Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91844 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Backdoor.Rbot.AEU please help


  • This topic is locked This topic is locked
16 replies to this topic

#1 Steve1067

Steve1067

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 20 April 2008 - 12:18 AM

i deleted the file, but i'm curious if there's anything else on my system, since it shows up everytime i re-install everything.

i posted this before, but it got deleted.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:27 PM, on 4/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10417 bytes

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 25 April 2008 - 12:44 AM

Hi Steve1067,

What file is being detected as bad, and what program is detecting it?

Please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer

When prompted, allow the installation of ActiveX components from Kaspersky
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
  • If Internet Explorer responds saying the report has been saved to the Temporary Internet Files folder, say Yes to open the folder, then navigate to C -> Users -> (Your username) -> Desktop to locate the report
Note: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.


Please open HijackThis, select Open the Misc Tools section
Press the Open Uninstall Manager... button, then press Save list...
Save the Uninstall log to your Desktop and include a copy in your next response.
Now press Back and Scan and then Save log to create and save a new HijackThis log.

Once complete, please post the Kaspersky report, the uninstall log and a new HijackThis log.
ASAP & UNITE Member

#3 Steve1067

Steve1067

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 27 April 2008 - 03:35 AM

well, i scanned my computer with Spyware Doctor and Counter Spy. and they both said that jusched.exe was infected. or rather, that it was the backdoor robot. counter spy called it something else..but i dont remember what it was. but anyways, i re-installed everything with my backup disks from hp (with it unplugged from the internet and external devices) and that file still came up as infected. i even used KillDisk to wipe my hard drive clean before re-installing my system. so, i dunno..either those programs made a mistake about jushched.exe, or its imbeded in my hard drive some how. i just deleted the file, and decided to go on with life. here are two logs, the third one i'll post in the morning when its done scanning (its taking awhile)

UNINSTALL LIST
____________

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop Lightroom
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
AppCore
Apple Mobile Device Support
Apple Software Update
AV
Bonjour
ccCommon
CCleaner (remove only)
Creative MediaSource 5
DVD Play BD & HD DVD
Flickr Uploadr 3.0.5
FotoFusionV4
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Total Care Advisor
HP Update
Intel® Matrix Storage Manager
Intel® Network Connections Drivers
Intel® Viiv™ Software
iTunes
Java™ SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
LabelPrint
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSRedist
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 6.0
My HP Games
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Power2Go 5.0
PowerProducer
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Snapfish Picture Mover
Sound Blaster X-Fi
SPBBC 32bit
Spyware Doctor 5.5
SpywareBlaster 4.0
SymNet
Update for Office 2007 (KB946691)
WeatherBug Gadget
Yahoo! Search Protection
Yahoo! Toolbar
_________________________


HIJACKTHIS LOG
___________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:55 AM, on 4/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11111 bytes
________________________________

#4 Steve1067

Steve1067

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 27 April 2008 - 11:50 AM

Sunday, April 27, 2008 10:49:13 AM Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 27/04/2008 Kaspersky Anti-Virus database records: 727193 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics Total number of scanned objects 167298 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 01:09:03 Infected Object Name Virus Name Last Action C:\Boot\BCD Object is locked skipped C:\Boot\BCD.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.ilg Object is locked skipped C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.ilg Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped C:\ProgramData\Symantec\LiveUpdate\2008-04-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped C:\ProgramData\Microsoft\User Account Pictures\IUSR_NMPR.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042720080428\index.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\UsrClass.dat{4b1a0cef-fc85-11dc-a01d-001d60e12e29}.TM.blf Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\UsrClass.dat{4b1a0cef-fc85-11dc-a01d-001d60e12e29}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows\UsrClass.dat{4b1a0cef-fc85-11dc-a01d-001d60e12e29}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows Defender\FileTracker\{CA2F7470-CF87-4425-9DC8-DD7024C212F2} Object is locked skipped C:\Users\Digifoto1067\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped C:\Users\Digifoto1067\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Users\Digifoto1067\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped C:\Users\Digifoto1067\NTUSER.DAT Object is locked skipped C:\Users\Digifoto1067\ntuser.dat.LOG1 Object is locked skipped C:\Users\Digifoto1067\ntuser.dat.LOG2 Object is locked skipped C:\Users\Digifoto1067\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Users\Digifoto1067\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Digifoto1067\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\Debug\PASSWD.LOG Object is locked skipped C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped C:\Windows\Logs\DPX\setupact.log Object is locked skipped C:\Windows\Logs\DPX\setuperr.log Object is locked skipped C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped C:\Windows\security\database\secedit.sdb Object is locked skipped C:\Windows\SoftwareDistribution\EventCache\{160F61D8-3D41-4F35-99C1-D53F9866E0F2}.bin Object is locked skipped C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\catroot2\edb.log Object is locked skipped C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\IntelDH.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped C:\Windows\WindowsUpdate.log Object is locked skipped C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped Scan process completed.

#5 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 27 April 2008 - 09:25 PM

Hi Steve1067,

The filename jusched.exe is normally used by a program associated with Java Runtime which is harmless. It's most likely to be a false positive, but we'll double-check.

Firstly, open Start->Control Panel->Add/Remove Programs, and remove the following:

Java™ SE Runtime Environment 6 Update 1

This is out of date and now a security risk, you can get the latest update (version 6 update 6) from here

Once you have updated Java, we will have a look for any files named jusched.exe:
Press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:

cmd /c dir "c:\jusched.exe" /a /s >> "%userprofile%\desktop\look.txt" & notepad "%userprofile%\desktop\look.txt"

A black box will open and a file will appear on your Desktop called look.txt.
Please wait until the black box closes and look.txt should open in Notepad automatically.
Post the contents of look.txt in your next response.
ASAP & UNITE Member

#6 Steve1067

Steve1067

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 01:30 AM

hmm so, it probably wasnt anything? i think the first time i scanned my computer, norton said it was a virus, and then all the other times after that, it didnt, but the other programs did..hmm Volume in drive C is HP Volume Serial Number is 76BF-8805 Directory of c:\Program Files\Java\jre1.6.0_06\bin 03/25/2008 04:28 AM 144,784 jusched.exe 1 File(s) 144,784 bytes Total Files Listed: 1 File(s) 144,784 bytes 0 Dir(s) 341,303,717,888 bytes free

#7 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 28 April 2008 - 01:45 AM

Yes it's probably nothing, but we'll upload the current file for checking as follows:

Open http://virusscan.jotti.org/
Copy/paste this file and path into the white box at the top:

c:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
ASAP & UNITE Member

#8 Steve1067

Steve1067

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 09:05 PM

these are the results: Scan taken on 29 Apr 2008 02:55:27 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing _______________ obviously..nothing was found. BUT..i just noticed that the jusched.exe file is in Bin..when i re-install everything on my computer, it was in c:\windows\system32. since its not in there now (and we re-installed java), doesnt that seem fishy? hmm..

#9 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 28 April 2008 - 09:22 PM

jusched.exe located in C:\Windows\System32 is suspicious, so that file may have been bad.
I can however say that it is not present now, so it's no longer a threat.

Do you have further concerns or symptoms?
ASAP & UNITE Member

#10 Steve1067

Steve1067

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 28 April 2008 - 09:31 PM

well, i guess i'm just still kinda confused why it would show up in system32 when re-installing the system. i'm just still afraid its hiding in the background or something. or maybe thats not possible..i dont know. what spyware or antivirus would you recommend? i use norton at the moment, and usually pc doctor for spyware

    Advertisements

Register to Remove


#11 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 28 April 2008 - 11:26 PM

Unfortunately, it's not possible for me to be sure why the file appeared in system32 while reinstalling. If the file was bad, it's possible that infected software was installed during the reinstallation. It's also possible for the machine to have been infected if it was connected to the internet before patches and protection software was installed. There are other possibilties but I can only guess at this stage. If you want to look into this further please let me know.

If the file appeared in system32 since your OS was reinstalled, and it is not there now, how was it removed? Did your protection software identify and quarantine it successfully? If so, please check the relevant log file and confirm this for me.

Here are some tips to help you keep your machine clean:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Windows Update
Click Change settings on the left side, then select Install updates automatically and choose a suitable schedule

Norton Antivirus is a good program, but only if it is kept up to date with the latest definitions. If your subscription lapses, either renew it or remove the program and install another antivirus program. There are several free packages available, two of the most popular are here:
Antivir: http://www.free-av.com/
Avast!: http://www.avast.com...avast-home.html

As well as Spyware Doctor, you have Windows Defender installed. I suggest you also download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687
ASAP & UNITE Member

#12 Steve1067

Steve1067

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 29 April 2008 - 01:04 AM

all i have as far as a log of it is: 3/27/2008 9:38:19 PM:62 Infection cleaned Threat Name - Backdoor.Rbot.AEU Type - File Risk Level - High Infection - C:\WINDOWS\SYSTEM32\jusched.exe PC doctor deleted it. i re-installed my operating system 4 times and it was there each time. even with it unplugged from the internet and all external drives. anyways, thanks for the links. i hope the problem is solved

#13 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 29 April 2008 - 02:10 AM

If PC Doctor quarantined it, then I could examine the file for you, if it deleted it then it's gone of course.

How did you reinstall - did you use a Windows XP disk or do you use a manufacturer's recovery disk/partition?
ASAP & UNITE Member

#14 Steve1067

Steve1067

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 01 May 2008 - 11:01 PM

i'm running windows vista, and i have factory recovery disks. so it makes me wonder if its on the CD. is that possible? is therer anyways of scanning the CD?

#15 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 02 May 2008 - 12:05 AM

Anything is possible, however if it's on the factory disks it's probably a false positive.

You could scan the CD using the Kaspersky online scanner, instead of scanning "My Computer", choose Folders and select the CD drive letter.
PC Doctor should be able to scan the CD too, and it might be better to use because it is what detected it in the first place.
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users