Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Need Help Please

Started by makea4tune , Dec 03 2007 12:22 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 makea4tune

makea4tune

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 03 December 2007 - 12:22 PM

My computer has a safenweb program running on it. I have seen other posts wherer people are asked to post 3 logs. What happens next? How do I use these logs to remove the virus. Somebody please help.

SmitFraudFix v2.256

Scan done at 14:26:22.98, Fri 11/30/2007
Run from C:\Documents and Settings\Mark\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\gormet.dll FOUND !
C:\WINDOWS\hdtip.dll FOUND !
C:\WINDOWS\monhop.exe FOUND !
C:\WINDOWS\pmkret.dll FOUND !
C:\WINDOWS\werbet???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mark


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mark\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mark\FAVORI~1

C:\DOCUME~1\Mark\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Mark\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Mark\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\RichVideoCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 206.13.29.12
DNS Server Search Order: 206.13.30.12

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{158A72F2-C61A-4B9A-96F3-90ABC82097C9}: DhcpNameServer=206.13.29.12 206.13.30.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{30107F74-8DF4-44BB-8A48-D314C60D726B}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{158A72F2-C61A-4B9A-96F3-90ABC82097C9}: DhcpNameServer=206.13.29.12 206.13.30.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30107F74-8DF4-44BB-8A48-D314C60D726B}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{158A72F2-C61A-4B9A-96F3-90ABC82097C9}: DhcpNameServer=206.13.29.12 206.13.30.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30107F74-8DF4-44BB-8A48-D314C60D726B}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:51 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\PLook\plook.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.keysnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.keysnews.com/
R3 - URLSearchHook: (no name) - {15651C7C-E812-44a2-A9AC-B467A2233E7D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: MSVPS System - {A716011B-4637-44D0-922B-F1E88CC7CC73} - C:\WINDOWS\werbetpql.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Plook] C:\Program Files\PLook\plook.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [American Airlines DealFinder] null
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Plook] C:\Program Files\PLook\plook.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Plook] C:\Program Files\PLook\plook.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093593481625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143165098730
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysme...sCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: gormet - {3A44A7D5-73FE-48DA-B8E7-F540A6FCBDEC} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {E5AB0BD8-84E9-4E60-B7DD-0823F77949E8} - C:\WINDOWS\pmkret.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13965 bytes





Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
American Airlines DealFinder (remove only)
American Airlines TravelDesk
Apple Software Update
Avery Assistant for the Personal Label Printer
Avery DesignPro
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ccCommon
DesignPro 5.0 Limited Edition
DesignPro 5.0 Media Edition
Download Accelerator Plus
GdiplusUpgrade
Google Earth
GoToMyPC
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp deskjet 5550 series (Remove only)
HP Image Zone 4.0
hp print screen utility
HP Software Update
hp_DevIO
Insaniquarium Deluxe 1.0
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Internet Worm Protection
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech SetPoint
LogMeIn
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync 3.5
Microsoft AntiSpyware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Standard for Students and Teachers
Microsoft Picture It! Express 7.0
Microsoft Publisher 2000 Deluxe Disc 1
Microsoft Publisher 2000 Deluxe Disc 2
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Move Networks Player for Internet Explorer
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
NAVShortcut
Nero Media Player
Nero OEM
NeroVision Express 2
Nokia Connectivity Adapter Cable DKU-5
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NTI DVD-Maker Gold
OLYMPUS CAMEDIA Master 4.1
overland
Photosmart 320,370,7400,8100,8400 Series
PowerDVD
Quicken 2003 Premier Home & Business
QuickTime
Rio Music Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
SoundMAX
SPBBC
Spyware Doctor 3.2
Symantec
Symantec KB-DocID:2003093015493306
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
WebVideo Support
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Zuma Deluxe 1.0

    Advertisements

Register to Remove

#2 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 03 December 2007 - 04:31 PM

Hi,
Just a reminder. Please stay with this topic, I closed the other one.

Please copy the fix to Notepad/Word, or print it, because you won't always have internet access!

Step 1: Download AVG Anti-Spyware
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
IMPORTANT! Do not scan yet with AVG Anti-Spyware! We will do this later.

Step 2: Delete Temp Files
Please download ATF Cleaner here by Atribune. This program is for XP and Windows 2000 only.
It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step 3: Boot into Safe Mode
Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Step 4: Run SmitfraudFix
Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Step 5: Run AVG Anti-Spyware
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Step 6: Reboot your computer
It'll automatically switch to Normal Mode.

Step 7: Post logs
Please post:
  • c:\rapport.txt
  • AVG log
  • Fresh HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#3 makea4tune

makea4tune

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 03 December 2007 - 07:58 PM

I have finished all of the tasks. Here are the requested ogs. The pop ups have stopped but My Norton program keeps telling me it is stopping repeated attempts to change my home page. THANKS for the help!!!!!!!

Rapport:

mitFraudFix v2.256

Scan done at 15:44:42.85, Mon 12/03/2007
Run from C:\Documents and Settings\Mark\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\gormet.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{3A44A7D5-73FE-48DA-B8E7-F540A6FCBDEC}]
C:\WINDOWS\hdtip.dll Deleted
C:\WINDOWS\monhop.exe Deleted
C:\WINDOWS\pmkret.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{E5AB0BD8-84E9-4E60-B7DD-0823F77949E8}]
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\werbet???.dll Deleted
C:\DOCUME~1\Mark\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Mark\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Mark\FAVORI~1\Spyware?Malware Protection.url Deleted
C:\Program Files\RichVideoCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{158A72F2-C61A-4B9A-96F3-90ABC82097C9}: DhcpNameServer=206.13.29.12 206.13.30.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{30107F74-8DF4-44BB-8A48-D314C60D726B}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{158A72F2-C61A-4B9A-96F3-90ABC82097C9}: DhcpNameServer=206.13.29.12 206.13.30.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30107F74-8DF4-44BB-8A48-D314C60D726B}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{158A72F2-C61A-4B9A-96F3-90ABC82097C9}: DhcpNameServer=206.13.29.12 206.13.30.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{30107F74-8DF4-44BB-8A48-D314C60D726B}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll






---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:23:42 PM 12/3/2007

+ Scan result:



HKU\S-1-5-21-4025279379-3924064129-568730901-1008\Software\Classes\spredirect.ieobject.1 -> Adware.ActualNames : Cleaned with backup (quarantined).
HKU\S-1-5-21-4025279379-3924064129-568730901-1008\Software\btv -> Adware.BroadCastPC : Cleaned with backup (quarantined).
E:\OldD\CFILES\TEMP\ccu\CSBand.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
E:\OldC\Program Files\DAP\dapns.dll -> Adware.Dap : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-4025279379-3924064129-568730901-1008\Software\AdStatus Service -> Adware.WinTaskAd : Cleaned with backup (quarantined).
C:\Program Files\PLook\plook.exe -> Hijacker.Small.hn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lqpkgbuw\lqpkgbuw3.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-1503c5c6-3463fec5.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@cratebarrel.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@e-2dj6wfloglczslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@ehg-cygnusbm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@splashspot[1].txt -> TrackingCookie.Splashspot : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@www.splashspot[2].txt -> TrackingCookie.Splashspot : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mark\Local Settings\Temp\Cookies\mark@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\out.dll -> Trojan.Agent.adl : Cleaned with backup (quarantined).
E:\OldC\Program Files\AIM95\icbmft.ocm -> Worm.AimVen : Cleaned with backup (quarantined).


::Report end





HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:15 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\Temporary Directory 3 for HiJackThis.zip\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: MSVPS System - {A716011B-4637-44D0-922B-F1E88CC7CC73} - C:\WINDOWS\werbetpql.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [American Airlines DealFinder] null
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093593481625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143165098730
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysme...sCamControl.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13050 bytes

#4 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 03 December 2007 - 09:46 PM

Looks better.

Run HijackThis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: MSVPS System - {A716011B-4637-44D0-922B-F1E88CC7CC73} - C:\WINDOWS\werbetpql.dll (file missing)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab

Then close all windows except this one and press Fix checked.

-------------------------------------------------------------------------------

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 3.
  • Go to http://java.sun.com/...loads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6 Update 3
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
---------------------------------------------------------------------------------

Using Internet Explorer, click on Kaspersky Online Scanner * Click 'Accept' in the window that pops up.
* You will be prompted to install an ActiveX component from Kaspersky, Click on the information bar and select Install ActiveX Control if so. This may happen more than once. That is OK. You also may get a warning from your Windows Firewall. You can tell it to unblock.
* The program will launch and then start to download the latest definition files.
* Once the scanner is installed and the definitions downloaded, click 'Next'.
* Now click on 'Scan Settings'
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
* Click 'OK'
* Now under 'Select a target to scan' select 'My Computer'
* The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
* Now click on the 'Save Report As...' button:
* Make sure it says Save as a text file - change it if not
* Save the file to your desktop.
Please post the Kaspersky report and a new HijackThis log.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#5 makea4tune

makea4tune

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 December 2007 - 04:44 PM

Herer are the two reports. Should I buy the Kaspersky software? Thanks a lot for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:27 AM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mark\LOCALS~1\Temp\Temporary Directory 4 for HiJackThis.zip\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [American Airlines DealFinder] null
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SwHelper.exe -Update -1020021 -IEXPLORE.EXE7.0
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093593481625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143165098730
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysme...sCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12804 bytes




KASPERSKY

KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 04, 2007 2:37:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/12/2007
Kaspersky Anti-Virus database records: 472588
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 125130
Number of viruses found: 26
Number of infected objects: 129
Number of suspicious objects: 0
Duration of the scan process: 01:48:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mark\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Mark\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Mark\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Mark\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Mark\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Identities\{16AB1FAA-0989-43E9-B483-293650949AEA}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <identdep_op3845919@ebay.com>][Date Sun, 24 Jul 2005 01:27:29 -0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Identities\{16AB1FAA-0989-43E9-B483-293650949AEA}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <identdep_op3845919@ebay.com>][Date Sun, 24 Jul 2005 01:27:29 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Identities\{16AB1FAA-0989-43E9-B483-293650949AEA}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <identdep_op3845919@ebay.com>][Date Sun, 24 Jul 2005 01:27:29 -0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Identities\{16AB1FAA-0989-43E9-B483-293650949AEA}\Microsoft\Outlook Express\Inbox.dbx/[From eBay <identdep_op3845919@ebay.com>][Date Sun, 24 Jul 2005 01:27:29 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Identities\{16AB1FAA-0989-43E9-B483-293650949AEA}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\History\History.IE5\MSHist012007120420071205\index.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temp\WCESCOMM.LOG Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temp\~DF1178.tmp Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temp\~DF2DAC.tmp Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temp\~DFAE66.tmp Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temp\~DFC66D.tmp Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mark\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mark\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0679NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0806NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053687.exe/stream/data0004 Infected: Trojan-Downloader.Win32.Zlob.evo skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053687.exe/stream Infected: Trojan-Downloader.Win32.Zlob.evo skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053687.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053844.exe Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053845.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.a skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053846.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.a skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053847.exe Infected: not-a-virus:Downloader.Win32.FunWeb skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053848.dll Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053849.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1166\A0053850.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1167\A0053941.exe Infected: Trojan-Clicker.Win32.Small.hn skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1167\A0053942.dll Infected: Trojan.Win32.Agent.adl skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1167\A0053943.ocx Infected: not-a-virus:AdWare.Win32.Coupons skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1167\A0053944.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{EB1F42BF-EB6F-48C7-9900-81D9720909C2}\RP1174\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_114.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From joedornbach@aol.com][Date Sat, 31 Jan 2004 17:35:28 -0800]/UNNAMED/data.zip/data.txt .exe Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From joedornbach@aol.com][Date Sat, 31 Jan 2004 17:35:28 -0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From joedornbach@aol.com][Date Sat, 31 Jan 2004 17:35:28 -0800]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@yipvma.prodigy.net>][Date Fri, 30 Jan 2004 14:35:07 -0500]/UNNAMED/[From adsl-66-125-135-233.dsl.lsan03.pacbell.net [66.125.135.233]]/UNNAMED/[From samanthakern@cox.net][Date Fri, 30 Jan 2004 11:30:18 -0800]/doc.scr Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@yipvma.prodigy.net>][Date Fri, 30 Jan 2004 14:35:07 -0500]/UNNAMED/[From adsl-66-125-135-233.dsl.lsan03.pacbell.net [66.125.135.233]]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@yipvma.prodigy.net>][Date Fri, 30 Jan 2004 14:35:07 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From lars419@earthlink.net][Date Wed, 4 Feb 2004 08:28:30 -0800]/UNNAMED/readme.scr Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From lars419@earthlink.net][Date Wed, 4 Feb 2004 08:28:30 -0800]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\{26B8D724-CD73-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 8 skipped
E:\OldC\Windows\Application Data\Identities\SDIRentals-{F6B868E4-CD74-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From US Bank <anti-fraud.ref.num335454@usbank.com>][Date Mon, 16 Aug 2004 00:25:24 +0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
E:\OldC\Windows\Application Data\Identities\SDIRentals-{F6B868E4-CD74-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From US Bank <anti-fraud.ref.num335454@usbank.com>][Date Mon, 16 Aug 2004 00:25:24 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
E:\OldC\Windows\Application Data\Identities\SDIRentals-{F6B868E4-CD74-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From afn55764 <afn55764@afn.org>][Date Mon, 22 Dec 2003 09:54:35 -0800]/UNNAMED/install.exe Infected: Email-Worm.Win32.Klez.h skipped
E:\OldC\Windows\Application Data\Identities\SDIRentals-{F6B868E4-CD74-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From afn55764 <afn55764@afn.org>][Date Mon, 22 Dec 2003 09:54:35 -0800]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
E:\OldC\Windows\Application Data\Identities\SDIRentals-{F6B868E4-CD74-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From alnw@airliftnw.org][Date Sun, 8 Feb 2004 20:08:52 -0800]/UNNAMED/message.zip/message.pif Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\SDIRentals-{F6B868E4-CD74-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From alnw@airliftnw.org][Date Sun, 8 Feb 2004 20:08:52 -0800]/UNNAMED/message.zip Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\SDIRentals-{F6B868E4-CD74-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx/[From alnw@airliftnw.org][Date Sun, 8 Feb 2004 20:08:52 -0800]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Windows\Application Data\Identities\SDIRentals-{F6B868E4-CD74-11D7-B6AA-004033D0F81E}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 7 skipped
E:\OldC\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.r skipped
E:\OldC\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.r skipped
E:\OldC\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\587436EB.doc Infected: Virus.MSWord.Thus.ew skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\58BF7C99.doc Infected: Virus.MSWord.Eight941.d skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\58F7465C.doc Infected: Virus.MSWord.Eight941.d skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\59313A1B.doc Infected: Virus.MSWord.Eight941.d skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\596903DE.doc Infected: Virus.MSWord.Eight941.d skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\2B0F70D1.TMP Infected: Email-Worm.Win32.Tanatos.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3B58570E.TMP Infected: Email-Worm.Win32.Klez.h skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\72266A95.TMP Infected: Email-Worm.Win32.Tanatos.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\475038F7.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\47A57C99.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\47EC184A.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\480D3C26.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\0BA716E3.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\593C545E.TMP Infected: Email-Worm.Win32.Tanatos.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\608D3EE2.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\61C3538D.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\62181730.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\622C131A.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\62433901.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\629452A7.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\6A4979E2.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\5DBB75FA.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3D9C1CC1.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3DB342A7.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3DCD128B.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3DE10E75.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3DFB5E58.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3E0F5A43.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3E292A26.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3E3C2610.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3E5675F4.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3E6D1BDB.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\19FE5B18.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1A287CE9.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1A424CCC.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1A5972B3.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1A6D6E9D.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1A806A88.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1A946672.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1AAE3656.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1AC55C3C.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1AD52E2A.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1AE92A15.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B0379F8.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B1675E3.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B2A71CD.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B3E6DB7.TMP/[From jane@qualitycabinets.co][Date Wed, 11 Feb 2004 19:21:43 -0800]/text.cmd Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B3E6DB7.TMP Mail: infected - 1 skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B3E6DB7.TMP Crypt.Quarantine: infected - 1 skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B720D7E.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B893365.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1B9C2F4F.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\12692E49.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\129A2413.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\12B149FA.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\12C11BE8.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\12DF15C8.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\12FC0FA7.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\1313358E.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\132A5B75.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\133E5760.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\13582743.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\137F1F18.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\13A36CF0.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\13CA64C5.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\13DE60B0.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\13F40696.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\140F567A.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\14225264.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\14364E4E.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\144D7435.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\14771607.TMP Infected: Email-Worm.Win32.Mydoom.a skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\3FE7662C.TMP Infected: Email-Worm.Win32.Tanatos.b.dam skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\7FF82713.TMP Infected: Email-Worm.Win32.Tanatos.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\64DB209D.TMP Infected: Email-Worm.Win32.NetSky.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\6622110D.TMP Infected: Email-Worm.Win32.Tanatos.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\535F1214.TMP Infected: Email-Worm.Win32.NetSky.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\53A403C9.TMP Infected: Email-Worm.Win32.NetSky.b skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\21112C77.TMP Infected: Email-Worm.Win32.NetSky.q skipped
E:\OldC\Program Files\Norton AntiVirus\Quarantine\00A17D34.TMP Infected: Email-Worm.Win32.Bagle.af skipped
E:\OldD\CFILES\Desktop\Morph20.exe/WISE0014.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.d skipped
E:\OldD\CFILES\Desktop\Morph20.exe/WISE0014.BIN/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
E:\OldD\CFILES\Desktop\Morph20.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.a skipped
E:\OldD\CFILES\Desktop\Morph20.exe/WISE0016.BIN/WISE0007.BIN Infected: Trojan-Downloader.Win32.Stubby.b skipped
E:\OldD\CFILES\Desktop\Morph20.exe/WISE0016.BIN Infected: Trojan-Downloader.Win32.Stubby.b skipped
E:\OldD\CFILES\Desktop\Morph20.exe WiseSFX: infected - 5 skipped

Scan process completed.

#6 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 04 December 2007 - 05:48 PM

Hi,

Should I buy the Kaspersky software?

Obviously up to you. Kaspersky is good. I can also recommend some free good ones if you like. Are you still getting updates with Norton?


A couple of items Kaspersky found need to be deleted. You can also empty out the Norton Quarantine folder. And we'll clean out the restore points at the end.


We need to make sure all hidden files are showing so please:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Please reverse this process once the fix is complete.

Using Windows Explorer delete the following file and folders:

E:\OldD\CFILES\Desktop\Morph20.exe

E:\OldC\Program Files\MyWebSearch
E:\OldC\Program Files\FunWebProducts


Let me know how it's running now too.

Thanks,
Dave
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#7 makea4tune

makea4tune

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 December 2007 - 08:28 PM

Seems to be working good now. I am getting Norton updates as a matter of fact my subscription had expired but I renewed as soon as this happened. Norton was not able to really do much good once infected. I am open to some of the free ones as well. What is my next step now that all files are showing? Thanks for the help!

#8 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 05 December 2007 - 10:15 AM

I think you are good to go. I am giving you some suggestions on programs below, all are free. Remember, use only one Antivirus, and one Firewall. You can remove the Smitfraud tool and folders if you haven't already done so. Also remember to rehide your files.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

In addition to updating and using what you currently have you may want to consider the following:

Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here is a list of some free and evaluation versions to try: AVG AntiVirus
Avast Antivirus Home Version--Free
Antivir Personal - Free
Online Scanners:
Trend Micro Housecall
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide
better security than the Windows Firewall.Sunbelt Personal Firewall
Outpost Firewall
For a tutorial on Firewalls and a listing of some other available ones see the link below:
Understanding and Using Firewalls

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Spybot: Search And Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Install Ad-Aware - Ad-Aware SE You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install SpywareGuard - SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
A tutorial on installing & using this product can be found here:
Using SpywareGuard to protect your computer from Spyware and Malware

Use IESpy-Ad -
IESpy-Ad will block access to malicious websites so you cannot be redirected to them from an infected site or email. Instructions for set up and use can be found at the website.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Here is a great link to a post here on securing your PC after an attack.
http://forums.tomcoy...mp;#entry257163
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

#9 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 07 December 2007 - 07:57 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·