View Full Version : I don't know what's wrong
As of a couple days ago my computer has been having internet problems. I have cable and it's never really been a problem; I'm pretty sure it isn't the connection. Sometimes pages don't load and I have to keep clicking the link to get anything to happen. I've run S&D a couple times since it started acting up and it finds a few things each time. Recently it started being "user aborted" when I did no such thing.
I just went through and checked all my processes at processlibrary.com and came up with a bunch that cause me some concern. smss.exe, lsass.exe, svchost.exe, csrss.exe, services.exe, and cftmon.exe all seem to be rated safe and then there are ten more after that that have the same name that are rated very dangerous; most were related to trojans. I also have five or so svchosts.exe and wonder if this is normal.
Where should I start?
JB
Update:
Most of these look familiar. This is from today.
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Excite: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-19 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-01 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-01 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-01 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-01 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-01 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-08-01 Includes\PUPSC.sbi (*)
2007-08-01 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-01 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-01 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
JB
Just did the CA Virus Scanner. 105 entries:
AUNPS2.dll Win32/SillyDl.TK deleted D:\WINDOWS\SYSTEM32\
wintask.exe Win32/SillyDl.MK deleted D:\WINDOWS\SYSTEM32\
pi1_60.exe Win32/SillyDl.ANQ deleted D:\WINDOWS\SYSTEM32\
exp Win32/SillyDl.MK deleted D:\WINDOWS\SYSTEM32\
lttnrtl.dll Win32/Qoologic.Q deleted D:\WINDOWS\SYSTEM32\
drrqnrd.exe Win32/Qoologic.Q deleted D:\WINDOWS\SYSTEM32\
krrke.dll Win32/Qoologic.Q deleted D:\WINDOWS\SYSTEM32\
wuauclt.dll Win32/Qoologic.S deleted D:\WINDOWS\SYSTEM32\
vgactl.cpl Win32/Qoologic.S deleted D:\WINDOWS\SYSTEM32\
exp.exe Win32/SillyDl.MK deleted D:\WINDOWS\SYSTEM32\
installer_MARKETING58.exe Win32/SillyDl.JB deleted D:\WINDOWS\SYSTEM32\
pcs_0026[1].exe Win32/SillyDl.OS deleted D:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\4N4ZUT83\
crsreco.exe Win32/BettInet!generic deleted D:\WINDOWS\TEMP\
spike.exe Win32/BettInet.CM deleted D:\WINDOWS\TEMP\DrTemp\
seedcorn_2_215 Win32/Qoologic!generic deleted D:\WINDOWS\TEMP\
MediaAccessInstPack.exe Win32/WinAd.AE deleted D:\WINDOWS\TEMP\
i1.tmp Win32/Cussifide.A deleted D:\WINDOWS\TEMP\
ActiveX.ocx Win32/Canbede deleted D:\WINDOWS\Downloaded Program Files\
pcs_0026.exe Win32/SillyDl.OS deleted D:\WINDOWS\Downloaded Program Files\
wupdt.exe Win32/SillyDl.GL deleted D:\WINDOWS\
casstub.exe Win32/SillyDl.RN deleted D:\Program Files\CasStub\
pcs_0026[1].exe Win32/SillyDl.OS deleted D:\Documents and Settings\Joseph L. Aldern\Local Settings\Temporary Internet Files\Content.IE5\2NUZKB4L\
upd209[1].exe Win32/Canbede.J deleted D:\Documents and Settings\Gabby\Local Settings\Temporary Internet Files\Content.IE5\ZX7HO7W9\
wupdt.exe Win32/SillyDl.GL deleted D:\Documents and Settings\Hannah\Local Settings\Temp\
upd209[1].exe Win32/Canbede.J deleted D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\8V9CZ9O7\
AppWrap[2].exe Win32/SillyDl.TK deleted D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\S1I781EN\
installer_MARKETING30.exe Win32/SillyDl.JB deleted D:\Documents and Settings\Hannah\
upd209[2].exe Win32/Canbede.J deleted D:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\OVQRA5C7\
66280_3660_2408_2264_62.41.tmp1 Win32/Betalire deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
66400_3660_2408_2796_62.41.tmp1 Win32/Betalire deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
66000_2128_2408_2800_62.41.tmp1 Win32/Betalire deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
131644_2540_2408_2808_62.41.tmp1 Win32/Betalire deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
66002_2316_2408_1140_62.41.tmp Win32/Betalire.D deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
66000_2128_2408_2800_62.41.tmp Win32/Betalire.D deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
262496_2780_2408_2804_62.41.tmp Win32/Betalire.D deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
131644_2540_2408_2808_62.41.tmp Win32/Betalire.D deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
k_817.tmp Win32/Betalire.N deleted D:\Documents and Settings\Laurie\Local Settings\Temp\
silent_setup[1].exe Win32/Betalire.N deleted D:\Documents and Settings\Laurie\Local Settings\Temporary Internet Files\Content.IE5\6YHRABUD\
A0228953.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0229953.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0230956.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0230959.DLL Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0230968.dll Win32/Betalire.B deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0230970.cpl Win32/Qoologic.M deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0230971.exe Win32/Betalire.D deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0230973.dll Win32/Qoologic!generic deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0230974.dll Win32/Qoologic!generic deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0230976.exe Win32/SillyDl.ZP deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\
A0198396.exe Win32/Dyfuca.A deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP328\
A0198400.exe Win32/WinAd.H deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP328\
A0198401.dll Win32/WinAd.O deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP328\
A0203430.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP329\
A0204430.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP330\
A0204436.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP330\
A0205430.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP330\
A0205469.DLL Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP330\
A0206486.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP331\
A0206517.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP331\
A0208549.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP331\
A0209551.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP331\
A0209561.DLL Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP332\
A0209620.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP334\
A0210615.EXE Win32/SillyDl.KU deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP335\
A0210616.exe Win32/SillyDl.TK deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP335\
A0210617.EXE Win32/SillyDl.RN deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP335\
A0210623.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP335\
A0210637.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP335\
A0210657.EXE Win32/Qoologic!generic deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0210671.DLL Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0211671.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0211701.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0212685.exe Win32/SillyDl.TK deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0212699.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0213698.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0214691.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0214713.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP336\
A0215708.exe Win32/BettInet.AY deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP337\
A0215714.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP337\
A0216712.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP337\
A0216726.exe Win32/SillyDl.KU deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP337\
A0216740.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP337\
A0217731.DLL Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP338\
A0217748.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP338\
A0218748.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP338\
A0218777.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP339\
A0219780.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP339\
A0220784.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP339\
A0220801.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP339\
A0220839.cpl Win32/Qoologic.K deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP340\
A0220865.exe Win32/Propo deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP341\
A0220882.cpl Win32/Qoologic.M deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP342\
A0222883.exe Win32/Multidropper.Y deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP342\
A0223886.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP342\
A0223896.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP342\
A0223897.exe Win32/SillyDl.TK deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP342\
A0223907.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP342\
A0224907.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP343\
A0224916.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP343\
A0224925.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP343\
A0228933.dll Win32/Canbede.G deleted D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP343\
zee.exe Win32/Secdrop.JV deleted D:\
unn.exe Win32/Secdrop.JZ deleted D:\
FILE0000.CHK Win32/Clspring!generic deleted D:\FOUND.065\
A0121832.exe Win32/Chisyne.F deleted H:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1301\
A0065709.exe Win32/Chisyne.F deleted H:\System Volume Information\_restore{6D07BC5B-18E3-4247-A474-F89571328FA9}\RP370\
All deleted.
JB
Hello jagoy :)
You have all kinds of infections there in the logs...
Please post a HijackThis log to here: Click here (http://downloads.malwareremoval.com/HijackThis.exe) to download HijackThis.exe
Save HijackThis.exe to your desktop.
Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
Run HijackThis.exe
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:01 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
H:\Program Files\Solidworks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcnews.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\System32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\System32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-americas.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160357163671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160357799140
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2005 - Unknown owner - H:\Program Files\FloWorks\bin\StandAloneSlv.exe (file missing)
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - H:\Program Files\Solidworks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10660 bytes
Thanks :)
JB
Hi again, we'll continue :)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
iWin Games
and any other programs you didn't install or don't recognize - if your not sure please ask first
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following folders (if present):
C:\Program Files\iWin Games
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Reboot in Normal Mode.
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
================
When you're ready, please post the following logs to here:
- Kasperky's report
- a fresh HijackThis log
Lots. That makes me feel like a responsible computer owner. :oops:
KASPERSKY ONLINE SCANNER REPORT
Monday, August 06, 2007 3:29:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/08/2007
Kaspersky Anti-Virus database records: 376165
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 250978
Number of viruses found 52
Number of infected objects 152 / 0
Number of suspicious objects 0
Duration of the scan process 03:35:49
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\medicsp2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Joe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/29 Jul 2007 02:48 from ribanez@byer.com:Error/message.zip/message.txt .exe Infected: Net-Worm.Win32.Mytob.c skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/29 Jul 2007 02:48 from ribanez@byer.com:Error/message.zip Infected: Net-Worm.Win32.Mytob.c skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/02 Aug 2007 21:57 from mmcdonald61@yahoo.com:TEST/document.exe Infected: Net-Worm.Win32.Mytob.c skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/Older than the hills/19 Nov 2004 06:15 from new_account@volcanicdesign.com:Confirmati/volcanicdesign.294.com Infected: Email-Worm.Win32.Sober.i skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 4 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\SupportSoft\medicsp2\Joe\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\History\History.IE5\MSHist012007080620070807\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temp\~DF967.tmp Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP485\A0025700.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP485\change.log Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\wmipdskq.dll Infected: not-a-virus:AdWare.Win32.Hmt skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{783D1B70-120C-4E1E-8AC5-64826FCD9771}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\InetCntrl\applog.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.d skipped
D:\WINDOWS\SYSTEM\UpdInst.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts Infected: Trojan.Win32.Qhost.ew skipped
D:\WINDOWS\SYSTEM32\mxikbdsp.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\rppcfgex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\wbem\wmipdskq.dll Infected: not-a-virus:AdWare.Win32.Hmt skipped
D:\WINDOWS\SYSTEM32\dllcache\wmipdskq.dll Infected: not-a-virus:AdWare.Win32.Hmt skipped
D:\WINDOWS\SYSTEM32\oq7ia7m8.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
D:\WINDOWS\SYSTEM32\vka64k.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\dymstor.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\deusic.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\kg1394.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\ifsecsnp.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\DWngerous Creatures.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\guard.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\sdcsccp.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\mmexcl40.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\jzsh400.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\nlevtmsg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
D:\WINDOWS\SYSTEM32\nsvsvc\nsv.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped
D:\WINDOWS\SYSTEM32\wcv9vcm.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\jPvart.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\aptodisc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\ijs.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\nbevtmsg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\mldtcuiu.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\vlajet32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\cpodm.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\LPCMP80n.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\iFsnap.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\MRCTF.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\mbcomput.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\amtodisc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\auifile.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\czc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\snbcsp.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\snrialui.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\virifier.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\mwsap.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\ULMCLN32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\wcstream.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\cb211_vrml1to2.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\tQembed.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\SYSTEM32\g1395r9t.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
D:\WINDOWS\TEMP\b.com Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\WINDOWS\TEMP\wrapperouter.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
D:\WINDOWS\TEMP\wrapperouter.exe WiseSFX: infected - 1 skipped
D:\WINDOWS\TEMP\wrapperouter.exe WiseSFX Dropper: infected - 1 skipped
D:\WINDOWS\TEMP\upd208.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\TEMP\ICD1.tmp\GRInstall.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
D:\WINDOWS\TEMP\ICD1.tmp\GRInstall.exe NSIS: infected - 1 skipped
D:\WINDOWS\TEMP\upd209.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\WINDOWS\TEMP\iF.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
D:\WINDOWS\Downloaded Program Files\m67m.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.a skipped
D:\WINDOWS\Downloaded Program Files\BundleLite.exe Infected: not-a-virus:AdWare.Win32.Sahat.bl skipped
D:\WINDOWS\fmv-10019.exe Infected: not-a-virus:Dialer.Win32.gen skipped
D:\WINDOWS\msi.exe Infected: Backdoor.Win32.Aimbot.c skipped
D:\WINDOWS\hisistheurls.exe/data.rar/archive comment Infected: Trojan.Win32.Favadd.f skipped
D:\WINDOWS\hisistheurls.exe/data.rar Infected: Trojan.Win32.Favadd.f skipped
D:\WINDOWS\hisistheurls.exe RarSFX: infected - 2 skipped
D:\WINDOWS\stubinstaller4292.exe Infected: Trojan-Downloader.Win32.Small.asf skipped
D:\WINDOWS\bundle_mediamotor1004.exe Infected: not-a-virus:AdWare.Win32.Sahat.aj skipped
D:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
D:\Documents and Settings\All Users\Desktop\Hannah's stuff\FunBuddyIconsSetup2.0.3.7.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
D:\Documents and Settings\Joseph L. Aldern\Local Settings\Temporary Internet Files\Content.IE5\V93023HI\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\Documents and Settings\Joseph L. Aldern\Local Settings\Temporary Internet Files\Content.IE5\GPYFCTUF\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\Documents and Settings\Joseph L. Aldern\Local Settings\Temporary Internet Files\Content.IE5\2NUZKB4L\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\Documents and Settings\Joseph L. Aldern\Local Settings\Temporary Internet Files\Content.IE5\2NUZKB4L\upd209[1].exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\Documents and Settings\Joseph L. Aldern\Application Data\Microsoft\xOutlook\outlook.pst/Personal Folders/e-bay/22 Aug 2000 17:18 from didier.laurent6:Ebay auction : french pos.html Infected: Email-Worm.VBS.KakWorm skipped
D:\Documents and Settings\Joseph L. Aldern\Application Data\Microsoft\xOutlook\outlook.pst Mail MS Mail: infected - 1 skipped
D:\Documents and Settings\Hannah\Local Settings\Temp\b.com Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\Documents and Settings\Hannah\Local Settings\Temp\res8D.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.b skipped
D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\8V9CZ9O7\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\8V9CZ9O7\AppWrap[2].exe Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\S1EJ4HI3\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Small.ru skipped
D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\UHYH0X4B\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\S1I781EN\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\Documents and Settings\Laurie\Local Settings\Temporary Internet Files\Content.IE5\2CRBQ6PX\SRInstall4110[1].cab/BundleLite.exe Infected: not-a-virus:AdWare.Win32.Sahat.bl skipped
D:\Documents and Settings\Laurie\Local Settings\Temporary Internet Files\Content.IE5\2CRBQ6PX\SRInstall4110[1].cab CAB: infected - 1 skipped
D:\Documents and Settings\Laurie\Local Settings\Temporary Internet Files\Content.IE5\6YHRABUD\upd209[1].exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\A0228954.exe/RebateRetriever.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP344\A0228954.exe StarDust: infected - 1 skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP307\A0184725.exe Infected: not-a-virus:AdWare.Win32.WebSearch.af skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP308\A0184751.exe Infected: not-a-virus:AdWare.Win32.WebSearch.af skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP308\A0185750.exe Infected: not-a-virus:AdWare.Win32.WebSearch.af skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP308\A0185764.exe Infected: not-a-virus:AdWare.Win32.WebSearch.af skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP309\A0185783.exe Infected: not-a-virus:AdWare.Win32.WebSearch.af skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP310\A0185808.DLL
Infected: not-a-virus:AdWare.Win32.WebSearch.af skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP310\A0185809.EXE Infected: not-a-virus:AdWare.Win32.WebSearch.af skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP322\A0194185.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP328\A0198397.exe Infected: not-a-virus:AdWare.Win32.WinAD.am skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP328\A0198398.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP339\A0219772.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP339\A0219772.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP343\A0224908.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP343\A0224908.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP343\A0224909.exe Infected: not-a-virus:AdWare.Win32.EZula.ar skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025606.dll Infected: Trojan-Clicker.Win32.Small.ez skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025607.exe Infected: Trojan-Downloader.Win32.Small.abd skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025608.exe Infected: Trojan-Downloader.Win32.Small.aal skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025609.dll Infected: Trojan-Downloader.Win32.Qoologic.af skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025610.exe Infected: Trojan.Win32.Pakes skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025611.dll Infected: Trojan-Downloader.Win32.Qoologic.ak skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025612.dll Infected: Trojan-Downloader.Win32.Qoologic.ae skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025613.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025614.exe Infected: Trojan-Downloader.Win32.Small.abd skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025615.exe Infected: Trojan-Downloader.Win32.Adload.a skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025616.exe Infected: Trojan-Downloader.Win32.Pacer.j skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025617.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025618.exe Infected: Trojan-Clicker.Win32.Agent.fi skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025619.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025620.ocx Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025621.exe Infected: Trojan-Downloader.Win32.Pacer.j skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025622.exe Infected: Trojan-Downloader.Win32.Intexp.c skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025623.exe Infected: Trojan-Downloader.Win32.Agent.qg skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025624.exe Infected: Trojan-Downloader.Win32.Pacer.j skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025625.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025626.exe Infected: Trojan-Downloader.Win32.Intexp.c skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025627.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025628.exe Infected: Trojan-Dropper.Win32.Agent.pb skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025629.exe Infected: Trojan-Downloader.Win32.Adload.a skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025630.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ag skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025631.exe Infected: Trojan-Dropper.Win32.Small.agg skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025632.exe Infected: Trojan-Dropper.Win32.Agent.mm skipped
D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481\A0025633.exe Infected: Trojan-Dropper.Win32.Agent.mm skipped
D:\FOUND.057\FILE0001.CHK Infected: not-a-virus:AdWare.Win32.Wintol.aa skipped
D:\FOUND.058\FILE0000.CHK Infected: not-a-virus:AdWare.Win32.Wintol.aa skipped
D:\To Be Archived\Ben's stuff\spitwadwilly.zip/BBB_PACK.1/SWW2.EXE Infected: VirTool.DOS.VLoader skipped
D:\To Be Archived\Ben's stuff\spitwadwilly.zip/BBB_PACK.1 Infected: VirTool.DOS.VLoader skipped
D:\To Be Archived\Ben's stuff\spitwadwilly.zip ZIP: infected - 2 skipped
D:\GoldMinerSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
D:\C backup files\Outlook.pst/Personal Folders/Inbox/Cache/19 Nov 2004 06:15 from new_account@volcanicdesign.com:Confirmati/volcanicdesign.294.com Infected: Email-Worm.Win32.Sober.i skipped
D:\C backup files\Outlook.pst Mail MS Mail: infected - 1 skipped
D:\Backup0\Windows\Profiles\Ben\Application Data\Identities\{483DAFAC-90F0-49F6-96D9-337DDF5A3E93}\Microsoft\Outlook Express\e-bay.dbx/[From "didier.laurent6" ][Date Tue, 22 Aug 2000 18:59:10 +0200]/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
D:\Backup0\Windows\Profiles\Ben\Application Data\Identities\{483DAFAC-90F0-49F6-96D9-337DDF5A3E93}\Microsoft\Outlook Express\e-bay.dbx/[From "didier.laurent6" ][Date Tue, 22 Aug 2000 18:59:10 +0200]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
D:\Backup0\Windows\Profiles\Ben\Application Data\Identities\{483DAFAC-90F0-49F6-96D9-337DDF5A3E93}\Microsoft\Outlook Express\e-bay.dbx Mail MS Outlook 5: infected - 2 skipped
H:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP485\A0029187.DLL Infected: not-a-virus:AdWare.Win32.Hmt skipped
H:\Misc\Documents and Settings\All Users\Documents\Outlook.pst/Personal Folders/Inbox/Cache/19 Nov 2004 06:15 from new_account@volcanicdesign.com:Confirmati/volcanicdesign.294.com Infected: Email-Worm.Win32.Sober.i skipped
H:\Misc\Documents and Settings\All Users\Documents\Outlook.pst Mail MS Mail: infected - 1 skipped
H:\C Backup 10-7\all users\Outlook.pst/Personal Folders/Inbox/Cache/19 Nov 2004 06:15 from new_account@volcanicdesign.com:Confirmati/volcanicdesign.294.com Infected: Email-Worm.Win32.Sober.i skipped
H:\C Backup 10-7\all users\Outlook.pst Mail MS Mail: infected - 1 skipped
H:\Outlook.pst/Personal Folders/Inbox/Cache/19 Nov 2004 06:15 from new_account@volcanicdesign.com:Confirmati/volcanicdesign.294.com Infected: Email-Worm.Win32.Sober.i skipped
H:\Outlook.pst Mail MS Mail: infected - 1 skipped
Scan process completed.
JB
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:44 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
H:\Program Files\Solidworks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Joe\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcnews.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\System32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\System32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-americas.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160357163671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160357799140
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2005 - Unknown owner - H:\Program Files\FloWorks\bin\StandAloneSlv.exe (file missing)
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - H:\Program Files\Solidworks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10716 bytes
JB
Ok lots of infections...
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Did you want me to use Kaspersky to fix what it found or just post the log? I still have the window open.
JB
ComboFix 07-08-07.6 - "Joe" 2007-08-07 12:35:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.617 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
H:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 12:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-06 11:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-06 11:15 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-29 19:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-07-29 19:55 <DIR> d-------- C:\Program Files\twc
2007-07-29 19:54 7,028,144 --a------ C:\DOCUME~1\Joe\medic6.exe
2007-07-19 15:30 <DIR> d-------- C:\DOCUME~1\Joe\APPLIC~1\Petroglyph
2007-07-19 15:27 <DIR> d-------- C:\DOCUME~1\Joe\APPLIC~1\LucasArts
2007-07-19 14:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-18 10:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Musicnotes
2007-07-17 20:33 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-16 23:18 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-14 09:48 <DIR> d-------- C:\Program Files\iTunes
2007-07-14 09:48 <DIR> d-------- C:\Program Files\iPod
2007-07-14 09:45 <DIR> d-------- C:\Program Files\QuickTime
2007-07-14 09:41 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-14 09:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-08 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\COSMOS Applications
2007-07-08 12:22 <DIR> d-------- C:\Program Files\Common Files\eDrawings2006
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-02 14:53 --------- d-------- C:\Program Files\BFG
2007-07-29 20:42 --------- d-------- C:\Program Files\SpywareBlaster
2007-07-29 19:55 --------- d-------- C:\Program Files\MEDIC
2007-07-29 19:55 --------- d-------- C:\Program Files\Common Files\supportsoft
2007-07-29 13:53 --------- d-------- C:\Program Files\Oberon Media
2007-07-29 13:52 --------- d-------- C:\Program Files\VirtualVillagers_at
2007-07-29 13:52 --------- d-------- C:\Program Files\Virtual Villagers
2007-07-29 13:51 --------- d-------- C:\Program Files\Shockwave.com
2007-07-29 13:50 --------- d-------- C:\Program Files\Fairy Godmother Tycoon
2007-07-29 13:50 --------- d-------- C:\Program Files\AOL Games
2007-07-29 13:49 --------- d-------- C:\Program Files\Fairy Treasure
2007-07-20 14:31 --------- d-------- C:\DOCUME~1\Joe\APPLIC~1\SolidWorks
2007-07-19 14:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-17 10:35 87104 --a------ C:\DOCUME~1\Joe\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-14 10:37 --------- d-------- C:\DOCUME~1\Joe\APPLIC~1\Apple Computer
2007-07-14 09:42 --------- d-------- C:\Program Files\Apple Software Update
2007-07-08 18:35 --------- d-------- C:\Program Files\Picasa2
2007-07-08 09:21 --------- d-------- C:\Program Files\Common Files\SolidWorks Shared
2007-07-07 06:43 --------- d-------- C:\Program Files\Avery Wizard 3.0
2007-06-30 13:26 --------- d-------- C:\Program Files\LucasArts
2007-06-16 20:06 --------- d-------- C:\DOCUME~1\Joe\APPLIC~1\PlayFirst
2007-06-13 23:32 --------- d-------- C:\DOCUME~1\Joe\APPLIC~1\Skype
2007-06-12 21:53 --------- d-------- C:\Program Files\The Magicians Handbook - Cursed Valley
2007-06-12 21:53 --------- d-------- C:\Program Files\Snapshot Adventures - Secret of Bird Island
2007-06-12 21:34 --------- d-------- C:\DOCUME~1\Joe\APPLIC~1\BFGTOOLBAR
2007-06-12 21:31 --------- d-------- C:\Program Files\Google
2007-06-11 16:43 --------- d-------- C:\DOCUME~1\Joe\APPLIC~1\U3
2007-05-16 08:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 02:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-02-10 10:36 774144 --a------ C:\Program Files\RngInterstitial.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"InetCntrl"="C:\WINDOWS\System32\InetCntrl\InetCntrl.exe" [2006-07-07 08:37]
"BJPD HID Control"="C:\Program Files\Canon\BJPV\TVMon.exe" [2003-01-21 16:35]
"BJLaunchEXE"="C:\Program Files\Canon\BJCard\BJLaunch.exe" [2002-12-20 14:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 16:15]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 18:04]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-16 23:22]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 11:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-07 10:32]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 08:29]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 04:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
R1 bsofrwl;bsofrwl;C:\WINDOWS\system32\drivers\bsofrwl.sys
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe /service /p medicsp2
R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 P16X;Creative SB Live! Series (WDM);C:\WINDOWS\system32\drivers\P16X.sys
R3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys
S3 CYGF32X;CYGF32X;C:\WINDOWS\system32\drivers\CygF32x.sys
S3 PortTalk;PortTalk;C:\WINDOWS\system32\Drivers\PortTalk.sys
S3 Remote Solver for COSMOSFloWorks 2005;Remote Solver for COSMOSFloWorks 2005;H:\Program Files\FloWorks\bin\StandAloneSlv.exe
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchEAW.exe
Contents of the 'Scheduled Tasks' folder
2007-08-07 18:49:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-07 10:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 12:39:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 12:40:07
C:\ComboFix-quarantined-files.txt ... 2007-08-07 12:39
--- E O F ---
JB
Hi again, we'll continue :)
You may close the kaspersky window as kaspersky won't clean anything - it just displays the report.
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Please run Killbox.
Select "Delete on Reboot".
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\$NtServicePackUninstall$\wmipdskq.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
D:\WINDOWS\SYSTEM\UpdInst.exe
D:\WINDOWS\SYSTEM32\mxikbdsp.
D:\WINDOWS\SYSTEM32\rppcfgex.dll
D:\WINDOWS\SYSTEM32\wbem\wmipdskq.dll
D:\WINDOWS\SYSTEM32\dllcache\wmipdskq.dll
D:\WINDOWS\SYSTEM32\oq7ia7m8.ini Infected:
D:\WINDOWS\SYSTEM32\vka64k.dll
D:\WINDOWS\SYSTEM32\dymstor.dll
D:\WINDOWS\SYSTEM32\deusic.dll
D:\WINDOWS\SYSTEM32\kg1394.dll
D:\WINDOWS\SYSTEM32\ifsecsnp.dll
D:\WINDOWS\SYSTEM32\DWngerous Creatures.dll
D:\WINDOWS\SYSTEM32\guard.tmp
D:\WINDOWS\SYSTEM32\sdcsccp.dll
D:\WINDOWS\SYSTEM32\mmexcl40.dll
D:\WINDOWS\SYSTEM32\jzsh400.dll
D:\WINDOWS\SYSTEM32\nlevtmsg.dll
D:\WINDOWS\SYSTEM32\wcv9vcm.dll
D:\WINDOWS\SYSTEM32\jPvart.dll
D:\WINDOWS\SYSTEM32\aptodisc.dll
D:\WINDOWS\SYSTEM32\ijs.dll
D:\WINDOWS\SYSTEM32\nbevtmsg.dll
D:\WINDOWS\SYSTEM32\mldtcuiu.dll
D:\WINDOWS\SYSTEM32\vlajet32.dll
D:\WINDOWS\SYSTEM32\cpodm.dll
D:\WINDOWS\SYSTEM32\LPCMP80n.DLL
D:\WINDOWS\SYSTEM32\iFsnap.dll
D:\WINDOWS\SYSTEM32\MRCTF.dll
D:\WINDOWS\SYSTEM32\mbcomput.dll
D:\WINDOWS\SYSTEM32\amtodisc.dll
D:\WINDOWS\SYSTEM32\auifile.dll
D:\WINDOWS\SYSTEM32\czc.dll
D:\WINDOWS\SYSTEM32\snbcsp.dll
D:\WINDOWS\SYSTEM32\snrialui.dll
D:\WINDOWS\SYSTEM32\virifier.dll
D:\WINDOWS\SYSTEM32\mwsap.dll
D:\WINDOWS\SYSTEM32\ULMCLN32.DLL
D:\WINDOWS\SYSTEM32\wcstream.dll
D:\WINDOWS\SYSTEM32\cb211_vrml1to2.dll
D:\WINDOWS\SYSTEM32\tQembed.dll
D:\WINDOWS\SYSTEM32\g1395r9t.ini
D:\WINDOWS\TEMP\b.com
D:\WINDOWS\TEMP\wrapperouter.exe
D:\WINDOWS\TEMP\upd208.exe
D:\WINDOWS\TEMP\ICD1.tmp
D:\WINDOWS\TEMP\upd209.exe
D:\WINDOWS\TEMP\iF.tmp
D:\WINDOWS\Downloaded Program Files\m67m.ocx
D:\WINDOWS\Downloaded Program Files\BundleLite.exe
D:\WINDOWS\fmv-10019.exe
D:\WINDOWS\msi.exe
D:\WINDOWS\hisistheurls.exe
D:\WINDOWS\stubinstaller4292.exe
D:\WINDOWS\bundle_mediamotor1004.exe
D:\Documents and Settings\All Users\Desktop\Hannah's stuff\FunBuddyIconsSetup2.0.3.7.exe
D:\Documents and Settings\Hannah\Local Settings\Temp\b.com
D:\Documents and Settings\Hannah\Local Settings\Temp\res8D.tmp
D:\To Be Archived\Ben's stuff\spitwadwilly.zip
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Select "All Files".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
Restart your computer to the safe mode:
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
b.com;C:\!KillBox;Adware.Exact;Incurable.Moved.;
b.com( 1);C:\!KillBox;Trojan.DownLoader.4537;Deleted.;
BundleLite.exe;C:\!KillBox;Trojan.Isbar.455;Deleted.;
bundle_mediamotor1004.exe;C:\!KillBox;Adware.SAHAgent;Incurable.Moved.;
czc.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
deusic.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
DWngerous Creatures.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
dymstor.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
fmv-10019.exe;C:\!KillBox;Dialer.Star;Incurable.Moved.;
FunBuddyIconsSetup2.0.3.7.exe;C:\!KillBox;Trojan.MulDrop.1326;Deleted.;
guard.tmp;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
iF.tmp;C:\!KillBox;Adware.Surfside;Incurable.Moved.;
ifsecsnp.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
iFsnap.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
jPvart.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
jzsh400.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
kg1394.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
LPCMP80n.DLL;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
m67m.ocx;C:\!KillBox;Trojan.DownLoader.2489;Deleted.;
mbcomput.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
mmexcl40.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
MRCTF.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
msi.exe;C:\!KillBox;Win32.HLLW.Aimal;Deleted.;
mwsap.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
nbevtmsg.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
nlevtmsg.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
popcaploader.dll;C:\!KillBox;Program.PopcapLoader;Incurable.Moved.;
res8D.tmp;C:\!KillBox;Adware.nCase;Incurable.Moved.;
rppcfgex.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
sdcsccp.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
stubinstaller4292.exe;C:\!KillBox;Trojan.DownLoader.2357;Deleted.;
tQembed.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
ULMCLN32.DLL;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
upd208.exe;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
upd209.exe;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
UpdInst.exe;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
virifier.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
vka64k.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
wcstream.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
wcv9vcm.dll;C:\!KillBox;Adware.Look2me;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.3.30.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Moved.;
aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;Incurable.Moved.;
slghex.dll;C:\Program Files\Common Files\Sandlot Shared;Adware.SpywareStorm;Incurable.Moved.;
bcont.exe;C:\Program Files\HERACTSTG\smartaccess;Probably WIN.WORM.Virus;Incurable.Moved.;
bcont.exe;C:\Program Files\twc\medicsp2\agent\bin;Probably WIN.WORM.Virus;Incurable.Moved.;
bcont_nm.exe;C:\Program Files\twc\medicsp2\agent\bin;Probably WIN.WORM.Virus;Incurable.Moved.;
sprtsync.dll;C:\Program Files\twc\medicsp2\bin;Probably WIN.WORM.Virus;Incurable.Moved.;
sprtupdate.dll;C:\Program Files\twc\medicsp2\bin;Probably DLOADER.Trojan;Incurable.Moved.;
A0025434.exe;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP477;Adware.Xbarre;Incurable.Moved.;
A0025448.rbf;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP477;Probably WIN.WORM.Virus;Incurable.Moved.;
A0025453.rbf;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP477;Probably DLOADER.Trojan;Incurable.Moved.;
A0025466.rbf;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP477;Probably WIN.WORM.Virus;Incurable.Moved.;
A0030082.exe;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.Isbar.455;Deleted.;
A0030083.exe;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.MulDrop.1326;Deleted.;
A0030084.ocx;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.DownLoader.2489;Deleted.;
A0030085.exe;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Win32.HLLW.Aimal;Deleted.;
A0030086.exe;C:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.DownLoader.2357;Deleted.;
GoldMinerSetup-dm.exe;D:\;Adware.TryMedia;Incurable.Moved.;
unstall.exe;D:\WINDOWS;Adware.SAHAgent;Incurable.Moved.;
Terminator.exe;D:\WINDOWS\OPTIONS\CABS;Trojan.KillApp.30208;Deleted.;
nsvs.dll;D:\WINDOWS\SYSTEM32\nsvsvc;Adware.Delfin;Incurable.Moved.;
nsv.ocx;D:\WINDOWS\SYSTEM32\nsvsvc;Adware.Delfin;Incurable.Moved.;
GRInstall.exe;D:\WINDOWS\TEMP\ICD1.tmp;Adware.SAHAgent;Incurable.Moved.;
Terminator.exe;D:\HP\bin;Trojan.KillApp.30208;Deleted.;
RemoveDisplayUtility.exe;D:\Program Files\Common Files\Uninstall Information;Adware.Delfin;Incurable.Moved.;
ycomp4
MyYahoo.dll;D:\Program Files\Yahoo!\Messenger;Probably STPAGE.Trojan;Incurable.Moved.;
WxBug.EXE;D:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
asp(vbs)_html.cct;D:\Program Files\HTML-Helper\Webmaster3\autocomplete;Probably SCRIPT.Virus;Incurable.Moved.;
vbs_script.cct;D:\Program Files\HTML-Helper\Webmaster3\autocomplete;Probably SCRIPT.Virus;Incurable.Moved.;
vbs_script_html.cct;D:\Program Files\HTML-Helper\Webmaster3\autocomplete;Probably SCRIPT.Virus;Incurable.Moved.;
Starware.dll;D:\Program Files\Starware\bin;Adware.Starware;Incurable.Moved.;
AppWrap[1].exe;D:\Documents and Settings\Joseph L. Aldern\Local Settings\Temporary Internet Files\Content.IE5\V93023HI;Trojan.DownLoader.4537;Deleted.;
AppWrap[1].exe;D:\Documents and Settings\Joseph L. Aldern\Local Settings\Temporary Internet Files\Content.IE5\GPYFCTUF;Trojan.MulDrop.2548;Deleted.;
upd209[1].exe;D:\Documents and Settings\Joseph L. Aldern\Local Settings\Temporary Internet Files\Content.IE5\2NUZKB4L;Adware.Look2me;Incurable.Moved.;
MiniBug.exe;D:\Documents and Settings\Hannah\Local Settings\Temp;Adware.Aws;Incurable.Moved.;
AppWrap[1].exe;D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\S1EJ4HI3;Trojan.MulDrop.1867;Deleted.;
AppWrap[1].exe;D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\UHYH0X4B;Trojan.MulDrop.2785;Deleted.;
recinst[1].exe;D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\UHYH0X4B;Adware.Nexus;Incurable.Moved.;
AppWrap[1].exe;D:\Documents and Settings\Hannah\Local Settings\Temporary Internet Files\Content.IE5\S1I781EN;Trojan.MulDrop.2321;Deleted.;
upd209[1].exe;D:\Documents and Settings\Laurie\Local Settings\Temporary Internet Files\Content.IE5\6YHRABUD;Adware.Look2me;Incurable.Moved.;
A0184725.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP307;Adware.IESearch;Incurable.Moved.;
A0184751.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP308;Adware.IESearch;Incurable.Moved.;
A0185750.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP308;Adware.IESearch;Incurable.Moved.;
A0185764.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP308;Adware.IESearch;Incurable.Moved.;
A0185783.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP309;Adware.IESearch;Incurable.Moved.;
A0185808.DLL;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP310;Adware.IESearch;Incurable.Moved.;
A0185809.EXE;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP310;Adware.IESearch;Incurable.Moved.;
A0192148.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP321;Probably DLOADER.Trojan;Incurable.Moved.;
A0198397.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP328;Adware.Winad;Incurable.Moved.;
A0198398.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP328;Adware.nCase;Incurable.Moved.;
A0224909.exe;D:\System Volume Information\_restore{DE4324AB-E0B4-4DB4-8DC0-95F6DFC2337C}\RP343;Adware.Ezula;Incurable.Moved.;
A0025606.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.DownLoader.2066;Deleted.;
A0025607.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.DownLoader.1895;Deleted.;
A0025608.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.DownLoader.3197;Deleted.;
A0025609.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Nexus;Incurable.Moved.;
A0025610.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Nexus;Incurable.Moved.;
A0025611.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Nexus;Incurable.Moved.;
A0025612.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Nexus;Incurable.Moved.;
A0025613.cpl;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Nexus;Incurable.Moved.;
A0025614.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.DownLoader.1895;Deleted.;
A0025615.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Exact;Incurable.Moved.;
A0025616.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.PaciMedia;Incurable.Moved.;
A0025617.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.nCase;Incurable.Moved.;
A0025618.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.BetterInternet;Incurable.Moved.;
A0025619.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Winad;Incurable.Moved.;
A0025620.ocx;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Look2me;Incurable.Moved.;
A0025621.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.PaciMedia;Incurable.Moved.;
A0025622.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.DownLoader.2369;Deleted.;
A0025623.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Casclient;Incurable.Moved.;
A0025624.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.PaciMedia;Incurable.Moved.;
A0025625.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Look2me;Incurable.Moved.;
A0025626.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.DownLoader.2369;Deleted.;
A0025627.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Look2me;Incurable.Moved.;
A0025628.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.MulDrop.2361;Deleted.;
A0025629.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Exact;Incurable.Moved.;
A0025630.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Adware.Look2me;Incurable.Moved.;
A0025631.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.MulDrop.6723;Deleted.;
A0025632.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP481;Trojan.MulDrop.2324;Deleted.;
A0030015.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030016.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030019.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030020.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030021.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030022.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030023.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030024.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030025.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030026.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030027.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030028.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030029.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030030.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030033.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030037.DLL;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030038.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030039.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030040.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030043.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030046.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030047.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030048.DLL;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030049.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030051.dll;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030053.com;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.DownLoader.4537;Deleted.;
A0030055.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030056.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Look2me;Incurable.Moved.;
A0030057.ocx;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.DownLoader.2489;Deleted.;
A0030058.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.Isbar.455;Deleted.;
A0030059.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Dialer.Star;Incurable.Moved.;
A0030060.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Win32.HLLW.Aimal;Deleted.;
A0030062.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.DownLoader.2357;Deleted.;
A0030063.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.SAHAgent;Incurable.Moved.;
A0030064.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.MulDrop.1326;Deleted.;
A0030065.com;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Adware.Exact;Incurable.Moved.;
A0030087.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.KillApp.30208;Deleted.;
A0030088.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.KillApp.30208;Deleted.;
A0030089.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.DownLoader.4537;Deleted.;
A0030090.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.MulDrop.2548;Deleted.;
A0030091.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.MulDrop.1867;Deleted.;
A0030092.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.MulDrop.2785;Deleted.;
A0030093.exe;D:\System Volume Information\_restore{22897342-D8D2-48B8-B80E-07F9E7331532}\RP487;Trojan.MulDrop.2321;Deleted.;
FILE0001.CHK;D:\FOUND.057;Adware.Websearch;Incurable.Moved.;
FILE0000.CHK;D:\FOUND.058;Adware.Websearch;Incurable.Moved.;
Terminator.exe;D:\Backup0\HP\bin;Trojan.KillApp.30208;Deleted.;
ADMIN01.DOC;H:\Hannah\Hannah\My Documents\Backup flash drive 531\Career;W97M.Pri;Cured.;
WxBug.EXE;H:\C Backup 10-7\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
MiniBugTransporter.dll;H:\C Backup 10-7\Program Files\AWS\WeatherBug;Adware.Aws;Incurable.Moved.;
MiniBugTransporter.dll;H:\C Backup 10-7\Program Files\Common Files\Real\WeatherBug;Adware.Minibug;Incurable.Moved.;
ADMIN01.DOC;H:\C Backup 10-7\desktop\Hannah\My Documents\Backup flash drive 531\Career;W97M.Pri;Cured.;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:59 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
H:\Program Files\Solidworks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Joe\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcnews.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\System32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\System32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O10 - Unknown file in Winsock LSP: inetcntrl0002.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-americas.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160357163671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160357799140
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2005 - Unknown owner - H:\Program Files\FloWorks\bin\StandAloneSlv.exe (file missing)
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - H:\Program Files\Solidworks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10308 bytes
JB
Ok looks better now :)
How is the computer running? Any issues?
It still takes a while to load web pages. Perhaps malware wasn't causing that problem. I greatly appreciate your help.
JB
Hmm that might not be malware related...
One more scan just in case...
Please run a GMER Rootkit scan:
Download GMER's application from here:
http://www.gmer.net/gmer.zip
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Warning ! Please, do not select the "Show all" checkbox during the scan.
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-10 13:08:58
Windows 5.1.2600 Service Pack 2
---- User code sections - GMER 1.0.13 ----
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2284] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\MsnMsgr.Exe
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7BE020A] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7BE0258] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7BE0482] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7BE04B0] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7BE0482] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7BE0258] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7BE020A] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F7BE020A] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F7BE0258] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F7BE04B0] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F7BE0482] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7BE0482] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7BE04B0] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7BE020A] \SystemRoot\System32\Drivers\bsofrwl.SYS
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7BE0258] \SystemRoot\System32\Drivers\bsofrwl.SYS
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01737376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3788] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL
---- EOF - GMER 1.0.13 ----
JB
Hello :)
Nothing bad there...
You don't seem to have a third-party firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:
These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Comodo (http://www.personalfirewall.comodo.com)
You don't have an antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) on your computer, you must install one antivirus. Otherwise you'll get infected again.
These are good (free) antiviruses: AVG (http://free.grisoft.com)
Antivir (http://www.free-av.com)
Avast (http://www.avast.com)
Then you have a lot of unnecessary programs running that. These slow your computer and possibly the internet too... I'll recommend that you follow this list for speed up hints -> link (http://www.castlecops.com/postitle175256-0-0-.html)
Post a fresh HjT log when you're ready :bigthumb:
This topic has been archived due to lack of a response. :scratch:
If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.