Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: HijackThis Log: Please help Diagnose

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    14

    Default HijackThis Log: Please help Diagnose

    Hi

    I have not been able to get rid of Virtumonde after multiple scans and fixes using Spybot, Norton 260, Ad-aware and Kaspersky Online scanner.

    This is my first post about this issue. I have included recent scan logs to show what I have already done and included the HijackThis log below.

    Thanks in advance.

    ==================================================
    eTrust Antivirus Web Scanner log:

    Virus scan finished. 3 viruses found.

    win2A0.tmp.exe Win32/Kastem.AE infected C:\WINDOWS\Temp\
    win2A6.tmp.exe Win32/Aflac.D infected C:\WINDOWS\Temp\
    win44.tmp Win32/Kastem.AE infected C:\WINDOWS\Temp\

    Note: All infected files were deleted after scan.
    ==================================================

    ==================================================
    Spy Bot log (done in Safe Mode):

    --- Report generated: 2007-07-27 20:06 ---

    Virtumonde: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
    ==================================================

    ==================================================
    VundoFix scan log:

    No infected files were found.
    ==================================================

    ==================================================
    VirtumondeBe Gone scan log:

    [07/27/2007, 20:19:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Stepen\Desktop\VirtumundoBeGone.exe" )
    [07/27/2007, 20:19:47] - Detected System Information:
    [07/27/2007, 20:19:47] - Windows Version: 5.1.2600, Service Pack 2
    [07/27/2007, 20:19:47] - Current Username: Stepen (Admin)
    [07/27/2007, 20:19:47] - Windows is in NORMAL mode.
    [07/27/2007, 20:19:47] - Searching for Browser Helper Objects:
    [07/27/2007, 20:19:47] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
    [07/27/2007, 20:19:47] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [07/27/2007, 20:19:47] - BHO 3: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
    [07/27/2007, 20:19:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/27/2007, 20:19:48] - Checking for HKLM\...\Winlogon\Notify\NppBho
    [07/27/2007, 20:19:48] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
    [07/27/2007, 20:19:48] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [07/27/2007, 20:19:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/27/2007, 20:19:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [07/27/2007, 20:19:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [07/27/2007, 20:19:48] - BHO 5: {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} (URLDetector Class)
    [07/27/2007, 20:19:48] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/27/2007, 20:19:48] - BHO 7: {857A461D-8D96-4996-A4A0-AEA0A2535B86} ()
    [07/27/2007, 20:19:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/27/2007, 20:19:48] - No filename found. Continuing.
    [07/27/2007, 20:19:48] - BHO 8: {A7EBA094-A0FA-464D-A63C-82C8ACEA55FE} ()
    [07/27/2007, 20:19:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/27/2007, 20:19:49] - Checking for HKLM\...\Winlogon\Notify\ddaby
    [07/27/2007, 20:19:49] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
    [07/27/2007, 20:19:49] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
    [07/27/2007, 20:19:49] - Finished Searching Browser Helper Objects
    [07/27/2007, 20:19:49] - Finishing up...
    [07/27/2007, 20:19:49] - Nothing found! Exiting...
    ==================================================

    ==================================================
    HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:47:45 PM, on 27/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Prevx2\PXAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Telstra\Toolbar\bpumTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Prevx2\PXConsole.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\My Documents\My Downloads\Applications\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - (no file)
    O2 - BHO: (no name) - {A7EBA094-A0FA-464D-A63C-82C8ACEA55FE} - C:\WINDOWS\system32\ddaby.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Resize &Window - C:\Program Files\ietools\resize_window.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Toggle AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9764845A-2609-432B-8504-A0DE05CB1CA5}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O20 - Winlogon Notify: ddcayxu - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
    O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

    ==================================================

  2. #2
    Security Expert: Visiting Fellow
    Join Date
    Jul 2007
    Posts
    703

    Default

    Please download Wscfix.
    • Unzip it to your desktop.
    • You will now see two files: Wscsvcfix.exe and readme.txt. Double-click Wscsvcfix.exe to run the program.
    • Click the Inspect and Fix button once, and then restart Windows for the changes to take effect.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version Java components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 .
    • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.


    • Run HijackThis
    • Click on Open the Misc Tools section
    • Click Delete a file on reboot
    • Find and select this file:
      C:\WINDOWS\SYSTEM32\winmyy32.dll
    • Click Open
    • You will be asked if you want to restart your computer, click Yes
    • Your computer will be restarted


    Run HijackThis
    Click on do a system scan only
    Place a checkmark next to these lines(if still present)

    O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - (no file)
    O2 - BHO: (no name) - {A7EBA094-A0FA-464D-A63C-82C8ACEA55FE} - C:\WINDOWS\system32\ddaby.dll (file missing)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O20 - Winlogon Notify: ddcayxu - C:\WINDOWS\
    O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
    O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll

    Then close all windows except HijackThis and click Fix Checked

    Go here to run an online scannner from Kaspersky.
    • Click on "Kaspersky Online Scanner"
    • A new smaller window will pop up. Press on "Accept". After reading the contents.
    • Now Kaspersky will update the anti-virus database. Let it run.
    • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
    • Then click on "My Computer", and the scan will start.
    • Once finished, save the log as "KAV.txt" to the desktop.


    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

    Post back with the Kaspersky log, a new HijackThis log & let me know of any remaining problems

  3. #3
    Junior Member
    Join Date
    Jul 2007
    Posts
    14

    Default Update - partially successful

    Hi

    I followed all of the instructions. Kaspersky picked up 1 problem - Trojan.Win32.Dialer.qn in the C:\System Volume Information directory. I turned off System Restore Point then rescaned C:\System Volume Information directory with Kaspersky and got the following result:

    "Scan complete. No malware has been detected. The sections that have been scanned are CLEAN."

    I then rebooted and turned System Restore Point back on. I rescanned with HijackThis and did a full system scan with Kasperski (logs below Ad-Aware scan log summary) and got the following result from Kasperski:

    "Scan complete. No malware has been detected. The sections that have been scanned are CLEAN."

    Things were looking good up until then. I ran Spybot to confirm that Virtumonde was gone but got the following result:

    "1 problem found - Virtumonde > HKEY_LOCAL_MACHINE\software\microsoft\MSSGR"

    I fixed the 1 problem with Spybot and then ran a scan with Ad-Aware 2007 which yielded the results in the following log file summary (I have tried to remove the www.trinsic.org bookmarks several times but it keeps returning).

    ==================================================
    Ad-Aware 2007 log:

    Infections Detected: 13

    Cleaned Infections
    =============
    Browser: Firefox Bookmark URL: http://www.trinsic.org/index.php?tss=87&n=14, Belonging to Possible Browser Hijack attempt
    Browser: Firefox Bookmark URL: http://www.trinsic.org/index.php?tss=68&n=30, Belonging to Possible Browser Hijack attempt
    Browser: Firefox Bookmark URL: http://www.trinsic.org/index.php?sea...&Yes%5B%5D=cra, Belonging to Possible Browser Hijack attempt

    End of Cleaned Infections
    =============

    Cleaned Infections
    =============
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt www.bullguard.com fpc1000639991288 /, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt indextools.com itsessionid1000639991288 /, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt indextools.com itvisitorid1000639991288 /, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt keywordmax.com KMVisitor /, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt realestate.com.au EmailAddress /, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt realestate.com.au GUID /, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt realestateview.com.au __utmz /, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt realestateview.com.au __utma /, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1059499801/, Belonging to Tracking Cookie
    Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1069444854/, Belonging to Tracking Cookie

    End of Cleaned Infections

    ==================================================



    ==================================================
    HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:55:01 AM, on 28/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Telstra\Toolbar\bpumTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Prevx2\PXConsole.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Prevx2\PXAgent.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    E:\My Documents\My Downloads\Applications\HijackThis\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Resize &Window - C:\Program Files\ietools\resize_window.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Toggle AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9764845A-2609-432B-8504-A0DE05CB1CA5}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    ==================================================

    Kaspersky log is in next post.

  4. #4
    Junior Member
    Join Date
    Jul 2007
    Posts
    14

    Default Kaspersky log - part 1

    continued ...

    ==================================================
    Kaspersky scan log:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, July 28, 2007 1:36:42 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 28/07/2007
    Kaspersky Anti-Virus database records: 368733
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 190046
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 03:28:01

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07262007-145128.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_EV-00.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_EV-Index.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-00.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-01.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-02.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-03.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-04.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-05.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-06.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-07.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-Index.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-00.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-01.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-02.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-03.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-04.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-05.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-06.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-Index.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-00.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-01.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-02.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-03.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-04.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-05.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-06.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-07.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-08.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-09.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-Index.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-00.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-01.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-02.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-03.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-04.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-Index.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_TG-00.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_TG-Index.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-00.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-01.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-Index.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\CF918A86.TMP Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\cert8.db Object is locked skipped
    C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\history.dat Object is locked skipped
    C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\key3.db Object is locked skipped
    C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\parent.lock Object is locked skipped
    C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\search.sqlite Object is locked skipped
    C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Stepen\Application Data\Prevx\proc.cat Object is locked skipped
    C:\Documents and Settings\Stepen\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Identities\{97B60D04-6CCD-419C-959E-29A298DFA876}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Identities\{97B60D04-6CCD-419C-959E-29A298DFA876}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A396D121-54E4-434C-8761-C4266960ADA7} Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.e3h\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.e3h\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.e3h\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.e3h\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\History\History.IE5\MSHist012007072820070729\index.dat Object is locked skipped
    C:\Documents and Settings\Stepen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Stepen\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Stepen\ntuser.dat.LOG Object is locked skipped


    ... continued next post ...

  5. #5
    Junior Member
    Join Date
    Jul 2007
    Posts
    14

    Default Kaspersky log - part 2

    ... continued Kaspersky log ...



    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
    C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
    C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
    C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
    C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
    C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
    C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
    C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
    C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
    C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
    C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
    C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
    C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
    C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
    C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
    C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
    C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
    C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
    C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
    C:\Program Files\Prevx2\lclbrk.cache Object is locked skipped
    C:\Program Files\Prevx2\log\px-log.txt Object is locked skipped
    C:\Program Files\Prevx2\paws.cache Object is locked skipped
    C:\Program Files\Prevx2\prevx.cache Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{1E6D6318-202B-4659-AA4D-67A3556A0809}\RP1\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\STEPHEN.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\ACROBAT.EXE-20E0511D.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\ALG.EXE-0F138680.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\AUPDATE.EXE-2253CB60.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\AZUREUS.EXE-008B7A30.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\BPUMQRYUSAGE.EXE-00D38AF7.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\CAMERAWINDOWCOMP.EXE-2ADB53A6.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\CHECKIT.EXE-2914E683.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\CMD.EXE-087B4001.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\CONTROL.EXE-013DBFB5.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\CTCMS.EXE-3897A504.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\CTDETECT.EXE-3A528B09.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\CTHELPER.EXE-11B416D5.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\CTSYSVOL.EXE-1702D80C.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\DEFRAG.EXE-273F131E.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\DESKUP.EXE-2D2508E7.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\DFRGNTFS.EXE-269967DF.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\DRWTSN32.EXE-2B4B52AC.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\DUMPREP.EXE-1B46F901.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\DWWIN.EXE-30875ADC.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\EAX.EXE-2FF4BB43.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\EMULE.EXE-2A971BEB.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\EM_EXEC.EXE-21B4F4A4.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\EWATCH.EXE-26D34468.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\EXPLORER.EXE-082F38A9.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\FIREFOX.EXE-17EE503B.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\FIREFOX.EXE-28641590.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\GCASDTSERV.EXE-04B13CAF.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\GCASSERV.EXE-3660CD4E.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\GCASSWUPDATER.EXE-06378256.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\HELPCTR.EXE-3862B6F5.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\HELPHOST.EXE-247D2792.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\HELPSVC.EXE-2878DDA2.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\HPGS2WND.EXE-06AC8C27.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\HPGS2WNF.EXE-0E86C34B.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\HPZENG05.EXE-00C9A3B8.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\HPZIPM12.EXE-145E7369.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\HPZSTC05.EXE-29C9AEF3.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\IEXPLORE.EXE-27122324.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\IMAPI.EXE-0BF740A4.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\IMGICON.EXE-33F2ACF4.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\IMGSTART.EXE-0794314C.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\IPODSERVICE.EXE-3192DE38.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\IRIVERMUSICMANAGER.EXE-2C6F7A98.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\ITOUCH.EXE-0DDF2B56.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\ITUNES.EXE-1A268432.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\JAVAW.EXE-074042F4.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\JUSCHED.EXE-2D198197.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\Layout.ini Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\LIMEWIRE.EXE-1944953E.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\LOGI_MWX.EXE-1B741F45.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\LOGON.SCR-151EFAEA.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\LONGHORNUI.EXE-1764D278.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\LUCOMS~1.EXE-02DB5950.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\MMC.EXE-39071BCC.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\MMC.EXE-398DCF39.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\MSPMSPSV.EXE-159858D5.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\MYCD.EXE-1A871F49.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\MYCDPRO.EXE-31A2EEFD.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\NAVW32.EXE-365BADC3.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\NDETECT.EXE-16E64095.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\NMAIN.EXE-2BA406E0.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\NOTEPAD.EXE-336351A9.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\NPROTECT.EXE-2BCFA594.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\NTOSBOOT-B00DFAAD.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\NTVDM.EXE-1A10A423.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\NWIZ.EXE-2D0F9FBC.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\OBC.EXE-2E42DAAF.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\PACKAGER.EXE-1D369367.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\PRCVIEW.EXE-003D5F36.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\QTTASK.EXE-342507FB.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\QUICKTIMEPLAYER.EXE-280B4828.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\REGEDIT.EXE-1B606482.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\REGSVR32.EXE-25EEFE2F.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RSTRUI.EXE-03C49A96.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-12B2E6AE.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-147710F4.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-14D8FFC0.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-18ACD379.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-1B5FE7C0.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-20A96C8F.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-229E8B67.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-24060C3D.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-24DBE541.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-24FCA208.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-3119AEC4.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-415F88EC.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-43139946.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-451FC2C0.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-452C2606.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-472C5269.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SBDRVDET.EXE-2E29F9E6.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SBSERV.EXE-32089713.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SDNTC.EXE-1A8516B1.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SETUP_WM.EXE-3135CBD6.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SGTRAY.EXE-339F806A.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SNDVOL32.EXE-383480B7.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SPKSET.EXE-166CD934.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SSMYPICS.SCR-01C62024.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SURMIXER.EXE-0E498396.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SVCHOST.EXE-3530F672.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SYMDRMC.EXE-045993EC.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SYMLCSVC.EXE-0DE3B05C.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SYMUNDO.EXE-3ACDC16C.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\SYSTRAY.EXE-345DCC1C.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\TASKMGR.EXE-20256C55.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\TASKSWITCH.EXE-11390459.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\TEXTPAD.EXE-2F8ACEA8.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\TEXTPAD.EXE-3B04D533.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\TWEAKUI.EXE-04B65C37.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\UPDREG.EXE-084B6B55.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\USERINIT.EXE-30B18140.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\VLC.EXE-22DF01AA.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\VSMON.EXE-1609C098.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WDFMGR.EXE-2CF4013B.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WINDOC.EXE-2B7257C0.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WINPROJ.EXE-15B93EF2.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WINWORD.EXE-29F5CB89.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WISEUPDT.EXE-06CCF17D.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WISPTIS.EXE-0C21B942.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WMIPRVSE.EXE-28F301A9.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEF9C.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEF9D.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEFA3.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEFA4.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEFA5.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WRSSSDK.EXE-053DAB7A.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\WUAUCLT.EXE-399A8E72.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\ZAPRO.EXE-198F7E48.pf Object is locked skipped
    C:\WINDOWS\Prefetch\OLD\ZOOMBROWSER.EXE-33FACBC8.pf Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\JETADCE.tmp Object is locked skipped
    C:\WINDOWS\Temp\JETAE7A.tmp Object is locked skipped
    C:\WINDOWS\Temp\ZLT25.tmp Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10021102}.CDF Object is locked skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.

    ==================================================

    end of log

  6. #6
    Security Expert: Visiting Fellow
    Join Date
    Jul 2007
    Posts
    703

    Default

    Have you tried deleting the http://www.trinsic.org/ bookmarks manually in firefox?

  7. #7
    Junior Member
    Join Date
    Jul 2007
    Posts
    14

    Default Deleted trinsic.org bookmarks

    Hi

    Yes. I had deleted the trinsic.org bookmarks through Firefox and I had deleted them through Ad-Aware a couple of times also.

    The most persistent sign I have of infection has been the MSSMGR directory that shows up in the Spybot scan log. I have successfully fixed the problem a number of times through Spybot but it continues to reappear after a reboot.

    Hope you can help.

    Cheers

  8. #8
    Security Expert: Visiting Fellow
    Join Date
    Jul 2007
    Posts
    703

    Default

    Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

  9. #9
    Junior Member
    Join Date
    Jul 2007
    Posts
    14

    Default dss scan logs - part 1

    Hi

    See results of dss.exe scan below and in next post.

    ==================================================
    main.txt:

    Deckard's System Scanner v20070711.54
    Run by Stepen on 2007-07-28 at 21:00:20
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 3 Restore Point(s) --
    3: 2007-07-28 11:00:26 UTC - RP3 - Deckard's System Scanner Restore Point
    2: 2007-07-28 04:12:25 UTC - RP2 - Spybot-S&D Spyware removal
    1: 2007-07-27 23:51:57 UTC - RP1 - System Checkpoint


    Backed up registry hives.

    Performed disk cleanup.


    -- HijackThis (run as Stepen.exe) ----------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 9:02:41 PM, on 28/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Telstra\Toolbar\bpumTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Documents and Settings\Stepen\Desktop\dss.exe
    E:\MYDOCU~1\MYDOWN~1\APPLIC~1\HIJACK~1\Stepen.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Resize &Window - C:\Program Files\ietools\resize_window.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Toggle AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9764845A-2609-432B-8504-A0DE05CB1CA5}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    -- HijackThis Fixed Entries (E:\MYDOCU~1\MYDOWN~1\APPLIC~1\HIJACK~1\backups\) --

    backup-20070728-011154-570 O20 - Winlogon Notify: ddcayxu - C:\WINDOWS\
    backup-20070728-011154-643 O2 - BHO: (no name) - {A7EBA094-A0FA-464D-A63C-82C8ACEA55FE} - C:\WINDOWS\system32\ddaby.dll (file missing)
    backup-20070728-011154-782 O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
    backup-20070728-011154-871 O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
    backup-20070728-032609-766 O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - (no file)
    backup-20070728-032609-926 O20 - Winlogon Notify: winmyy32 - winmyy32.dll (file missing)

    -- File Associations -----------------------------------------------------------

    .inf - TextPad.inf - DefaultIcon - %SystemRoot%\System32\shell32.dll,-151
    .inf - TextPad.inf - shell\open\command - "C:\Program Files\TextPad 4\TextPad.exe" -s
    .js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
    .js - JSFile - shell\open\command - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe "%1"
    .txt - TextPad.txt - DefaultIcon - "C:\Program Files\TextPad 4\TextPad.exe",1
    .txt - TextPad.txt - shell\open\command - notepad.exe %1


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
    R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
    R0 ifp700 (iRiver Internet Audio Player IFP-700) - c:\windows\system32\drivers\ifp700.sys <Not Verified; iRiver, Inc.; IFP-100>
    R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft(R) Windows NT(R) Operating System>
    R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
    R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
    R2 LxrSII1d (Secure II Driver) - c:\windows\system32\drivers\lxrsii1d.sys
    R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys

    S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
    S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
    S3 HwIOctl - e:\my documents\my downloads\msi utilities\hwioctl.sys (file missing)
    S3 Memctl - e:\my documents\my downloads\msi utilities\memctl.sys (file missing)
    S3 NTACCESS - d:\ntaccess.sys (file missing)
    S3 PCAlertDriver - c:\program files\msi\core center\ntglm7x.sys (file missing)
    S3 RushTopDevice - c:\program files\msi\core center\rushtop.sys (file missing)

  10. #10
    Junior Member
    Join Date
    Jul 2007
    Posts
    14

    Default dss scan log - part 2

    ... continued ...

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R3 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
    R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

    S2 LxrSII1s (Lexar Secure II) - lxrsii1s.exe (file missing)
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
    S4 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "c:\program files\iomega\autodisk\adservice.exe" <Not Verified; Iomega Corporation; Iomega Active Disk>
    S4 Iomega Activity Disk2 - ""
    S4 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>


    -- Scheduled Tasks -------------------------------------------------------------

    2007-07-28 09:52:36 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


    -- Files created between 2007-06-28 and 2007-07-28 -----------------------------

    2007-07-28 02:57:25 0 d-------- C:\Program Files\Common Files\Java
    2007-07-28 01:49:20 0 d-------- C:\WINDOWS\ERUNT
    2007-07-26 14:51:15 0 d-------- C:\Program Files\Windows Defender
    2007-07-22 17:26:17 0 d-------- C:\Documents and Settings\Stepen\Application Data\Prevx
    2007-07-22 17:25:40 0 d-------- C:\Program Files\Prevx2
    2007-07-22 17:25:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2007-07-22 17:24:16 77312 --a------ C:\WINDOWS\ua2.dll
    2007-07-22 01:49:04 0 d-------- C:\Program Files\Lavasoft
    2007-07-22 01:49:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-07-22 00:44:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-07-22 00:44:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-07-16 20:44:30 42535 ---hs---- C:\WINDOWS\system32\ybadd.ini2
    2007-07-16 19:12:47 0 d-------- C:\Program Files\Common Files\?ystem32
    2007-07-16 19:10:14 0 d-------- C:\Program Files\Norton 360


    -- Find3M Report ---------------------------------------------------------------

    2007-07-28 21:02:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-07-28 09:48:26 292 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-10021102}.dat
    2007-07-28 09:48:26 292 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000003-00001102-00000004-10021102}.dat
    2007-07-28 02:58:06 0 d-------- C:\Program Files\Java
    2007-07-28 02:44:18 0 d-------- C:\Documents and Settings\Stepen\Application Data\Juniper Networks
    2007-07-26 21:57:52 0 d-------- C:\Documents and Settings\Stepen\Application Data\uTorrent
    2007-07-26 17:51:16 0 d-------- C:\Program Files\SpywareBlaster
    2007-07-24 23:51:51 0 d-------- C:\Documents and Settings\Stepen\Application Data\Macromedia
    2007-07-24 15:23:59 0 d-------- C:\Documents and Settings\Stepen\Application Data\U3
    2007-07-22 18:37:19 0 d-------- C:\Documents and Settings\Stepen\Application Data\dvdcss
    2007-07-22 01:49:03 0 d-------- C:\Documents and Settings\Stepen\Application Data\Lavasoft
    2007-07-22 01:47:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-17 02:00:27 0 d-------- C:\Documents and Settings\Stepen\Application Data\Symantec
    2007-07-16 19:19:00 0 d-------- C:\Program Files\Common Files\?ystem32
    2007-07-16 19:12:53 0 d-------- C:\Program Files\Symantec
    2007-07-14 22:15:10 0 d-------- C:\Program Files\Picasa2
    2007-07-14 22:13:42 0 d-------- C:\Program Files\Google
    2007-06-24 15:44:58 46472 -----n--- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    2007-06-23 12:23:30 0 d-------- C:\Documents and Settings\Stepen\Application Data\Adobe
    2007-06-23 12:23:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-06-23 12:19:21 0 d-------- C:\Program Files\Common Files\Adobe
    2007-06-19 22:32:13 0 d-------- C:\Documents and Settings\Stepen\Application Data\Ahead
    2007-06-08 18:16:10 0 d-------- C:\Documents and Settings\Stepen\Application Data\AdobeUM
    2007-06-04 22:14:23 0 d-------- C:\Program Files\Common Files\Ahead
    2007-06-04 22:12:55 0 d-------- C:\Program Files\Nero


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    {1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SetCacheMode"=hex(2):52,75,6e,64,6c,6c,33,32,2e,65,78,65,20,70,74,69,70,62,6d,\
    "AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
    "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
    "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
    "Logitech Utility"="Logi_MwX.Exe"
    "StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
    "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
    "nwiz"="nwiz.exe /install"
    "Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
    "Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
    "Deskup"="C:\\Program Files\\Iomega\\DriveIcons\\deskup.exe"
    "CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
    "CTHelper"="CTHELPER.EXE"
    "CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
    "ADUserMon"="C:\\Program Files\\Iomega\\AutoDisk\\ADUserMon.exe"
    "BigPond Toolbar"="\"C:\\Program Files\\Telstra\\Toolbar\\bpumTray.exe\""
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "RemoteCenter"=""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
    "PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
    "IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
    "BrMfcWnd"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
    "SetDefPrt"="C:\\Program Files\\Brother\\Brmfl06a\\BrStDvPt.exe"
    "ControlCenter3"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
    "Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "PrevxOne"="\"C:\\Program Files\\Prevx2\\PXConsole.exe\""
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "RemoteControl"=""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{857A461D-8D96-4996-A4A0-AEA0A2535B86}"=""

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


    -- End of Deckard's System Scanner: finished at 2007-07-28 at 21:03:30 ---------

    ==================================================

    ... extras.txt in next 2 posts ...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •