Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] 2 viruses and 20 threats

Started by Diesel Dog , Apr 27 2008 05:52 AM

  • This topic is locked This topic is locked
15 replies to this topic

#1 Diesel Dog

Diesel Dog

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 27 April 2008 - 05:52 AM

Hello great gods of puter land

Lap top is queffed

I am attaching a log file as well as a kaspersky report.

kaspersky says I have 2 viruses and 20 threats

I ran spydoctor and fixed 147 / 2 problems but did not resolve the slow running machine.

Thanks for your anticipated help!!

Logfile of HijackThis v1.99.1
Scan saved at 7:42:19 AM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Norton Internet Security\comHost.exe
c:\program files\common files\aol\1190376940\ee\anotify.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.chathamnc...ls/LTOCX14N.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 26, 2008 6:46:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 726640
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 159202
Number of viruses found: 2
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 03:02:55

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38856B39.exe Infected: Backdoor.Win32.Jeemp.c skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rick\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Rick\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Rick\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Admin@iasllc.com][Date Mon, 21 Nov 2005 19:00:06 GMT]/UNNAMED/mail_body.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Admin@iasllc.com][Date Mon, 21 Nov 2005 19:00:06 GMT]/UNNAMED/mail_body.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Admin@iasllc.com][Date Mon, 21 Nov 2005 19:00:06 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Admin@forresterinsurance.com][Date Mon, 21 Nov 2005 20:05:51 UTC]/UNNAMED/reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Admin@forresterinsurance.com][Date Mon, 21 Nov 2005 20:05:51 UTC]/UNNAMED/reg_pass.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Admin@forresterinsurance.com][Date Mon, 21 Nov 2005 20:05:51 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@wishbone.com][Date Mon, 21 Nov 2005 21:02:12 UTC]/UNNAMED/reg_pass-data.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@wishbone.com][Date Mon, 21 Nov 2005 21:02:12 UTC]/UNNAMED/reg_pass-data.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From info@wishbone.com][Date Mon, 21 Nov 2005 21:02:12 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Office@cia.gov][Date Tue, 22 Nov 2005 12:34:40 UTC]/UNNAMED/question_list395.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Office@cia.gov][Date Tue, 22 Nov 2005 12:34:40 UTC]/UNNAMED/question_list395.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Office@cia.gov][Date Tue, 22 Nov 2005 12:34:40 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From postmaster@aol.com][Date Tue, 22 Nov 2005 13:51:46 UTC]/UNNAMED/reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From postmaster@aol.com][Date Tue, 22 Nov 2005 13:51:46 UTC]/UNNAMED/reg_pass.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From postmaster@aol.com][Date Tue, 22 Nov 2005 13:51:46 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Department@fbi.gov][Date Tue, 22 Nov 2005 14:32:39 UTC]/UNNAMED/list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Department@fbi.gov][Date Tue, 22 Nov 2005 14:32:39 UTC]/UNNAMED/list.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx/[From Department@fbi.gov][Date Tue, 22 Nov 2005 14:32:39 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Identities\{A47FC4DA-5DAD-4DDF-BF25-76A8CABC0188}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: infected - 18 skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\History\History.IE5\MSHist012008042620080427\index.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rick\ntuser.dat Object is locked skipped
C:\Documents and Settings\Rick\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0325NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0372NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP323\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 04 May 2008 - 08:13 PM

Click HERE to run Panda's ActiveScan

* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 Diesel Dog

Diesel Dog

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 05 May 2008 - 03:37 PM

little eagle, active scan as requested. machine seems to be getting slower. I had to disable norton before it would allow me to run te scan and it never asked for the information you stated I had to enter, it went straight to scan but would not start until I disabled norton. Thanks for your help, Rick ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2008-05-05 17:26:59 PROTECTIONS: 1 MALWARE: 63 SUSPECTS: 0 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== Norton Internet Security 2006 2006 Yes Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00101555 Application/KillApp.B HackTools No 0 Yes No C:\System Recovery files\C\hp\bin\KillIt.exe 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@trafficmp[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@casalemedia[2].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@casalemedia[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@atdmt[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@tradedoubler[1].txt 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@bfast[2].txt 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@bfast[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@fastclick[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@mediaplex[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@mediaplex[2].txt 00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@sexlist[2].txt 00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@paycounter[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Rick\Cookies\rick@clickbank[2].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@clickbank[1].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@revenue[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@com[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@yadro[1].txt 00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@landing.domainsponsor[1].txt 00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Rick\Cookies\rick@webpower[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@azjmp[2].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@toplist[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@statcounter[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@statcounter[2].txt 00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter9.sextracker[2].txt 00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter8.sextracker[1].txt 00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter1.sextracker[1].txt 00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter6.sextracker[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@perf.overture[1].txt 00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter10.sextracker[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Rick\Cookies\rick@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@apmebf[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@burstnet[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@bs.serving-sys[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@www.burstbeacon[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@adtech[1].txt 00168111 Cookie/Servlet TrackingCookie No 0 Yes No C:\Documents and Settings\Rick\Cookies\rick@servlet[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Rick\Cookies\rick@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@advertising[2].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@sextracker[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@ads.pointroll[1].txt 00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@fortunecity[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@overture[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@overture[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@realmedia[2].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@terra.com[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@questionmarket[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@zedo[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@bluestreak[1].txt 00180154 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter16.sextracker[1].txt 00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@phg.hitbox[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@adrevolver[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Rick\Cookies\rick@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@go[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Rick\Cookies\rick@searchportal.information[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@searchportal.information[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@searchportal.information[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Rick\Cookies\rick@target[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@target[2].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@did-it[2].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@did-it[1].txt 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your Password\reg_pass.zip[File-packed_dataInfo.exe] 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your_Password\reg_pass-data.zip[File-packed_dataInfo.exe] 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your IP was logged\list.zip[File-packed_dataInfo.exe] 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\smtp mail failed\mail_body.zip[File-packed_dataInfo.exe] 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your_Password\reg_pass.zip[File-packed_dataInfo.exe] 00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your IP was logged\question_list395.zip[File-packed_dataInfo.exe] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@atwola[1].txt 00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@www.errorsafe[1].txt 00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@errorsafe[2].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@www6.addfreestats[1].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@www1.addfreestats[1].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@ehg-dig.hitbox[2].txt 00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@www.drivecleaner[1].txt 00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@stats.drivecleaner[2].txt 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@drivecleaner[1].txt 00520936 Application/ViewPoint HackTools Yes 0 Yes No C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\3.8.0\VIEWBARBHO.DLL 00520936 Application/ViewPoint HackTools No 0 Yes No C:\RECYCLER\S-1-5-21-1354151071-296627476-2387865234-1006\Dc6\System Scanner\20080427073506\backup\WINDOWS\temp\0\Private\Vendor\ProgFiles\ViewBarBHO.dll ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location z ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description z ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= ===================

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 May 2008 - 06:40 PM

Download ComboFix from Here or Here to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again afterwards before connecting to the net


2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review


Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 Diesel Dog

Diesel Dog

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 06 May 2008 - 02:01 PM

Combofix & HijackThis logs

Thanks, Rick



ComboFix 08-05-01.3 - Rick 2008-05-06 14:43:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.93 [GMT -4:00]
Running from: C:\Documents and Settings\Rick\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-05 07:24 . 2008-05-05 07:24 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-05 07:24 . 2008-05-05 07:26 <DIR> d-------- C:\Program Files\Panda Security
2008-04-26 14:16 . 2008-04-26 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-26 14:15 . 2008-04-26 14:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 10:30 . 2008-05-06 14:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-26 10:29 . 2008-05-05 07:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-26 10:29 . 2008-04-26 10:29 <DIR> d-------- C:\Program Files\Google
2008-04-26 10:29 . 2008-04-26 10:29 <DIR> d-------- C:\Documents and Settings\Rick\Application Data\PC Tools
2008-04-26 10:29 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-26 10:29 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-26 10:29 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-26 10:29 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 11:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-04 11:51 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-27 11:44 --------- d-----w C:\Documents and Settings\Rick\Application Data\Apple Computer
2008-04-14 01:48 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-04 18:35 --------- d-----w C:\Program Files\AvantGo Connect
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 18:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 16:35 4608 C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-02-26 20:25 180316]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 21:29 290816]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 11:05 36864]
"AutoTBar"="C:\hp\bin\autotbar.exe" [ ]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 17:34 36864]
"MMTray"="" []
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 14:34 282624]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 10:26 45056]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 19:02 102400]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 08:56 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 08:56 634880]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 15:15 684032]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-08-05 14:17 26112]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 21:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-01 13:51 155648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 18:22 53096]
"HostManager"="C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]

C:\Documents and Settings\Rick\Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-01-13 22:15:00 1685040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-01-10 05:33:59 36954]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2003-08-08 07:03:55 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2001-12-17 07:54]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 11:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 11:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-08-28 20:00]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 12:09]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 10:43:55 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Rick.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 14:51:03
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????2?7?4?7??????? ??3B?????????????T?B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 15:06:12
ComboFix-quarantined-files.txt 2008-05-06 19:05:50

Pre-Run: 57,778,343,936 bytes free
Post-Run: 57,778,589,696 bytes free

130 --- E O F --- 2008-04-24 12:11:20




Logfile of HijackThis v1.99.1
Scan saved at 4:00:10 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\alg.exe
c:\program files\common files\aol\1190376940\ee\anotify.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.chathamnc...ls/LTOCX14N.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 06 May 2008 - 08:26 PM

In add and remove programs remove Viewpoint.

Let's do a little cleanup.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

Posted Image


Download and run - ATF Cleaner instructions here.

Then run panda scan again.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#7 Diesel Dog

Diesel Dog

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 07 May 2008 - 03:49 PM

active scan stated 88 infections

This took 7 hours, should this have taken this long?? the first active scan was about the same length of time as well.

I posted a new hijackthis log as well.

Thanks, Rick


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-07 17:36:44
PROTECTIONS: 1
MALWARE: 60
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Internet Security 2006 2006 No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\System Recovery files\C\hp\bin\KillIt.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@tradedoubler[1].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@bfast[2].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@bfast[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@mediaplex[2].txt
00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@sexlist[2].txt
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@paycounter[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@clickbank[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@revenue[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@yadro[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@landing.domainsponsor[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@statcounter[1].txt
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter9.sextracker[2].txt
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter8.sextracker[1].txt
00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter1.sextracker[1].txt
00167783 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter6.sextracker[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@perf.overture[1].txt
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter10.sextracker[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@www.burstbeacon[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@adtech[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@advertising[2].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@sextracker[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@ads.pointroll[1].txt
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@fortunecity[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@realmedia[2].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@terra.com[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@bluestreak[1].txt
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@counter16.sextracker[1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@phg.hitbox[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@searchportal.information[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@target[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@did-it[2].txt
00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your IP was logged\question_list395.zip[File-packed_dataInfo.exe]
00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your_Password\reg_pass-data.zip[File-packed_dataInfo.exe]
00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\smtp mail failed\mail_body.zip[File-packed_dataInfo.exe]
00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your_Password\reg_pass.zip[File-packed_dataInfo.exe]
00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your Password\reg_pass.zip[File-packed_dataInfo.exe]
00225760 W32/Sober.AH.worm!CME-681 Virus/Worm No 1 Yes No Local Folders\Deleted Items\Your IP was logged\list.zip[File-packed_dataInfo.exe]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@atwola[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@www.errorsafe[1].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@errorsafe[2].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\Low\ram@www6.addfreestats[1].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@www1.addfreestats[1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@ehg-dig.hitbox[2].txt
00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@www.drivecleaner[1].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\System Recovery files\C\Users\RAM\AppData\Roaming\Microsoft\Windows\Cookies\ram@drivecleaner[1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location ,|
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description ,|
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================



Logfile of HijackThis v1.99.1
Scan saved at 5:48:25 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.chathamnc...ls/LTOCX14N.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 07 May 2008 - 08:30 PM

Depending on the size and fullness of the drive yes it may take that long. We need to reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. ----------------------------------------------------- Also you need to clean out your deleted emails. ------------------------------------------ How is the PC running?
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#9 Diesel Dog

Diesel Dog

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 08 May 2008 - 06:18 AM

OK, restore point has been reset. Computer is running the exact same. It takes forever for something to come up when you click on it, ie. it takes 30 seconds for the control panel to come up when clicked on. Sometimes near a minute for Internet Explorer, and the same no matter what is clicked on even X'ing out of something takes a while or two or three clicks. I have a file on this computer that was downloaded from my backup drive and from another computer that lost a video card. This is a "system recovery file" and is very large, I think this is where all the emails are and possibly why the "active scan" 's take so long to complete. It won't let me delete this file, error message is - Cannot delete bootmgr: access is denied. I then started to change the attributes of the file and all it's contents (going to take at least a couple of hours for this) but then I started getting arror messages such as this one - An error occured applying attributes to the file: C:\System Recovery files\C\Progr...\AcroIF.dll so I cancelled the application and will wait for your advise on moving forward and how to get this removed. Thanks for your help, Rick

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 10 May 2008 - 07:11 PM

Download Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Edited by little eagle, 10 May 2008 - 07:11 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

    Advertisements

Register to Remove

#11 Diesel Dog

Diesel Dog

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 14 May 2008 - 02:01 PM

Well,,,,,, this makes no sense what so ever to me!!!!!

Malwarebytes' Anti-Malware 1.12
Database version: 740

Scan type: Full Scan (C:\|)
Objects scanned: 194365
Time elapsed: 1 hour(s), 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Hijackthis log, thanks Rick

Logfile of HijackThis v1.99.1
Scan saved at 4:00:24 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190376940\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.chathamnc...ls/LTOCX14N.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#12 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 14 May 2008 - 06:01 PM

Norton AntiVirus is the only thing that I see that my be slowing your PC down. You may want to reinstall it.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#13 Diesel Dog

Diesel Dog

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 19 May 2008 - 05:28 AM

little eagle, I have done a complete system recovery and put the computer back to new. Thanks very much for your help, I appreciate it. Anything further you would like to recommend? Rick

#14 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 19 May 2008 - 07:42 PM

Well glad you got back online just some Tips for Remaining Malware Free

Let us know if there is any thing we can do before I close this thread.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#15 Diesel Dog

Diesel Dog

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 20 May 2008 - 06:36 AM

Little Eagle, No, I think I'm all set, thanks very much for all your help. I have made a donation and hope that others are also, this kind of help is priceless. Thanks again, Rick

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·