Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] infected with spywares and viruses


  • This topic is locked This topic is locked
14 replies to this topic

#1 tonymharb

tonymharb

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 19 December 2007 - 08:43 AM

my pc is infected with spywates and viruses alerts are popping all over the place, my background turned into red and there is a msg saying: YOUR PRIVACY IS IN DANGER, DOWNLOAD PRICAVCY PROTECTION SOFTWARE NOW, this is the hijackthis log file plz someone help me :S thanx in advance

Logfile of HijackThis v1.99.1
Scan saved at 4:42:00 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Remote Control\RCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 90.2.2.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: OFK System - {2B159383-78BB-4D21-A799-95AABC81ACED} - C:\WINDOWS\vipextmst.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The voipwet - {224E1433-F086-4BB1-B791-AF87F7629D93} - C:\WINDOWS\voipwet.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RCServer] "C:\Program Files\Remote Control\RCServer.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://totti007.spac...ad/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: kopmet - {D6B56B26-8427-4259-BB36-63B653C3A61C} - C:\WINDOWS\kopmet.dll
O21 - SSODL: jetctrl - {25434336-731D-4232-AE82-8D0641E09733} - C:\WINDOWS\jetctrl.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe" -service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe

Edited by tonymharb, 19 December 2007 - 08:45 AM.

    Advertisements

Register to Remove


#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 19 December 2007 - 02:10 PM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.


Download and Run SmitfraudFix
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#3 tonymharb

tonymharb

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 19 December 2007 - 02:33 PM

hey man thank u really for ur help and time, when i run the smitfraudfix.cmd it says that process.exe is absent!!! and this is the uninstall_list u demanded man from the hijackthis program: ACDSee 4.0 PowerPack Suite Ad-Aware SE Personal Adobe Photoshop Album Starter Edition Adobe Reader 6.0.1 Advanced Display Picture AVG Anti-Spyware 7.5 BK's Winamp Ext. BMW M3 Challenge CircuitMaker 6 Student Client Activator 2.2 - English CloneDVD2 Colin McRae Rally 2005 ColorNick v2 plugin for Messenger Plus! Cucusoft All Audio/Video to MP3/WAV Converter 2.31 Download Accelerator Plus (DAP) DVD Shrink 3.2 DVDFab Platinum 2.84 EA SPORTS online 2007 Flamingo Hijackthis 1.99.1 HijackThis 1.99.1 HP Image Zone 4.2 HP PSC & OfficeJet 4.2 HP Software Update InterVideo WinDVD 4 InterVideo WinDVD Creator InterVideo WinDVD Recorder LexarMedia ImageRescue Software Macromedia Flash Player 8 Media Key Media-Codec 4.0 Metacafe Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft AntiSpyware Microsoft Office Professional Edition 2003 Microsoft SQL Server Desktop Engine mIRC MSN MSN Music Assistant MSN Toolbar MSXML 4.0 SP2 (KB936181) My Search Bar NBA LIVE 07 Nokia Multimedia Player NTI Backup NOW! 4 NTI CD & DVD-Maker 7 Platinum NVIDIA Drivers PacketVideo pvAuthor SDK PacketVideo Recorder PC Suite for Nokia 6600 Power MP3 WMA Converter 1.15 PP ExcelConnector Professional Planner Currency Converter Professional Planner Profit PSpice Student 9.1 QuickTime Race - The WTCC Game RealPlayer Remote Control P900 Rhapsody Player Engine Rich Video Codec v1.6 Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB944653) SEMC DSS SyncStation Driver SmartCDRipper Pro SoundMAX StuffPlug-NG (Messenger Plus! Plugins) SuperProNet Combo Installer Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Viewpoint Media Player (Remove Only) V-Rally version 1.0 Installer Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WinZip XMLinst Yahoo! Toolbar

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 19 December 2007 - 03:02 PM

Hi

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please Download and Save Combofix from Bleeping Computer. Save it to your desktop.

If you can't download it, please try these 2 alternative sites:

Forospyware
Geeks to Go
  • Save it to your Desktop.
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Click Start>Run copy/paste or type "%userprofile%\desktop\combofix.exe" /killall into the Run box and click OK.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#5 tonymharb

tonymharb

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 20 December 2007 - 06:09 AM

hey man i did exactly wut u told me to do, here is the combofix log file:

ComboFix 07-12-20.1 - tony 2007-12-20 13:57:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.219 [GMT 2:00]
Running from: C:\Documents and Settings\tony\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\tony\Desktop\Error Cleaner.url
C:\Documents and Settings\tony\Desktop\Privacy Protector.url
C:\Documents and Settings\tony\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\tony\Favorites\Error Cleaner.url
C:\Documents and Settings\tony\Favorites\Privacy Protector.url
C:\Documents and Settings\tony\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\voipwet.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.

2007-12-18 14:05 . 2007-12-18 14:05 <DIR> d-------- C:\Documents and Settings\tony\Application Data\Grisoft
2007-12-18 14:05 . 2007-12-18 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 14:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-09 02:06 . 2007-12-09 02:06 <DIR> d-------- C:\Program Files\XP Antivirus
2007-12-07 23:17 . 2007-12-07 19:41 307,200 --a------ C:\WINDOWS\vipextmst.dll
2007-12-07 23:17 . 2007-12-07 19:40 270,336 --a------ C:\WINDOWS\jetctrl.dll
2007-12-07 23:17 . 2007-12-07 19:41 208,896 --a------ C:\WINDOWS\kopmet.dll
2007-12-07 23:17 . 2007-12-07 19:41 143,360 --a------ C:\WINDOWS\nretcip.exe
2007-12-07 23:05 . 2007-12-07 23:13 <DIR> d-------- C:\Program Files\RichVideoCodec
2007-12-04 22:26 . 2007-12-04 22:26 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-24 23:01 . 2007-12-20 13:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 22:49 . 2007-11-24 22:49 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2007-11-24 22:49 . 2007-11-24 22:49 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2007-11-24 22:49 . 2007-11-24 22:49 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 11:57 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-19 14:38 --------- d-----w C:\Documents and Settings\tony\Application Data\Metacafe
2007-12-19 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2007-11-24 21:04 --------- d-----w C:\Program Files\DAP
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 21:52 --------- d-----w C:\Program Files\SCC-TDS
2007-10-29 13:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 23:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-25 23:35 --------- d-----w C:\Program Files\Metacafe
2007-10-25 16:28 --------- d-----w C:\Program Files\MSN Messenger
2007-10-25 15:55 --------- d-----w C:\Program Files\MessengerPlus! 3
2007-10-25 15:38 --------- d-----w C:\Program Files\MessengerDiscovery
2007-10-25 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\platform dupe draw memo
2007-10-25 15:35 --------- d-----w C:\Program Files\Ares
2007-10-25 15:32 --------- d-----w C:\Program Files\Nokia
2007-10-25 15:26 --------- d-----w C:\Program Files\EA SPORTS
2007-10-23 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-23 14:51 --------- d-----w C:\Documents and Settings\tony\Application Data\InstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B159383-78BB-4D21-A799-95AABC81ACED}]
2007-12-07 19:41 307200 --a------ C:\WINDOWS\vipextmst.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"XP Antivirus"="C:\Program Files\XP Antivirus\xpa.exe" [2007-12-09 02:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-30 02:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 19:42]
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2003-06-05 03:58]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 23:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-13 01:18]
"RCServer"="C:\Program Files\Remote Control\RCServer.exe" [2003-02-05 19:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-23 14:30]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-19 21:42]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-11-24 23:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" []

C:\Documents and Settings\tony\Start Menu\Programs\Startup\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 17:04:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 08:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 09:06:36]
ImageFox.lnk - C:\WINDOWS\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [2005-02-12 16:37:13]
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe [2005-02-13 01:40:01]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-02-13 01:40:07]
Media Key.lnk - C:\Program Files\Media Key\MagicKey.exe [2005-02-12 16:57:23]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 17:04:34]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 01:03:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kopmet"= {D6B56B26-8427-4259-BB36-63B653C3A61C} - C:\WINDOWS\kopmet.dll [2007-12-07 19:41 208896]
"jetctrl"= {25434336-731D-4232-AE82-8D0641E09733} - C:\WINDOWS\jetctrl.dll [2007-12-07 19:40 270336]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 18:27]
R2 RCSERVER;Remote Control Server;"C:\Program Files\Remote Control\RCServer.exe" -service []
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 17:27]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 14:03:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\kopmet.dll
.
Completion time: 2007-12-20 14:05:40 - machine was rebooted
.
2007-12-20 11:56:33 --- E O F ---


and now here is the hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 2:06:38 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Remote Control\RCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\WINDOWS\system32\notepad.exe
C:\ComboFix\nircmd.cfexe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 90.2.2.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: OFK System - {2B159383-78BB-4D21-A799-95AABC81ACED} - C:\WINDOWS\vipextmst.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RCServer] "C:\Program Files\Remote Control\RCServer.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://totti007.spac...ad/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: kopmet - {D6B56B26-8427-4259-BB36-63B653C3A61C} - C:\WINDOWS\kopmet.dll
O21 - SSODL: jetctrl - {25434336-731D-4232-AE82-8D0641E09733} - C:\WINDOWS\jetctrl.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe" -service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe

thank u again for ur support waiting for ur reply...

#6 tonymharb

tonymharb

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 20 December 2007 - 06:14 AM

hey man i did exactly wut u told me to do, here is the combofix log file:

ComboFix 07-12-20.1 - tony 2007-12-20 13:57:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.219 [GMT 2:00]
Running from: C:\Documents and Settings\tony\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\tony\Desktop\Error Cleaner.url
C:\Documents and Settings\tony\Desktop\Privacy Protector.url
C:\Documents and Settings\tony\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\tony\Favorites\Error Cleaner.url
C:\Documents and Settings\tony\Favorites\Privacy Protector.url
C:\Documents and Settings\tony\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\voipwet.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.

2007-12-18 14:05 . 2007-12-18 14:05 <DIR> d-------- C:\Documents and Settings\tony\Application Data\Grisoft
2007-12-18 14:05 . 2007-12-18 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 14:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-09 02:06 . 2007-12-09 02:06 <DIR> d-------- C:\Program Files\XP Antivirus
2007-12-07 23:17 . 2007-12-07 19:41 307,200 --a------ C:\WINDOWS\vipextmst.dll
2007-12-07 23:17 . 2007-12-07 19:40 270,336 --a------ C:\WINDOWS\jetctrl.dll
2007-12-07 23:17 . 2007-12-07 19:41 208,896 --a------ C:\WINDOWS\kopmet.dll
2007-12-07 23:17 . 2007-12-07 19:41 143,360 --a------ C:\WINDOWS\nretcip.exe
2007-12-07 23:05 . 2007-12-07 23:13 <DIR> d-------- C:\Program Files\RichVideoCodec
2007-12-04 22:26 . 2007-12-04 22:26 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-24 23:01 . 2007-12-20 13:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 22:49 . 2007-11-24 22:49 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2007-11-24 22:49 . 2007-11-24 22:49 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2007-11-24 22:49 . 2007-11-24 22:49 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 11:57 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-19 14:38 --------- d-----w C:\Documents and Settings\tony\Application Data\Metacafe
2007-12-19 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2007-11-24 21:04 --------- d-----w C:\Program Files\DAP
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 21:52 --------- d-----w C:\Program Files\SCC-TDS
2007-10-29 13:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 23:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-25 23:35 --------- d-----w C:\Program Files\Metacafe
2007-10-25 16:28 --------- d-----w C:\Program Files\MSN Messenger
2007-10-25 15:55 --------- d-----w C:\Program Files\MessengerPlus! 3
2007-10-25 15:38 --------- d-----w C:\Program Files\MessengerDiscovery
2007-10-25 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\platform dupe draw memo
2007-10-25 15:35 --------- d-----w C:\Program Files\Ares
2007-10-25 15:32 --------- d-----w C:\Program Files\Nokia
2007-10-25 15:26 --------- d-----w C:\Program Files\EA SPORTS
2007-10-23 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-23 14:51 --------- d-----w C:\Documents and Settings\tony\Application Data\InstallShield
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B159383-78BB-4D21-A799-95AABC81ACED}]
2007-12-07 19:41 307200 --a------ C:\WINDOWS\vipextmst.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"XP Antivirus"="C:\Program Files\XP Antivirus\xpa.exe" [2007-12-09 02:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-30 02:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 19:42]
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2003-06-05 03:58]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 23:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-13 01:18]
"RCServer"="C:\Program Files\Remote Control\RCServer.exe" [2003-02-05 19:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-23 14:30]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-19 21:42]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-11-24 23:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" []

C:\Documents and Settings\tony\Start Menu\Programs\Startup\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 17:04:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 08:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 09:06:36]
ImageFox.lnk - C:\WINDOWS\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [2005-02-12 16:37:13]
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe [2005-02-13 01:40:01]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-02-13 01:40:07]
Media Key.lnk - C:\Program Files\Media Key\MagicKey.exe [2005-02-12 16:57:23]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 17:04:34]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 01:03:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kopmet"= {D6B56B26-8427-4259-BB36-63B653C3A61C} - C:\WINDOWS\kopmet.dll [2007-12-07 19:41 208896]
"jetctrl"= {25434336-731D-4232-AE82-8D0641E09733} - C:\WINDOWS\jetctrl.dll [2007-12-07 19:40 270336]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 18:27]
R2 RCSERVER;Remote Control Server;"C:\Program Files\Remote Control\RCServer.exe" -service []
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 17:27]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 14:03:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\kopmet.dll
.
Completion time: 2007-12-20 14:05:40 - machine was rebooted
.
2007-12-20 11:56:33 --- E O F ---


and now here is the hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 2:06:38 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Remote Control\RCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\WINDOWS\system32\notepad.exe
C:\ComboFix\nircmd.cfexe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 90.2.2.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: OFK System - {2B159383-78BB-4D21-A799-95AABC81ACED} - C:\WINDOWS\vipextmst.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RCServer] "C:\Program Files\Remote Control\RCServer.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://totti007.spac...ad/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: kopmet - {D6B56B26-8427-4259-BB36-63B653C3A61C} - C:\WINDOWS\kopmet.dll
O21 - SSODL: jetctrl - {25434336-731D-4232-AE82-8D0641E09733} - C:\WINDOWS\jetctrl.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe" -service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe

thank u again for ur support waiting f

#7 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 20 December 2007 - 06:34 AM

Hello

Messenger Plus! (MessengerPlus2, MessengerPlus3) (MP) is an add‑on for Microsoft's free messaging programs Windows Messenger and MSN Messenger. It is a 'free' download (with a few stingers in its tail). MP includes an optional Sponsor Program provided by C2Media. The Sponsor Program is commonly known in the anti‑spyware and adware world as 'Lop' or 'Lop.com'. There has been a problem since Messenger Plus! first started including the Sponsor Program in approximately May 2003, with users installing the Sponsor Program without understanding what the Sponsor Program is, what it does to a user's system, or the privacy implications involved.

Messenger Plus!, if installed to include the 'sponsor program', will install adware on your computer that generates pop up windows. The Sponsor Program will also change your home page, your search engine settings, place numerous links in IE favorites (including online casino and gambling links) and place more links on your desktop. The search toolbar that is installed cannot be turned off. The pop up advertising windows will appear even if you are running IE's pop‑up blocker. This is because the Sponsor Program adds its advertisement URLs to the pop‑up blocker exclusion list. If you want to reinstall MessengerPlus3, make sure you click "I refuse, do not install the sponsor program". This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources.


Remember to disconnect from the Internet and disable your anti-virus before carrying out the next instruction, and to reenable the anti-virus before reconnecting to the Internet


Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C

File::
C:\WINDOWS\vipextmst.dll 
C:\WINDOWS\jetctrl.dll
C:\WINDOWS\kopmet.dll
C:\WINDOWS\nretcip.exe

Folder::
C:\Program Files\XP Antivirus
C:\Program Files\RichVideoCodec
C:\Documents and Settings\All Users\Application Data\platform dupe draw memo

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B159383-78BB-4D21-A799-95AABC81ACED}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XP Antivirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kopmet"=-
"jetctrl"=-

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

With the exception of Internet Explorer, which is needed for the Kaspersky Scan, keep ALL programs closed until the scan is complete.


In your next reply post:
Kaspersky report
ComboFix.txt
New HJT log taken after the above scan has run

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#8 tonymharb

tonymharb

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 20 December 2007 - 04:45 PM

okay man i did the steps required here are the log files :

KARPESKY:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, December 21, 2007 12:33:57 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/12/2007
Kaspersky Anti-Virus database records: 490757
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 96357
Number of viruses found: 50
Number of infected objects: 194
Number of suspicious objects: 0
Duration of the scan process: 01:11:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tony\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tony\Desktop\mediacodec-v4.290.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.ob skipped
C:\Documents and Settings\tony\Desktop\mediacodec-v4.290.exe/stream/data0007 Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Documents and Settings\tony\Desktop\mediacodec-v4.290.exe/stream Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Documents and Settings\tony\Desktop\mediacodec-v4.290.exe NSIS: infected - 3 skipped
C:\Documents and Settings\tony\Desktop\mediacodec-v4.290.exe UPX: infected - 3 skipped
C:\Documents and Settings\tony\Desktop\mediacodec-v4.290.exe PE_Patch.UPX: infected - 3 skipped
C:\Documents and Settings\tony\Desktop\Virus infection\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tony\Desktop\Virus infection\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\tony\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tony\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Temp\Perflib_Perfdata_bb0.dat Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Temp\~DF8225.tmp Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Temp\~DFAEA7.tmp Object is locked skipped
C:\Documents and Settings\tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tony\My Documents\My Completed Downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\tony\My Documents\My Completed Downloads\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\tony\My Documents\My Completed Downloads\VideoAccessCodecInstall.exe/stream/data0004 Infected: Trojan-Downloader.Win32.Zlob.fcm skipped
C:\Documents and Settings\tony\My Documents\My Completed Downloads\VideoAccessCodecInstall.exe/stream Infected: Trojan-Downloader.Win32.Zlob.fcm skipped
C:\Documents and Settings\tony\My Documents\My Completed Downloads\VideoAccessCodecInstall.exe NSIS: infected - 2 skipped
C:\Documents and Settings\tony\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\tony\ntuser.dat.LOG Object is locked skipped
C:\New Folder\Kazaa\kazaaFDL.exe/data0003 Infected: Trojan-Downloader.Win32.Dreamad skipped
C:\New Folder\Kazaa\kazaaFDL.exe Inno: infected - 1 skipped
C:\New Folder\Kazaa\Kazaamate.exe/data0020 Infected: not-a-virus:Server-Proxy.Win32.MarketScore.j skipped
C:\New Folder\Kazaa\Kazaamate.exe Inno: infected - 1 skipped
C:\New Folder\Kazaa\kpe12.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
C:\New Folder\Kazaa\kpe12.exe NSIS: infected - 1 skipped
C:\New Folder\Kazaa\qksetup.exe/WISE0014.BIN/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.b skipped
C:\New Folder\Kazaa\qksetup.exe/WISE0014.BIN/data0010 Infected: not-a-virus:AdWare.Win32.CommonName.d skipped
C:\New Folder\Kazaa\qksetup.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.CommonName.d skipped
C:\New Folder\Kazaa\qksetup.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.EZula.p skipped
C:\New Folder\Kazaa\qksetup.exe WiseSFX: infected - 4 skipped
C:\New Folder\Kazaa\speedup-2.7.3.exe/data0003/stream/data0007/data0002 Infected: not-a-virus:AdWare.Win32.NoName.b skipped
C:\New Folder\Kazaa\speedup-2.7.3.exe/data0003/stream/data0007/data0003 Infected: Trojan-Downloader.Win32.Lookme.g skipped
C:\New Folder\Kazaa\speedup-2.7.3.exe/data0003/stream/data0007/data0004 Infected: not-a-virus:AdWare.Win32.404Search.a skipped
C:\New Folder\Kazaa\speedup-2.7.3.exe/data0003/stream/data0007 Infected: not-a-virus:AdWare.Win32.404Search.a skipped
C:\New Folder\Kazaa\speedup-2.7.3.exe/data0003/stream Infected: not-a-virus:AdWare.Win32.404Search.a skipped
C:\New Folder\Kazaa\speedup-2.7.3.exe/data0003 Infected: not-a-virus:AdWare.Win32.404Search.a skipped
C:\New Folder\Kazaa\speedup-2.7.3.exe NSIS: infected - 6 skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\DAP\History\tony\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\Log\DAP_REPORT.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D17196E/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D17196E WiseSFX: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D17196E CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F8A36A3 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\107C7C39/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\107C7C39 WiseSFX: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\107C7C39 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\107F2635 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Program Files\Norton AntiVirus\Quarantine\10825032 Infected: not-a-virus:AdWare.Win32.Xupiter.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\13010326 Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\Norton AntiVirus\Quarantine\18A7556D Infected: not-a-virus:AdWare.Win32.YourSiteBar.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\34510A93/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\34510A93/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\34510A93/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\34510A93/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Xupiter.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\34510A93 WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\34510A93 CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\357351B8.tmp Infected: Trojan.Win32.Favadd.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\372D70BB Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\41885A4D Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\46066015 Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\488E7D63 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\55133B7B Infected: Trojan-Downloader.Win32.IstBar.gm skipped
C:\Program Files\Norton AntiVirus\Quarantine\55166578 Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\59A26613 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A9654C1 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CD80560 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\61830BBE Infected: Trojan-Downloader.Win32.IstBar.gn skipped
C:\Program Files\Norton AntiVirus\Quarantine\639721D4 Infected: not-a-virus:AdWare.Win32.YourSiteBar.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A794148 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C0B4C78 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6CB71E18 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Program Files\Norton AntiVirus\Quarantine\76BF1D7C Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\76C24779 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\76C57175 Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\01161E65.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\01194862 Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\01194862.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\011C725E.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\01410730.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02F860A4/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02F860A4 NSIS: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02F860A4 CryptFF: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FA0E15.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FB0AA0.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FE349C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\031C6645.exe Infected: Trojan-Downloader.Win32.IstBar.ij skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03330C2C.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04AF6AA0.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0530584F.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05A40175.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07F72F7D.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07FA5979.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\08C67AAD.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A80684C.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B3D63DB.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D72593B.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0F4640AB.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0FDF21D3.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1040269F.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\108217EB.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\113B320D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11BB7947.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11BE2344.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\13522669.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\142E2A9D.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\189F7752.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18CD7A42.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C0D0F65.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1C3658A5.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\24623432.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\247C7F3E.EXE Infected: Email-Worm.Win32.Rays skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27B20985.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27C714A4.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A465549.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2B451D6C.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2BC17AEB.js Infected: Trojan-Downloader.JS.IstBar.ad skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2E9959AE.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F214954.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F247351.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F281D4D.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32CB77A3.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\335750A2.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\378F7118.exe/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\378F7118.exe NSIS: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\378F7118.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39834689.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39864164.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40732DDF.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\418D16BC.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\419140B9.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41946AB5.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\419714B1.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\419A3EAE.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\419E68AA.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41A112A7.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41A43CA3.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41A8669F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41AB109C.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41AE3A98.bk! Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41AE3A98.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41B16495.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\431F2D17.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\457405DC.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4855068B.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4A7848A0.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4BDB5C0F.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4F46043D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA94816.dll Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA94816.exe/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA94816.exe NSIS: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA94816.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FA94816.tmp Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FAD7212.dll Infected: not-a-virus:AdWare.Win32.WinAD.ag skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FAD7212.exe Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FB01C0F.dll Infected: not-a-virus:AdWare.Win32.WinAD.ah skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4FB01C0F.exe Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\53902CC3.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\53C91B28.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5608049E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\564F6911.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58EB11F3.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\591B0468.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C086C9A.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D296C7F.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D2C167B.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D2F4078.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5D326A74.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61FE36A4.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\628C755C.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64A40DEC.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\68F022B6.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71BB6F2D.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\746237AD.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\77137A7E.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\793C08D5.dll Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A1F0616.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B1D2F84.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7BDA3C1A.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7C39561A.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F177F55.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F677A2F.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\qoobox\Quarantine\C\Program Files\XP Antivirus\xpa.exe.vir Infected: not-a-virus:FraudTool.Win32.XPAntivirus.d skipped
C:\qoobox\Quarantine\C\WINDOWS\jetctrl.dll.vir Infected: not-a-virus:AdWare.Win32.Vapsup.qu skipped
C:\qoobox\Quarantine\C\WINDOWS\kopmet.dll.vir Infected: not-a-virus:AdWare.Win32.Vapsup.qv skipped
C:\qoobox\Quarantine\C\WINDOWS\nretcip.exe.vir Infected: not-a-virus:AdWare.Win32.Vapsup.rz skipped
C:\Setup\MDX_Install_2.1.exe/file01 Infected: not-a-virus:AdWare.Win32.VB.c skipped
C:\Setup\MDX_Install_2.1.exe Inno: infected - 1 skipped
C:\Setup\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Setup\mirc616.exe mIRC: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP598\A0404417.exe/file02 Infected: not-a-virus:AdWare.Win32.VB.c skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP598\A0404417.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP598\A0404418.exe/file02 Infected: not-a-virus:AdWare.Win32.VB.c skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP598\A0404418.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP602\A0407690.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.d skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP602\A0407691.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qu skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP602\A0407692.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qv skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP602\A0407693.exe Infected: not-a-virus:AdWare.Win32.Vapsup.rz skipped
C:\System Volume Information\_restore{FC5C9A43-6B56-4E6E-8D29-639CAA44C75E}\RP602\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9613.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ld9347.tmp Infected: Trojan-Downloader.Win32.Zlob.nf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_57c.dat Object is locked skipped
C:\WINDOWS\Temp\spnserv.dat Object is locked skipped
C:\WINDOWS\Temp\spserv.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


COMBOFIX: :

ComboFix 07-12-20.1 - tony 2007-12-21 0:36:03.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.178 [GMT 2:00]
Running from: C:\Documents and Settings\tony\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tony\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\jetctrl.dll
C:\WINDOWS\kopmet.dll
C:\WINDOWS\nretcip.exe
C:\WINDOWS\vipextmst.dll
.

((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.

2007-12-20 15:04 . 2007-12-20 15:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-20 15:04 . 2007-12-20 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-18 14:05 . 2007-12-18 14:05 <DIR> d-------- C:\Documents and Settings\tony\Application Data\Grisoft
2007-12-18 14:05 . 2007-12-18 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 14:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 22:26 . 2007-12-04 22:26 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-24 23:01 . 2007-12-20 23:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 22:49 . 2007-11-24 22:49 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2007-11-24 22:49 . 2007-11-24 22:49 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2007-11-24 22:49 . 2007-11-24 22:49 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 22:29 --------- d-----w C:\Documents and Settings\tony\Application Data\Metacafe
2007-12-20 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2007-12-20 21:15 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-11-24 21:04 --------- d-----w C:\Program Files\DAP
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 21:52 --------- d-----w C:\Program Files\SCC-TDS
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 13:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-27 15:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 23:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-25 23:35 --------- d-----w C:\Program Files\Metacafe
2007-10-25 16:28 --------- d-----w C:\Program Files\MSN Messenger
2007-10-25 15:55 --------- d-----w C:\Program Files\MessengerPlus! 3
2007-10-25 15:38 --------- d-----w C:\Program Files\MessengerDiscovery
2007-10-25 15:35 --------- d-----w C:\Program Files\Ares
2007-10-25 15:32 --------- d-----w C:\Program Files\Nokia
2007-10-25 15:26 --------- d-----w C:\Program Files\EA SPORTS
2007-10-23 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-23 14:51 --------- d-----w C:\Documents and Settings\tony\Application Data\InstallShield
.

((((((((((((((((((((((((((((( snapshot@2007-12-20_14.04.28.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-12-20 17:42:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_57c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-30 02:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 19:42]
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2003-06-05 03:58]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 23:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-13 01:18]
"RCServer"="C:\Program Files\Remote Control\RCServer.exe" [2003-02-05 19:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-23 14:30]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-19 21:42]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-11-24 23:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" []

C:\Documents and Settings\tony\Start Menu\Programs\Startup\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 17:04:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 08:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 09:06:36]
ImageFox.lnk - C:\WINDOWS\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [2005-02-12 16:37:13]
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe [2005-02-13 01:40:01]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-02-13 01:40:07]
Media Key.lnk - C:\Program Files\Media Key\MagicKey.exe [2005-02-12 16:57:23]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 17:04:34]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 01:03:20]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 18:27]
R2 RCSERVER;Remote Control Server;"C:\Program Files\Remote Control\RCServer.exe" -service []
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 17:27]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 00:38:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 0:39:54
C:\ComboFix2.txt ... 2007-12-20 15:01
C:\ComboFix3.txt ... 2007-12-20 14:05
.
2007-12-20 11:56:33 --- E O F ---


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:30 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Remote Control\RCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 90.2.2.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RCServer] "C:\Program Files\Remote Control\RCServer.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://totti007.spac...ad/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe" -service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe

i know am disturbing but i really need ur help :)

#9 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 20 December 2007 - 06:22 PM

Hi

Go to Start > Control Panel > Display Properties > Desktop > Customize Desktop... > Web tab
Select everything named Privacy Protection or privacy_danger you find in there and press the Delete button on the right.
Hit OK then Apply in previous window.

Darn, I just realised you have no anti-virus installed. If you are not using Norton anymore, let me know.

You have no anti-virus on your computer. It is important you install one now before we continue with your fix. Check this out for a list of free AV scanners, AVG is highly recommended.

When you have installed an anti-virus, post a new Hijackthis log to show me.

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto‑updating for the Viewpoint Manager ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight Viewpoint Media Player, click Remove.

Also remove My Search Bar and Rich Video Codec v1.6
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#10 tonymharb

tonymharb

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 21 December 2007 - 10:56 AM

okay man i downloaded AVG virus scanner and did a scan for the system, and this is the latest HJT log file that u have recommended:

Logfile of HijackThis v1.99.1
Scan saved at 6:54:04 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Remote Control\RCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 90.2.2.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RCServer] "C:\Program Files\Remote Control\RCServer.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://totti007.spac...ad/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe" -service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe

#11 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 21 December 2007 - 02:08 PM

Hi


Remember to disconnect from the Internet and disable your anti-virus before carrying out the next instruction, and to reenable the anti-virus before reconnecting to the Internet


Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C

File::
C:\Documents and Settings\tony\Desktop\mediacodec-v4.290.exe
C:\New Folder\Kazaa\kazaaFDL.exe
C:\Documents and Settings\tony\My Documents\My Completed Downloads\VideoAccessCodecInstall.exe
C:\New Folder\Kazaa\kpe12.exe
C:\New Folder\Kazaa\qksetup.exe
C:\New Folder\Kazaa\speedup-2.7.3.exe
C:\Program Files\DAEMON Tools\SetupDTSB.exe
C:\Setup\MDX_Install_2.1.exe

Folder::
C:\Documents and Settings\tony\Desktop\Virus infection\SmitfraudFix.zip 
C:\Documents and Settings\tony\My Documents\My Completed Downloads\SmitfraudFix.zip
C:\Program Files\MyWay
C:\Program Files\Norton AntiVirus
C:\Program Files\Norton SystemWorks

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)


WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked, exit HijackThis and reboot.

In your next reply post:
ComboFix.txt
New HJT log taken after the above has been completed.

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#12 tonymharb

tonymharb

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 25 December 2007 - 05:53 AM

ComboFix 07-12-20.1 - tony 2007-12-25 0:41:12.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.117 [GMT 2:00]
Running from: C:\Documents and Settings\tony\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tony\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\jetctrl.dll
C:\WINDOWS\kopmet.dll
C:\WINDOWS\nretcip.exe
C:\WINDOWS\vipextmst.dll
.

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-21 14:54 . 2007-12-24 08:00 <DIR> d-------- C:\Documents and Settings\tony\Application Data\AVG7
2007-12-21 14:54 . 2007-12-21 14:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-21 14:54 . 2007-12-21 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-20 15:04 . 2007-12-20 15:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-20 15:04 . 2007-12-20 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-18 14:05 . 2007-12-18 14:05 <DIR> d-------- C:\Documents and Settings\tony\Application Data\Grisoft
2007-12-18 14:05 . 2007-12-21 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-18 14:05 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 22:26 . 2007-12-04 22:26 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-25 12:56 . 2007-11-28 23:17 <DIR> d-------- C:\BMW M3 Challenge
2007-11-24 23:01 . 2007-12-25 00:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 22:49 . 2007-11-24 22:49 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2007-11-24 22:49 . 2007-11-24 22:49 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2007-11-24 22:49 . 2007-11-24 22:49 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 22:35 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-24 22:30 --------- d-----w C:\Documents and Settings\tony\Application Data\Metacafe
2007-12-24 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2007-12-22 12:51 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-24 21:04 --------- d-----w C:\Program Files\DAP
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 21:52 --------- d-----w C:\Program Files\SCC-TDS
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 13:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-27 15:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 23:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-25 23:35 --------- d-----w C:\Program Files\Metacafe
2007-10-25 16:28 --------- d-----w C:\Program Files\MSN Messenger
2007-10-25 15:55 --------- d-----w C:\Program Files\MessengerPlus! 3
2007-10-25 15:38 --------- d-----w C:\Program Files\MessengerDiscovery
2007-10-25 15:35 --------- d-----w C:\Program Files\Ares
2007-10-25 15:32 --------- d-----w C:\Program Files\Nokia
2007-10-25 15:26 --------- d-----w C:\Program Files\EA SPORTS
.

((((((((((((((((((((((((((((( snapshot@2007-12-20_14.04.28.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-21 12:54:11 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-12-21 12:54:18 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2007-12-21 12:54:18 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-12-21 13:28:36 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-12-21 13:28:34 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-12-21 12:54:19 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2005-10-12 23:12:25 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-12-24 22:34:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-30 02:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 19:42]
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2003-06-05 03:58]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 23:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-13 01:18]
"RCServer"="C:\Program Files\Remote Control\RCServer.exe" [2003-02-05 19:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-23 14:30]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-19 21:42]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 18:56 C:\WINDOWS\system32\rundll32.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-11-24 23:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:28]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" []
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-21 14:54]

C:\Documents and Settings\tony\Start Menu\Programs\Startup\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 17:04:34]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 08:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 09:06:36]
ImageFox.lnk - C:\WINDOWS\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [2005-02-12 16:37:13]
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe [2005-02-13 01:40:01]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-02-13 01:40:07]
Media Key.lnk - C:\Program Files\Media Key\MagicKey.exe [2005-02-12 16:57:23]
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 17:04:34]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 01:03:20]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 18:27]
R2 RCSERVER;Remote Control Server;"C:\Program Files\Remote Control\RCServer.exe" -service []
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 17:27]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 00:44:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-25 0:45:46
C:\ComboFix2.txt ... 2007-12-22 14:51
C:\ComboFix3.txt ... 2007-12-21 00:39
.
2007-12-22 01:00:59 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 00:41, on 2007-12-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Remote Control\RCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\ComboFix\vfind.cfexe
C:\WINDOWS\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 90.2.2.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RCServer] "C:\Program Files\Remote Control\RCServer.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ImageFox.lnk = ?
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://totti007.spac...ad/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\Program Files\Remote Control\RCServer.exe" -service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SuperProServer - Unknown owner - C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe

#13 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 25 December 2007 - 05:45 PM

Hi

Hope you had a good Xmas. :)

Congratulations, you appear to be malware free.

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Posted Image


You may wish to keep hold of the Kaspersky Online Scan as an extra on-demand virus-scanner.
If not you can uninstall it through Start>Control Panel>Add/Remove Programs


1 - Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: www.adobe.com/uk/products/acrobat/readstep2.html and download the latest version of Adobe Reader
OR, after uninstalling Adobe Reader, you could try installing Foxit Reader from >here<
Foxit Reader has fewer add-ons therefore loads more quickly.

Here are some free programs I recommend, although you will not need them all.

Spybot Search and Destroy
Download it from here . Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#14 tonymharb

tonymharb

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 26 December 2007 - 05:09 PM

man thank u ur the best, u were so kind to help me get rid of all adwares and spywares and viruses and bla bla bla, hope u had a merry christmas urself and hope u will have a blast on new years as well, thank u again...

#15 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 27 December 2007 - 05:18 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users