ckaip:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080962.dll:ckaip:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080962.dll:ckaip:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080965.com/HZZ.EXE Infected: Trojan-Dropper.DOS.Rute skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080965.com Mail: infected - 1 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080965.com:grgej:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080965.com:grgej:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080965.com:grgej:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080965.com:grgej:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080965.com:grgej:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080965.com:grgej:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080968.INI:nclih:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080968.INI:nclih:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080968.INI:nclih:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080968.INI:nclih:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080968.INI:nclih:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080968.INI:nclih:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:boylo:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:boylo:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:boylo:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:boylo:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:boylo:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:boylo:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:ctlan:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:ctlan:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:ctlan:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:ctlan:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:ctlan:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080969.isu:ctlan:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080971.INI:wsfeq:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080971.INI:wsfeq:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080971.INI:wsfeq:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080971.INI:wsfeq:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080971.INI:wsfeq:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc1\A0080971.INI:wsfeq:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc31.INI:wsfeq:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc31.INI:wsfeq:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc31.INI:wsfeq:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc31.INI:wsfeq:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc31.INI:wsfeq:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc31.INI:wsfeq:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:boylo:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:boylo:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:boylo:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:boylo:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:boylo:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:boylo:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:ctlan:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:ctlan:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:ctlan:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:ctlan:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:ctlan:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc32.isu:ctlan:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc33.INI:nclih:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc33.INI:nclih:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc33.INI:nclih:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc33.INI:nclih:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc33.INI:nclih:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc33.INI:nclih:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc34.com/HZZ.EXE Infected: Trojan-Dropper.DOS.Rute skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc34.com Mail: infected - 1 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc34.com:grgej:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc34.com:grgej:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc34.com:grgej:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc34.com:grgej:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc34.com:grgej:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc34.com:grgej:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc35.dll:ckaip:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc35.dll:ckaip:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc35.dll:ckaip:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc35.dll:ckaip:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc35.dll:ckaip:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc35.dll:ckaip:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc36.dll:kicam:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc36.dll:kicam:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc36.dll:kicam:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc36.dll:kicam:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc36.dll:kicam:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc36.dll:kicam:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc37.INI:tgcxo:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc37.INI:tgcxo:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc37.INI:tgcxo:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc37.INI:tgcxo:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc37.INI:tgcxo:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc37.INI:tgcxo:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc38.dll:elopk:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc38.dll:elopk:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc38.dll:elopk:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc38.dll:elopk:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc38.dll:elopk:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc38.dll:elopk:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc39.PIF:geqgq:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc39.PIF:geqgq:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc39.PIF:geqgq:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc39.PIF:geqgq:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc39.PIF:geqgq:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1006\Dc39.PIF:geqgq:$DATA Embedded HTML: infected - 5 skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1013\Dc1.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1013\Dc11.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1013\Dc2.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1013\Dc4.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1013\Dc5.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2587760716-676309004-189216933-1013\Dc6.jpg Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\WrapperOuter1153.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\WINDOWS\Downloaded Program Files\WrapperOuter1153.EXE WiseSFX: infected - 1 skipped
C:\WINDOWS\Downloaded Program Files\WrapperOuter1153.EXE WiseSFX Dropper: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Soap Bubbles.bmp:zpdva:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Soap Bubbles.bmp:zpdva:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Soap Bubbles.bmp:zpdva:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Soap Bubbles.bmp:zpdva:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Soap Bubbles.bmp:zpdva:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\Soap Bubbles.bmp:zpdva:$DATA Embedded HTML: infected - 5 skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
#42
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 29 March 2007 - 08:39 AM
as you may notice, i've been trying to manually delete some
bad files manually from c:\>
there are a few that i can't get to delete, or even see
from c: (using safe mode boot to command prompt)
C:\WINDOWS\Soap Bubbles.bmp:zpdva:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
and
C:\WINDOWS\Downloaded Program Files\WrapperOuter1153.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
i can't seem to be able to navigate and find them in DOS, or delete them
also, there is a folder in one of the user accounts that I can't
change security settings,, i'm not sure if any of the files there
are dangerous though,, that's the "hannah's files" folder under
the skittlez user account.
#43
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 29 March 2007 - 07:33 PM
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 29, 2007 8:31:29 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/03/2007
Kaspersky Anti-Virus database records: 288871
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 55003
Number of viruses found: 4
Number of infected objects: 101 / 0
Number of suspicious objects: 2
Duration of the scan process: 00:59:58
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f089bd22bcf453ccf810126980056fe_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3905f0a0a26ca29aa4901d5c45e85501_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ad2a42c17daf75b38f2e4a7d6d6e4a1_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\569dd682d9ab39adb7a62975b2256a79_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\684022895e042d95da3395278522a327_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68b5a73dac7cc6e14f1e263f43a263fc_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cd41c6f0419848b802e6ad96fea065d_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7224bcd4e9c279dc8a90ccaf4b9e671_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f96db401122ef1904f57836808d8dd71_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/VXH8JKDQ6.EXE Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Andrew Horsfall\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\DoctorWeb\Quarantine\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\History\History.IE5\MSHist012007032920070330\index.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\ntuser.dat Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Andrew Horsfall\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Becky\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jare'\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jare'\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082359.INI:wsfeq:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082359.INI:wsfeq:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082359.INI:wsfeq:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082359.INI:wsfeq:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082359.INI:wsfeq:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082359.INI:wsfeq:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:boylo:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:boylo:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:boylo:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:boylo:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:boylo:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:boylo:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:ctlan:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:ctlan:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:ctlan:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:ctlan:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:ctlan:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082360.isu:ctlan:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082361.INI:nclih:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082361.INI:nclih:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082361.INI:nclih:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082361.INI:nclih:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082361.INI:nclih:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082361.INI:nclih:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082362.com/HZZ.EXE Infected: Trojan-Dropper.DOS.Rute skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082362.com Mail: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082362.com:grgej:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082362.com:grgej:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082362.com:grgej:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082362.com:grgej:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082362.com:grgej:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082362.com:grgej:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082363.dll:ckaip:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082363.dll:ckaip:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082363.dll:ckaip:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082363.dll:ckaip:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082363.dll:ckaip:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082363.dll:ckaip:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082364.dll:kicam:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082364.dll:kicam:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082364.dll:kicam:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082364.dll:kicam:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082364.dll:kicam:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082364.dll:kicam:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082365.INI:tgcxo:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082365.INI:tgcxo:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082365.INI:tgcxo:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082365.INI:tgcxo:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082365.INI:tgcxo:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082365.INI:tgcxo:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082366.dll:elopk:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082366.dll:elopk:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082366.dll:elopk:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082366.dll:elopk:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082366.dll:elopk:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082366.dll:elopk:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082367.PIF:geqgq:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082367.PIF:geqgq:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082367.PIF:geqgq:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082367.PIF:geqgq:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082367.PIF:geqgq:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082367.PIF:geqgq:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082690.dll:ckaip:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082690.dll:ckaip:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082690.dll:ckaip:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082690.dll:ckaip:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082690.dll:ckaip:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082690.dll:ckaip:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082693.com/HZZ.EXE Infected: Trojan-Dropper.DOS.Rute skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082693.com Mail: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082693.com:grgej:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082693.com:grgej:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082693.com:grgej:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082693.com:grgej:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082693.com:grgej:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082693.com:grgej:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082696.INI:nclih:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082696.INI:nclih:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082696.INI:nclih:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082696.INI:nclih:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082696.INI:nclih:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082696.INI:nclih:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:boylo:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:boylo:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:boylo:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:boylo:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:boylo:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:boylo:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:ctlan:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:ctlan:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:ctlan:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:ctlan:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:ctlan:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082697.isu:ctlan:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082699.INI:wsfeq:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082699.INI:wsfeq:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082699.INI:wsfeq:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082699.INI:wsfeq:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082699.INI:wsfeq:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\A0082699.INI:wsfeq:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP150\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
is there anybody out there?
what should i do next??
#44
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 29 March 2007 - 07:41 PM
Logfile of HijackThis v1.99.1
Scan saved at 8:40:10 PM, on 3/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Andrew Horsfall\Desktop\help files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcoyote.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~2\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~2\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Scan saved at 8:40:10 PM, on 3/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Andrew Horsfall\Desktop\help files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tomcoyote.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~2\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~2\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,15/mcgdmgr.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
#45
sdutcher
-
- Authentic Member
-
- 101 posts
Authentic Member
Posted 30 March 2007 - 06:44 AM
Friday Morning update:
ran F-secure overnite, it found 30 viruses,
but when it trys to delete, or fix the problems,
an error occurs.
this time I looked at the files first, and saw that
they all seem to be in the system volume information
file, and when i try to delete them, there is always
1 text file that won't delete. (change.log i think)
so when i delet the rest of the files, i see the stuff
move to c:recycler then when i delete from there,
it seems to move back to the restore file. i have
even tried dumping the files into killbox, but that
.log file won't go away!
i think i'm getting closer, things are running better...
and no scans are finding much other than what's in
either recycler or restore.
any thoughts?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
