Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]Mal/vb-k (malware)


  • This topic is locked This topic is locked
6 replies to this topic

#1 Chuck W. C

Chuck W. C

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 11 July 2007 - 09:13 PM

Hi,
I clicked my shortcut to CCLEANER and received a message, Unable to find exe. At the very same time Spy Sweeper qaurantined MAL/VB-K. Left it qurantined and searched the web to find that this is new...today! Anyway I deleted it with what seemed to be no problem. Removed what was left of CCLEANER and tried to re-install a copy i had in a folder. Same as above and CCLEANER would not install. Dont remember message. So I deleted all off CCLEANER and tried downloading it from the web. At 99% received access denied/possible storage full or something very close. No download in my folder and yet again at the same time Spy Seeper qaurantined the Malware MAL/VB-K.

Any help would be appreciated. Thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 8:52:02 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\ProDsl.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chuck\Start Menu\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0A70ED6-7A6C-4E2B-AAA8-4B2348A4E778}: NameServer = 205.171.3.65 205.171.2.65
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 July 2007 - 03:35 PM

Hello and Welcome to the forum.

I'm not seeing anything bad, but lets see if something is hiding.

Download ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 Chuck W. C

Chuck W. C

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 18 July 2007 - 07:51 PM

LDTate Thank you, here are the logs.... so the 017 is ok too?


"Chuck" - 2007-07-18 19:33:04 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


2007-07-18 19:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 05:13 7,934 --a------ C:\dnsbak.reg
2007-07-16 05:33 <DIR> d-------- C:\info
2007-07-16 05:07 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-16 04:25 <DIR> d-------- C:\Program Files\Common Files\Scansoft Shared
2007-07-15 06:50 6,029,312 --a------ C:\DOCUME~1\Chuck\ntuser.dat
2007-07-14 06:04 786,432 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-07-14 06:04 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-07-13 22:53 <DIR> d-------- C:\Program Files\Norton Save and Restore
2007-07-13 22:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-13 22:52 <DIR> d-------- C:\Program Files\Symantec
2007-07-12 18:05 <DIR> d-------- C:\Program Files\CCleaner
2007-07-10 19:34 <DIR> d-------- C:\DOCUME~1\Chuck\APPLIC~1\Sony
2007-07-10 19:14 <DIR> d-------- C:\Program Files\Sony
2007-07-10 19:13 <DIR> d-------- C:\Program Files\Sony Setup
2007-07-10 06:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acronis
2007-07-10 06:36 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-07-10 06:36 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-07-10 06:36 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-07-10 06:35 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-07-10 04:01 98,360 --a------ C:\WINDOWS\dla.exe
2007-07-10 04:01 88,352 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys
2007-07-10 04:01 61,500 --a------ C:\WINDOWS\system32\tfswapi.dll
2007-07-10 04:01 5,627 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys
2007-07-10 04:01 40,544 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys
2007-07-10 04:01 23,545 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys
2007-07-08 06:13 <DIR> d-------- C:\DOCUME~1\Chuck\APPLIC~1\Ubisoft
2007-07-08 06:13 <DIR> d-------- C:\DOCUME~1\Chuck\APPLIC~1\InstallShield Installation Information
2007-07-08 06:12 <DIR> d-------- C:\DOCUME~1\Chuck\APPLIC~1\InstallShield
2007-07-06 04:01 <DIR> d-------- C:\Program Files\Google
2007-07-06 04:01 <DIR> d-------- C:\DOCUME~1\Chuck\APPLIC~1\Google
2007-07-02 05:32 <DIR> d-------- C:\DOCUME~1\Chuck\APPLIC~1\Nuance
2007-07-02 05:23 <DIR> d-------- C:\Program Files\Nuance
2007-07-02 05:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nuance
2007-07-02 05:13 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2007-07-02 05:11 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-02 04:35 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-30 10:35 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-28 06:33 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-06-26 18:00 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-25 18:34 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-25 06:20 <DIR> d-------- C:\DOCUME~1\Chuck\APPLIC~1\ThumbsPlus
2007-06-25 06:08 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-06-25 06:08 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-06-24 07:21 <DIR> d-------- C:\Program Files\Thumbs7
2007-06-23 06:36 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-22 19:43 <DIR> d-------- C:\Program Files\EA GAMES
2007-06-21 06:14 <DIR> d-------- C:\Program Files\Bethesda Softworks(2)
2007-06-19 04:11 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-19 04:11 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-19 04:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-06-19 04:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-19 04:11 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-06-19 04:11 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-19 04:11 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-19 04:11 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 04:11 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-19 04:11 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-19 04:11 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-19 04:11 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-19 04:11 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-19 04:11 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-19 04:11 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-06-19 04:11 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-19 04:11 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-06-19 04:11 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-18 06:18 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-18 06:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-18 06:16 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-18 23:42:30 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
2007-07-18 23:42:30 384 ----a-w C:\WINDOWS\system32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
2007-07-18 00:00:37 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\OfficeUpdate12
2007-07-17 12:30:31 2,034 ----a-w C:\DOCUME~1\Chuck\APPLIC~1\SAS7_000.DAT
2007-07-14 05:08:09 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-10 10:01:01 -------- d-----w C:\Program Files\Sonic
2007-06-28 23:36:03 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\Creative
2007-06-23 01:43:43 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-22 13:10:23 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-22 00:43:52 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-22 00:43:52 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-22 00:43:52 160,056 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-14 13:16:18 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\ArcSoft
2007-06-14 11:57:55 -------- d-----w C:\Program Files\ArcSoft
2007-06-14 11:03:19 10,344 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-06-10 10:31:23 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\NewSoft
2007-06-09 12:18:33 -------- d-----w C:\Program Files\EndItAll
2007-06-07 11:40:12 -------- d-----w C:\Program Files\Microsoft Office Outlook Connector
2007-06-07 11:35:30 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\MSN6
2007-06-07 11:32:56 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\MSNInstaller
2007-06-07 11:32:11 -------- d-----w C:\Program Files\Microsoft Picture It! 9
2007-06-07 11:31:40 -------- d-----w C:\Program Files\Design Science
2007-06-06 04:05:44 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\ATI
2007-06-06 04:04:19 -------- d-----w C:\Program Files\ATI Technologies
2007-06-06 03:13:30 -------- d-----w C:\Program Files\MSBuild
2007-06-06 03:10:17 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-05 17:36:02 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-05 17:06:23 -------- d-----w C:\Program Files\Atari
2007-06-05 02:47:42 -------- d-----w C:\Program Files\MSN Messenger
2007-06-05 02:41:57 -------- d-----w C:\Program Files\Furcadia
2007-06-04 23:48:55 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\Sonic
2007-06-04 23:48:13 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\Leadertech
2007-06-04 00:27:17 -------- d-----w C:\Program Files\MSXML 4.0
2007-06-04 00:23:28 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\Opera
2007-06-03 23:59:31 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-06-03 23:59:31 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-06-03 23:59:30 20,640 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-03 16:02:28 -------- d-----w C:\Program Files\Microsoft Money 2005
2007-06-03 15:03:51 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\Lavasoft
2007-06-03 15:02:39 -------- d-----w C:\Program Files\Lavasoft
2007-06-03 14:54:16 -------- d-----w C:\Program Files\Privacy Mantra 2.02
2007-06-03 13:53:42 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\Canon
2007-06-03 13:49:10 -------- d-----w C:\Program Files\Canon
2007-06-03 13:48:20 -------- d-----w C:\Program Files\Common Files\PDFView
2007-06-03 13:47:45 -------- d-----w C:\Program Files\NewSoft
2007-06-03 13:46:53 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\ScanSoft
2007-06-03 13:46:46 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-03 13:46:22 -------- d-----w C:\Program Files\ScanSoft
2007-06-03 13:39:24 -------- d--h--w C:\Program Files\CanonBJ
2007-06-03 13:33:33 -------- d-----w C:\Program Files\Common Files\Logitech
2007-06-03 13:33:28 -------- d-----w C:\Program Files\Logitech
2007-06-03 06:26:42 -------- d-----w C:\Program Files\Common Files\Filseclab
2007-06-03 06:20:50 -------- d-----w C:\Program Files\Filseclab
2007-06-03 05:51:29 -------- d-----w C:\Program Files\Microsoft Works
2007-06-03 05:24:54 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-03 05:20:13 -------- d-----w C:\Program Files\Messenger
2007-06-03 02:40:30 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\Help
2007-06-03 02:34:13 -------- d-----w C:\Program Files\Intel
2007-06-03 02:11:02 -------- d-----w C:\Program Files\Creative
2007-06-03 02:09:24 184 ----a-w C:\WINDOWS\system32\e000001.dat
2007-06-03 02:02:44 -------- d-----w C:\Program Files\Broadcom
2007-06-03 01:58:34 -------- d-----w C:\Program Files\Webroot
2007-06-03 01:57:37 -------- d-----w C:\DOCUME~1\Chuck\APPLIC~1\Webroot
2007-06-03 01:56:05 -------- d-----w C:\Program Files\Trend Micro
2007-06-02 21:30:46 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-02 21:30:33 0 --sha-w C:\CONFIG.SYS
2007-06-02 21:30:33 0 --sha-w C:\AUTOEXEC.BAT
2007-06-02 21:30:33 0 --sha-r C:\MSDOS.SYS
2007-06-02 21:30:33 0 --sha-r C:\IO.SYS
2007-06-02 21:29:42 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 21:29:02 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-02 21:28:54 -------- d-----w C:\Program Files\Movie Maker
2007-06-02 21:28:17 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-02 21:28:13 -------- d-----w C:\Program Files\Online Services
2007-06-02 21:28:08 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-02 21:28:00 -------- d-----w C:\Program Files\Windows NT
2007-06-02 15:20:24 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-02 15:20:21 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-05-18 03:05:00 520,192 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-05-18 01:58:58 339,968 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-05-18 01:58:04 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-05-18 01:57:53 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-05-18 01:51:01 139,264 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-05-18 01:50:52 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-05-18 01:50:46 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-05-18 01:50:34 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-05-18 01:49:14 479,232 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-05-18 01:48:26 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-05-18 01:41:03 2,922,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-05-18 01:39:54 7,610,368 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-05-18 01:30:58 1,512,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-05-18 01:30:41 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
2007-05-18 01:30:41 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
2007-05-18 01:30:40 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-05-18 01:19:50 5,431,296 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-05-18 01:17:27 262,144 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-05-18 01:16:04 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-05-18 01:14:21 46,592 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-05-18 01:10:21 368,640 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-05-31 05:33 118844 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-01-19 01:48]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTHelper"="CTHELPER.EXE" [2004-03-10 19:50 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"ProDsl.exe"="ProDsl.exe" [2001-01-05 04:59 C:\WINDOWS\PRODSL.EXE]
"XFILTER"="C:\Program Files\Filseclab\xfilter\xfilter.exe" [2006-12-23 15:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-26 21:10]
"Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 06:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73e2eab5-111b-11dc-96bf-806d6172696f}]
AutoRun\command- H:\Autorun.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 19:34:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 19:35:17

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 7:48:55 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\ProDsl.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chuck\Start Menu\Programs\hjtscan.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0A70ED6-7A6C-4E2B-AAA8-4B2348A4E778}: NameServer = 205.171.3.65 205.171.2.65
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 July 2007 - 08:12 PM

I see you're running 2 anti=virus programs.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.


1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove either Symantec (nortons) or Trend Micro


I'm only seeing one thing that needs fixed.

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.
Save in: Desktop
File Name: fixme.reg
Save as Type: * files
Click: Save

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73e2eab5-111b-11dc-96bf-806d6172696f}]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 Chuck W. C

Chuck W. C

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 19 July 2007 - 05:59 AM

LDTate, The Norton product is Save and Restore. That is the only product from Symantec loaded(no anti virus products from Norton has been loaded). It did add a menu that shows the current protection on my system but only Save and Restore has been loaded on my system. I could buy another image copy product if this really needs to go. This system seems fine. Maybe my original concern was a false-possitive that has been corrected with newer updates. But thank you so much for fixing the problems I would have not known about. I have completed the reg-merge/boot/new hjtlog as requested. Thanks again! Chuck Logfile of HijackThis v1.99.1 Scan saved at 5:44:48 AM, on 7/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\ProDsl.exe C:\Program Files\Filseclab\xfilter\xfilter.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\Chuck\Start Menu\Programs\hjtscan.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15 O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ProDsl.exe] ProDsl.exe O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O11 - Options group: [INTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{D0A70ED6-7A6C-4E2B-AAA8-4B2348A4E778}: NameServer = 205.171.3.65 205.171.2.65 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 July 2007 - 02:57 PM

If you're only using Norton's / Symantec for that, you should be OK. Log looks good :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 July 2007 - 04:42 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users