PDA

View Full Version : Help! Having problems misc virus/malware


gwjunk
2007-10-14, 23:06
Help! Having problems misc virus/malware.

I've read and printed must of the "stickies" in the forum and followed your instructions
I ran Kaspersky and saved the log. Removed everything in red with Spybot in safe mode. Ran HJT and saved the log.

I do run some P2P programs, plus have had some various other issues. My Webroot Spysweeper and Peer Guardian will crash every so often. There are times when my print command will not work. (This was especailly a problem when I was trying to print out the forum info.) And finally, when I first tried to install Spybot it beeped half a dozen times and would not install.

I installed Avast antivirus, AVG antispam and antirootkit, Webroot Spysweeper, Windows defender and obviously Spybot.

Please, please HELP!!!!!!!

Thanks GW

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 2:03:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435792
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52099
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:13:36

Infected Object Name / Virus Name / Last Action
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10082007-210810.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FC33473.tmp/APSV1.EXE Infected: not-a-virus:PSWTool.Win32.APS.12 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FC33473.tmp ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FC33473.tmp CryptFF: infected - 1 skipped
C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\a05evony.default\cert8.db Object is locked skipped
C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\a05evony.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\a05evony.default\history.dat Object is locked skipped
C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\a05evony.default\key3.db Object is locked skipped
C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\a05evony.default\parent.lock Object is locked skipped
C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\a05evony.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\a05evony.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Greg\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{621B3576-5BFD-4A06-8BC2-CC996EA5F5F7} Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Mozilla\Firefox\Profiles\a05evony.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Mozilla\Firefox\Profiles\a05evony.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Mozilla\Firefox\Profiles\a05evony.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Application Data\Mozilla\Firefox\Profiles\a05evony.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Temp\~DF4D61.tmp Object is locked skipped
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Greg\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Greg\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\epvmrslf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\nkvlkppa.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\WINDOWS\system32\rmubcphu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\sienveip.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\ttpoehoc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped
C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:44 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 87.237.58.28:3128
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.rr.com"); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102048806690
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7116 bytes
Shaba
2007-10-15, 16:44
Hi gwjunk

Rename HijackThis.exe to gwjunk.exe and post back a fresh HijackThis log, please :)
gwjunk
2007-10-16, 06:52
Shaba,

Thank you for the assistance.
Below is the revised HJT log from the renamed file gwjunk.exe.
I've also included a revised Kaspersky log (next post).
I'm just curious, why did you have me rename the HJT app?

Again, thanks for the help.

GW


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:31 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Greg\Desktop\gwjunk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 87.237.58.28:3128
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.rr.com"); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {559CCA3B-C056-49C7-8F9C-E21EDB7D482E} - C:\WINDOWS\system32\nnnnk.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\yrsecgwj.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\tuvuvsq.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102048806690
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: tuvuvsq - tuvuvsq.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8068 bytes
gwjunk
2007-10-16, 07:01
Scan Statistics:
Total number of scanned objects: 52219
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 02:16:30
Infected Object Name / Virus Name / Last Action
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Set...\All Users\App...Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Set...\All Users\App...Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Set...\All Users\App...Data\Microsoft\Windows Defender\Support\MPLog-10082007-210810.log Object is locked skipped
C:\Documents and Set...\All Users\App...Data\Symantec\Norton AntiVirus\Quarantine\4FC33473.tmp/APSV1.EXE Infected: not-a-virus:PSWTool.Win32.APS.12 skipped
C:\Documents and Set...\All Users\App...Data\Symantec\Norton AntiVirus\Quarantine\4FC33473.tmp ZIP: infected - 1 skipped
C:\Documents and Set...\All Users\App...Data\Symantec\Norton AntiVirus\Quarantine\4FC33473.tmp CryptFF: infected - 1 skipped
C:\Documents and Set...\Greg\App...Data\Webroot\Spy Sweeper\Logs\071015201548.ses Object is locked skipped
C:\Documents and Set...\Greg\Cookies\index.dat Object is locked skipped
C:\Documents and Set...\Greg\Local Settings\App...Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Set...\Greg\Local Settings\App...Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Set...\Greg\Local Settings\App...Data\Microsoft\Windows Defender\FileTracker\{9BD093D0-BD4D-42E2-8795-A229C124954F} Object is locked skipped
C:\Documents and Set...\Greg\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Set...\Greg\Local Settings\History\History.IE5\MSHist012007101520071016\index.dat Object is locked skipped
C:\Documents and Set...\Greg\Local Settings\Temp\~DF1CA4.tmp Object is locked skipped
C:\Documents and Set...\Greg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Set...\Greg\Local Settings\Temporary Internet Files\Content.IE5\W5UJ8XE3\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Set...\Greg\NTUSER.DAT Object is locked skipped
C:\Documents and Set...\Greg\ntuser.dat.LOG Object is locked skipped
C:\Documents and Set...\Greg\UserData\index.dat Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS00DE32E4-50B2-4AAA-8AE7-EDEA71E12321.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS01845FBF-9E25-487C-BF46-1BDC87F39A4A.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS0248DCF3-54A0-430B-B204-6DA356B79412.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS0408B3B8-4178-48FB-A41C-E67F559971E1.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS04F8B289-8836-45D1-87CF-8A58568135E5.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS0B846540-4CEB-4EBC-8AA3-86E3EA6EC34C.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS101EBD7E-7115-4278-83DB-2E834A1BD5FA.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS150481BD-0FC0-415A-A862-71E7E39B122E.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS1649DEAA-00A3-491B-88BD-1DF33F91ABDD.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS17683FCE-F1EF-4ACA-B23D-934D59185770.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS17B0C6E2-59FA-4A56-82C0-54B077036ECF.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS17E9F824-BCC4-4B1F-AA80-59B1C9267195.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS1B124BE5-69C9-4838-B649-49D137D7CDBF.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS1B79C222-678E-4E3A-B430-688137EC8984.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS1E042FAF-7368-476D-8234-C2D58A07E6C8.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS21606884-0B3C-429F-AE6C-5DDEAFEBAB3A.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS229896C9-AAEC-4A1A-93AA-A4742A7181F0.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS232DA727-718F-479D-BBB3-1BA0A20EE378.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS23E293A3-AC19-48BD-9F9F-E5DA95F70B93.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS25D866FD-9B65-4898-8321-8E7F15D4BCF3.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS27180B21-38F5-42F9-9D08-EAE2FA4881A9.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS285314C9-657A-4821-8E51-5EDFFDB91896.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS2F217CDC-C7BE-424D-AC52-19493130408A.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS30787EFA-9F92-4684-9DC6-06F49E7DEF1D.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS31D8F171-2535-4D55-A0CD-ABB7E077260B.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS37673831-F149-478D-AEF7-D855A1CE1B4E.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS37FD56A3-1826-40F2-93B2-9E9E4649BF3A.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS382CAB00-6D7D-4A89-AECF-08089C06A336.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS3C86C2CF-E89C-4523-B20D-63BCF243D685.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS3C9C84FD-EC23-4531-BC4A-ED239CD8A71D.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS3D94790C-5875-4766-8EF9-38CD3328146A.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS405D8F86-82CA-4D6E-AE87-47D083FDB46F.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS43942ADB-3902-4ADB-B01F-D9B800218289.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS4987096A-4690-4790-A0D6-43E6942998B9.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS4C559EC4-150B-4291-BD42-3F3C58CD26B2.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS4EA0C26D-17DD-4850-872D-59859F2C803F.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS4FA41B0F-BCED-4D9E-B2FA-67467263AF7D.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS55E71AA9-C566-414C-878D-5111ED3EE5D6.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS58AA15F2-BAB1-4DE5-8436-5A4CB686390C.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS5B2D80C0-6088-46F2-B26B-7FF90F337C63.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS63AFEF26-49DA-4B31-B958-B1A21FCF3C06.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS6413448A-5086-42EE-B22E-93D69A21496C.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS652BAFFE-389F-44F0-854E-F8C4D5DC60A8.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS68D6166B-C30B-498F-A6D8-DFD07B085C50.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS69BF3E2E-9E9B-4D29-B603-A6988B5C6565.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS6A74CC2C-A009-49FE-98CF-02E6911A3274.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS6AA68659-6160-4586-9B3A-033D5967308E.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS6BA88BB9-4CC8-470A-9A99-391C969B240B.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS72BEB450-2628-4C43-B7A3-5B0D0653FE48.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS75A99B78-3D34-4EA8-8018-12D242B9A0FD.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS7DB8E38D-9F09-4A16-879F-D8AFF3014533.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS7E8F9114-8FE1-4258-8B28-57116A0D2C53.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS8076EF08-6AFC-4ED9-BC53-0C1BDC621CC2.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS814D8801-37E8-4252-A449-EFD2E5789827.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS83F08B08-13A0-403B-85EF-754ED827B2F4.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS861223EC-2E8E-46EE-9D17-92DC35FD373C.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS87BCBC7E-132B-4D35-ACC1-C8A26300E7E2.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS88867FF3-2193-4D50-8CE2-578A36A586B4.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS8C3B57D9-385D-4C90-907F-CD7A7CA8A5C9.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS8CD157A0-040D-4298-BD93-111B5078EFAC.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS8EE77A20-5C8D-441B-92F0-3511F9CCA733.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS98E38C35-8E30-4B62-9B83-E8F4F76433DC.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMS999A0F29-BA40-4B4C-8DCC-1F4F62CF0DBB.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSA039D21F-5170-4C7C-BB8D-3958F0E45666.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSA16E3C01-CF50-4C7A-9092-DE9D1847AB62.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSA4124B2F-EAE9-4C74-8093-B99771806FC6.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSA412F666-A055-4135-9CD5-FF03141D2D3C.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSA97E5DA5-5E0F-4ADD-AE4E-3165FFDD9C61.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSAD05E1DF-656A-494F-96AA-CD28B0797837.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSAFE1ACE4-6667-4C54-950D-4CDB6C921A47.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSB0C64847-FE81-4F56-8655-1FAF7500CA43.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSB278018D-9878-47D3-9C1E-52DB5B6EA7DF.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSB4F33B90-70A3-4CFA-AF67-CA896F80B566.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSB520B6F9-F6BE-475B-9712-9FD6BE0516E7.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSB68E8377-FFE1-4F50-A094-A486B9D3AF0E.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSB7C3116D-14E6-49A2-A0E3-8A0DF9160FCF.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSB7E6FB6C-3D4C-4C55-B4F8-A3E5FF7D6119.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSBB886AB6-D807-4A53-80A1-65EEA435732A.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSC1915661-3F45-4BEE-81A9-FD6D4FB1EB5B.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSC1E0325C-60D1-49AD-BEE1-2F23E7BE7199.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSC266C029-0E6D-4C0A-879A-CBE50B4EA148.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSC513AF18-9247-4E8D-A7B6-E31925347909.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSCF62146B-7329-429E-946A-4FB5E7DC85D1.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSDF17E1A9-8FFB-465B-B9F3-E105079A484B.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSEB18A809-07B8-4BD3-9468-D0B393AC0526.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSED409477-F7C2-48E7-BDF6-FBD75EA26FC0.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSF5C4C2E1-D1FD-4898-9816-7E9DF12EB22F.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSF68A9FCB-189D-4A8D-B12A-B49985166053.tmp Object is locked skipped
C:\Documents and Set...\LocalService\App...Data\Webroot\Spy Sweeper\Temp\SSMSF713C46F-578D-4E3C-9C22-2A5429B3F0C8.tmp Object is locked skipped
C:\Documents and Set...\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Set...\LocalService\Local Settings\App...Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Set...\LocalService\Local Settings\App...Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Set...\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Set...\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Set...\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Set...\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Set...\NetworkService\Local Settings\App...Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Set...\NetworkService\Local Settings\App...Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Set...\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Set...\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\epvmrslf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\nkvlkppa.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\WINDOWS\system32\rmubcphu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\WINDOWS\system32\ttpoehoc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Shaba
2007-10-16, 07:05
Hi

1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
gwjunk
2007-10-17, 04:35
Here is the ComboFix log. The revised HJT Log follows in the next post.

When I ran ComboFix, I kept getting "Freeware implementation of REG.EXE (or SED.CFEXE) has encountered a problem and needs to close. We are sorry for the inconvenience." messages. Hopefully this didn't effect the scan.

______________________________________

ComboFix 07-10-16.1 - Greg 2007-10-16 21:06:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1154 [GMT -5:00]
Running from: C:\Documents and Settings\Greg\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\appklvkn.ini2
C:\WINDOWS\system32\appklvkn.ini2
C:\WINDOWS\system32\appklvkn.tmp
C:\WINDOWS\system32\appklvkn.tmp
C:\WINDOWS\system32\bvmiprrp.dll
C:\WINDOWS\system32\ckobdtqj.dll
C:\WINDOWS\system32\coheoptt.ini
C:\WINDOWS\system32\cysgcnwv.ini
C:\WINDOWS\system32\dnvywlny.dll
C:\WINDOWS\system32\epvmrslf.dll
C:\WINDOWS\system32\flsrmvpe.tmp
C:\WINDOWS\system32\gsvbapmx.dll
C:\WINDOWS\system32\jnijcbqj.ini
C:\WINDOWS\system32\jqbcjinj.dll
C:\WINDOWS\system32\jqtdbokc.ini
C:\WINDOWS\system32\knnnn.bak1
C:\WINDOWS\system32\knnnn.bak1
C:\WINDOWS\system32\knnnn.bak1
C:\WINDOWS\system32\knnnn.bak2
C:\WINDOWS\system32\knnnn.bak2
C:\WINDOWS\system32\knnnn.bak2
C:\WINDOWS\system32\knnnn.ini
C:\WINDOWS\system32\knnnn.ini
C:\WINDOWS\system32\knnnn.ini
C:\WINDOWS\system32\knnnn.ini2
C:\WINDOWS\system32\knnnn.ini2
C:\WINDOWS\system32\knnnn.ini2
C:\WINDOWS\system32\knnnn.tmp
C:\WINDOWS\system32\knnnn.tmp
C:\WINDOWS\system32\knnnn.tmp
C:\WINDOWS\system32\kqdryirf.dll
C:\WINDOWS\system32\njtivtgo.dll
C:\WINDOWS\system32\nkvlkppa.dll
C:\WINDOWS\system32\nnnnk.dll
C:\WINDOWS\system32\ogtvitjn.ini
C:\WINDOWS\system32\ojgtjgdx.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\prrpimvb.ini
C:\WINDOWS\system32\rmubcphu.dll
C:\WINDOWS\system32\rolvhfpy.ini
C:\WINDOWS\system32\ttpoehoc.dll
C:\WINDOWS\system32\uhpcbumr.ini
C:\WINDOWS\system32\vwncgsyc.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xdgjtgjo.dll
C:\WINDOWS\system32\xmpabvsg.ini
C:\WINDOWS\system32\xwjxmxcd.exe
C:\WINDOWS\system32\ynlwyvnd.ini
C:\WINDOWS\system32\ypfhvlor.dll
C:\WINDOWS\system32\yrsecgwj.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-16 20:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 09:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-13 08:33 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-12 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 21:06 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-08 20:40 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\Grisoft
2007-10-08 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-08 20:39 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-03 22:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-03 22:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-03 22:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-09-29 15:33 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-09-29 15:33 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-09-29 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-09-29 15:18 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-09-29 15:18 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-09-29 15:18 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-09-29 15:17 <DIR> d-------- C:\Program Files\Webroot
2007-09-29 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-09-29 15:16 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\Webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 23:53 --------- d-----w C:\Program Files\PeerGuardian2
2007-10-13 13:35 --------- d-----w C:\Program Files\Java
2007-10-12 23:47 --------- d-----w C:\Documents and Settings\Greg\Application Data\uTorrent
2007-10-10 01:24 --------- d-----w C:\Documents and Settings\Greg\Application Data\AdobeUM
2007-10-01 03:54 --------- d-----w C:\Program Files\LexmarkX83
2007-09-29 20:32 164 ----a-w C:\install.dat
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-31 04:56 --------- d-----w C:\Program Files\GrabIt
2007-08-01 03:06 57,344 ----a-w C:\Documents and Settings\Greg\iSetupNI.dll
2001-06-20 22:19 40,960 ----a-w C:\Program Files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuvsq]
tuvuvsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin PCMCIA WLAN Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin PCMCIA WLAN Monitor.lnk
backup=C:\WINDOWS\pss\Belkin PCMCIA WLAN Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\Greg\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"C:\Program Files\BroadJump\Client Foundation\CFD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
"C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\nbj.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N99M3108]
"C:\DOCUME~1\Greg\LOCALS~1\Temp\winaspsnet.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
"C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
"C:\Program Files\PeerGuardian2\pg2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\bvmiprrp.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"C:\Program Files\Microsoft Works\wkfud.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"Omniquad MyPrivacy"=2 (0x2)
"NSCService"=3 (0x3)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"GBPoll"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\system32\Drivers\usbscan.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R3 Ich;Ich;C:\WINDOWS\system32\DRIVERS\Ich.sys
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys
S3 ousb2hub;OrangeWare USB 2.0 Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 PCMCIABKPCMXP;Belkin 11Mbps Wireless Notebook Network Adapter;C:\WINDOWS\system32\DRIVERS\bkpcmxp.sys
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1abcc961-e6b3-11db-9bfc-00065bbaff0e}]
AutoRun\command - E:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 01:21:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-15 01:00:05 C:\WINDOWS\Tasks\wrSpySweeper_LC82C3849C14342B5B70A95B5A8BF8625.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 21:20:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-16 21:24:18 - machine was rebooted
.
--- E O F ---
gwjunk
2007-10-17, 04:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:25 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Greg\Desktop\gwjunk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 87.237.58.28:3128
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.rr.com"); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102048806690
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: tuvuvsq - tuvuvsq.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6275 bytes
Shaba
2007-10-17, 10:52
Hi

Looking much better :)

Have you previously uninstalled Norton?

I ask because practically all of its services have been disabled by msconfig.
gwjunk
2007-10-17, 14:21
Yes, but that was over 6 months ago. For some reason it was interfering with most of my Microsoft programs. It would take over 5 minutes to open any of it's programs.

Since then, I've installed Webroot's SpySweeper and Avast's antivirus. If you have a better recommendation, I would appreciate the input.

Again, thank you for your help. My computer is starting to run better.

GW
Shaba
2007-10-17, 14:30
Hi

Ok, but it wasn't 100% removed.

Follow these (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=bar_sch_nam&docid=2004092711224136&nsf=nip.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=&seg=ag)
instructions first.

After that:

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuvsq]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=-
"Speed Disk service"=-
"SPBBCSvc"=-
"SNDSrvc"=-
"SAVScan"=-
"NSCService"=-
"NProtectService"=-
"NPFMntor"=-
"navapsvc"=-
"LiveUpdate"=-
"ccSetMgr"=-
"ccEvtMgr"=-
"Automatic LiveUpdate Scheduler"=-

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)

Re-run combofix.


Post:

- a fresh HijackThis log
- combofix report
gwjunk
2007-10-18, 04:38
Followed your instructions in the last post. The ComboFix log is below and the HJT logs will be in the next post.

GW

ComboFix 07-10-16.1 - Greg 2007-10-17 21:00:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1145 [GMT -5:00]
Running from: C:\Documents and Settings\Greg\Desktop\ComboFix.exe

((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-16 20:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 09:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-13 08:33 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-12 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 21:06 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-08 20:40 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\Grisoft
2007-10-08 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-08 20:39 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-03 22:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-09-29 15:33 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-09-29 15:33 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-09-29 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-09-29 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-09-29 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-09-29 15:18 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-09-29 15:18 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-09-29 15:18 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-09-29 15:17 <DIR> d-------- C:\Program Files\Webroot
2007-09-29 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-09-29 15:16 <DIR> d-------- C:\Documents and Settings\Greg\Application Data\Webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 23:53 --------- d-----w C:\Program Files\PeerGuardian2
2007-10-13 13:35 --------- d-----w C:\Program Files\Java
2007-10-12 23:47 --------- d-----w C:\Documents and Settings\Greg\Application Data\uTorrent
2007-10-10 01:24 --------- d-----w C:\Documents and Settings\Greg\Application Data\AdobeUM
2007-10-01 03:54 --------- d-----w C:\Program Files\LexmarkX83
2007-09-29 20:32 164 ----a-w C:\install.dat
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-31 04:56 --------- d-----w C:\Program Files\GrabIt
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-01 03:06 57,344 ----a-w C:\Documents and Settings\Greg\iSetupNI.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2001-06-20 22:19 40,960 ----a-w C:\Program Files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-16_21.22.57.99 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-18 01:54:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 10:25]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 12:42]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin PCMCIA WLAN Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin PCMCIA WLAN Monitor.lnk
backup=C:\WINDOWS\pss\Belkin PCMCIA WLAN Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\Greg\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
"C:\Program Files\BroadJump\Client Foundation\CFD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
"C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\nbj.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N99M3108]
"C:\DOCUME~1\Greg\LOCALS~1\Temp\winaspsnet.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks]
"C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
"C:\Program Files\PeerGuardian2\pg2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\bvmiprrp.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"C:\Program Files\Microsoft Works\wkfud.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"Omniquad MyPrivacy"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"GBPoll"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\system32\Drivers\usbscan.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R3 Ich;Ich;C:\WINDOWS\system32\DRIVERS\Ich.sys
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys
S3 ousb2hub;OrangeWare USB 2.0 Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 PCMCIABKPCMXP;Belkin 11Mbps Wireless Notebook Network Adapter;C:\WINDOWS\system32\DRIVERS\bkpcmxp.sys
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1abcc961-e6b3-11db-9bfc-00065bbaff0e}]
AutoRun\command - E:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 07:09:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-10-15 01:00:05 C:\WINDOWS\Tasks\wrSpySweeper_LC82C3849C14342B5B70A95B5A8BF8625.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 21:26:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\runtime2]

.
Completion time: 2007-10-17 21:29:17
C:\ComboFix2.txt ... 2007-10-16 21:24
.
--- E O F ---
gwjunk
2007-10-18, 04:39
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:32 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Greg\Desktop\gwjunk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 87.237.58.28:3128
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.rr.com"); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102048806690
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6934 bytes
Shaba
2007-10-18, 10:25
Hi

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
gwjunk
2007-10-19, 06:00
Here you go. Kaspersky Log in next post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:54 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Greg\Desktop\gwjunk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 87.237.58.28:3128
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.rr.com"); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\GREG\Application Data\Mozilla\Profiles\default\n61r3hpz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102048806690
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6900 bytes
gwjunk
2007-10-19, 06:13
To get the Kaspersky file to fit on this post I abbreviated some items.
Doc...Set... = Documents and Settings
Obj. is locked = Object is locked
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 18, 2007 10:50:26 PM
Operating System: MS Windows XP Home Ed., SP 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus DB last update: 19/10/2007
Kaspersky Anti-Virus DB records: 439214
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 52469
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:18:50

Infected Object Name / Virus Name / Last Action
C:\Doc...Set...\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Obj. is locked skipped
C:\Doc...Set...\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Obj. is locked skipped
C:\Doc...Set...\Greg\Application Data\Webroot\Spy Sweeper\Logs\071018191453.ses Obj. is locked skipped
C:\Doc...Set...\Greg\Cookies\index.dat Obj. is locked skipped
C:\Doc...Set...\Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Obj. is locked skipped
C:\Doc...Set...\Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Obj. is locked skipped
C:\Doc...Set...\Greg\Local Settings\History\History.IE5\index.dat Obj. is locked skipped
C:\Doc...Set...\Greg\Local Settings\History\History.IE5\MSHist012007101820071019\index.dat Obj. is locked skipped
C:\Doc...Set...\Greg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Obj. is locked skipped
C:\Doc...Set...\Greg\NTUSER.DAT Obj. is locked skipped
C:\Doc...Set...\Greg\ntuser.dat.LOG Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS039D21BB-A963-4CE3-8448-49E957A147B3.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS060EAA77-DDBA-4C99-9ADD-AB9AB5447C17.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS070C7E14-604D-49D3-97A0-5E54324B4756.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS07DF8282-30FC-4D4B-9CDA-C3988D2B66ED.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0D30840E-AF76-4E36-AEF0-F1716069B613.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0DA58CE1-4C1D-44CD-866D-7061540BCF4A.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0F96D134-49C0-4AEA-BC7E-F942B5118CE0.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS167F737D-7AFF-41B1-BAD3-3A3B5A3E1DEA.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS196763C4-3F57-4253-A4D2-4D6449E4104D.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D31ADB8-A704-4612-BBC0-3BF2363D46FE.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1F01791E-9869-4437-BB88-C684184B7D7B.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS21677260-245E-43C7-B76F-CBC505BE5C2C.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS234EC93D-B62C-4039-9C23-9B427AFF569C.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2584FEE9-E7DF-4D8E-BC0D-609C9D717713.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2663CBC1-4C91-422B-BD5B-53E027C0D12B.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2A8A150F-F5F6-48A4-9245-48B1DDB66DF8.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS322B9B12-91AD-4A71-8246-28601A03C270.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS32C8852E-630D-4DE2-9E3A-059AFD8F1AFB.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3588EF5A-D2A8-4158-A839-4CB8ABA60E9F.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3AF1B981-A04A-4D85-8D49-2DC65E399A59.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3FE1CDB2-4037-4596-8184-A596FCD18997.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS425F173E-DE66-4851-9A6F-85BB6C81E2B7.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS44432E72-C34C-42A7-9D0A-EDA565158606.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS44BF293D-CCE0-4EA6-8F23-B2DB8AD5F52F.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS465431A4-9DFB-4D8A-94D6-A20C6CB99EB1.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4A012F93-E82A-4A82-81B3-8B2F6A31822E.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4C3722EA-AD8B-454A-BE39-DADFF474890F.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4C54C5B6-2F4B-401C-82F1-95E646ABC55E.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4E69FE6C-89F2-425F-BF2F-E492CF948A63.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS56655EF0-9045-43C7-A067-028205271976.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5CFE6024-BCB5-447F-9B85-DE504B7FDFEA.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5D9319E2-B496-47E0-8EA5-355CEC350E43.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS62D518E0-8D64-400A-A0FB-A1A245961CC2.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS65B2876C-6E93-4136-8694-29B7772614B0.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67F6F935-CE08-48B8-BF0D-CB20A592F1C6.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6C3C419B-E3A9-4289-8685-F7DF2DA1DF88.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D5856B4-FD49-49CD-A924-686175A7C051.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6F72B032-F19A-4CF9-A208-18FABEB1CD58.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS802B577D-9753-4496-AF18-0A6ACC08652E.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS809D0ACC-5E48-4B12-83F7-72D5B47477AD.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS83C502B8-32D5-42CA-AA3C-4F0B752DF124.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS842BAEE0-38B2-4D19-A230-54E9D865CB6A.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8C0778C5-6ECF-4536-B260-F98AB16F9EB1.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8CDC8D37-3012-4EDE-8A94-852528BAE8BA.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9114ACDF-5CEA-4D07-8B20-C4B53857F0A4.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS963203C8-36C5-42D4-AE65-0A345FCBF4C2.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS98592031-2CB6-47D1-B9BD-E1DC94BC79D0.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS99B41ECF-F8EC-4228-B2BF-28DE1D392E57.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9B0A98EE-53D5-4CC6-B393-1BDAC2668131.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9CEB5C2D-1BC6-446C-A50B-A77BEA4BE4BC.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9FB5252E-BF09-4DAF-88FA-8E68F25E52C6.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA74C1EE7-5256-42DD-9608-61EF1C00456F.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA76A040B-263D-41F0-A0B9-510AD6EAD4BC.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSACD12213-FDC8-4238-B270-5A8C6A0B4388.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAF21D4B1-A064-45B1-BA90-BB158C2F8AF4.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB0661E4F-33AF-4D5D-9262-93407F159AE2.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB40695E5-3AE4-4CD4-9FCE-3426300ADA34.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB8676134-7692-455C-9920-C31DFAB557C1.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBC37BE24-5D5D-479F-8B56-5F971FFCEFA5.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBE35C18B-5F7B-4427-97D3-D4267B59A14F.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFE1B316-84F4-43A2-B4CE-EFE8D911E597.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFF6B10B-04BD-4843-9F46-834B5F66B560.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC079CC02-02C8-4A75-AB44-E8A68DA128CF.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC3A3E971-6EF4-45DA-A65D-AF3E67E9EFA7.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC4CB747D-4C81-4DB4-A794-E214CF4C1F28.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC5718033-20F7-4693-9047-270AE40A1F12.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC6A7B5DF-4F02-4346-80C7-94CA327C13FC.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC78ABA8E-1148-47D7-A9BC-44F215884147.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCAEB8C8F-ED92-4A68-BDA1-9AE2DA0F6358.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD47AB426-A1DA-4C61-AAAE-6109E3B1F1E5.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD56EAE7D-CF62-41A9-B442-5596D464F7D5.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5F64D58-A333-49D4-A9A4-B773F05F0FD2.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD636761C-2FDF-46BA-83F6-787ADB597D27.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC8E5F98-B1A1-4FDA-AC48-0FA0E2539B59.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDDC5734C-48AC-4DD4-8F32-1096C609DC77.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDFA6E37F-D2BD-4D51-A9FC-E493343C603E.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE31A470F-81AC-4D33-B9CA-E685E1B1C136.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE67972C6-FFEA-4763-B7B5-237EB0983141.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE89F6054-B8EE-4F8A-9415-FF0BFF1267E7.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEBFF1808-C1B8-4500-A2C5-2A958677C1F5.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEEB322C9-D65B-4002-970B-5A4971467478.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFDBBF79-FDF4-439D-A17B-25179FD97B96.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF0D93949-E574-4B94-9702-C59BD5848D4F.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF617AA68-FBC3-4A7B-996B-C11FB24C9ED9.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF71C5DDC-8548-4590-A7B0-A8D94070DF30.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFA22CCB0-C310-495E-A9FF-03B32A2EECB7.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFB44D3D9-0291-412B-B8B2-6BC041EC141F.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFE0B9D8E-72C4-4225-8167-44071D9D963D.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFEFC7C86-1BBB-4196-8723-DAD4DB90D83B.tmp Obj. is locked skipped
C:\Doc...Set...\LocalService\Cookies\index.dat Obj. is locked skipped
C:\Doc...Set...\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Obj. is locked skipped
C:\Doc...Set...\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Obj. is locked skipped
C:\Doc...Set...\LocalService\Local Settings\History\History.IE5\index.dat Obj. is locked skipped
C:\Doc...Set...\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Obj. is locked skipped
C:\Doc...Set...\LocalService\NTUSER.DAT Obj. is locked skipped
C:\Doc...Set...\LocalService\ntuser.dat.LOG Obj. is locked skipped
C:\Doc...Set...\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Obj. is locked skipped
C:\Doc...Set...\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Obj. is locked skipped
C:\Doc...Set...\NetworkService\NTUSER.DAT Obj. is locked skipped
C:\Doc...Set...\NetworkService\ntuser.dat.LOG Obj. is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Obj. is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Obj. is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Obj. is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Obj. is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Obj. is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Obj. is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Obj. is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Obj. is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Obj. is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Obj. is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\epvmrslf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nkvlkppa.dll.vir Infected: Trojan.Win32.Pakes.sc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rmubcphu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ttpoehoc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xwjxmxcd.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Obj. is locked skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000075.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000079.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000084.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000085.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000086.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP4\change.log Obj. is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Obj. is locked skipped
C:\WINDOWS\SchedLgU.Txt Obj. is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Obj. is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Obj. is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Obj. is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Obj. is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Obj. is locked skipped
C:\WINDOWS\system32\config\default Obj. is locked skipped
C:\WINDOWS\system32\config\default.LOG Obj. is locked skipped
C:\WINDOWS\system32\config\Internet.evt Obj. is locked skipped
C:\WINDOWS\system32\config\SAM Obj. is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Obj. is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Obj. is locked skipped
C:\WINDOWS\system32\config\SECURITY Obj. is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Obj. is locked skipped
C:\WINDOWS\system32\config\software Obj. is locked skipped
C:\WINDOWS\system32\config\software.LOG Obj. is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Obj. is locked skipped
C:\WINDOWS\system32\config\system Obj. is locked skipped
C:\WINDOWS\system32\config\system.LOG Obj. is locked skipped
C:\WINDOWS\system32\h323log.txt Obj. is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Obj. is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Obj. is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Obj. is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Obj. is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Obj. is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Obj. is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Obj. is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Obj. is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat Obj. is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Obj. is locked skipped
C:\WINDOWS\WindowsUpdate.log Obj. is locked skipped

Scan process completed.
Shaba
2007-10-19, 10:36
Hi

Empty this folder:

C:\qoobox\Quarantine\

Empty Recycle Bin

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
gwjunk
2007-10-20, 23:12
I deleted the files and I'm testing out my system this weekend.

I have done some preliminary virus/spyware scans and found some still. I'll let you know in the next day or two how it is going.

Thank you,

GW
Shaba
2007-10-21, 11:13
Hi

Ok, let me know :)
Shaba
2007-10-28, 10:51
gwjunk?
gwjunk
2007-10-29, 05:49
Hi Shaba,

I've been testing out my system for the last week. It seems to be running better but it still has some lingering problems. It still has some various malware items that show up in various scans. Attached are the latest Kaspersky and Hijack logs.

Again, I appreciate all the help you have given so far.

Thank you,

GW

---------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 28, 2007 11:31:43 PM
Operating System: Microsoft Windows XP Home Ed., SP2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/10/2007
Kaspersky Anti-Virus database records: 447756
---------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 53375
Number of viruses found: 4
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 01:21:54

Obj/Locked = Object is locked

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Obj/Lock skipped
C:\ " \All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Obj/Lock skipped
C:\ " \Greg\Application Data\Webroot\Spy Sweeper\Logs\071028112030.ses Obj/Lock skipped
C:\ " \Greg\Cookies\index.dat Obj/Lock skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe NSIS: infected - 4 skipped
C:\ " \Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Obj/Lock skipped
C:\ " \Greg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Obj/Lock skipped
C:\ " \Greg\Local Settings\History\History.IE5\index.dat Obj/Lock skipped
C:\ " \Greg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Obj/Lock skipped
C:\ " \Greg\NTUSER.DAT Obj/Lock skipped
C:\ " \Greg\ntuser.dat.LOG Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS039F94B2-7088-4EF0-A73B-7DADC185594A.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS07C62954-7417-4B52-8884-367613E7D12B.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS085B4323-B63E-4BAD-A91A-CAC509D7AC8C.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0BAA1680-AD59-47CB-A9D1-EE900922B3AF.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0C27B22D-FC7F-478B-9EE2-816A0E0D9BE0.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0D8617DD-9629-4AB7-98E7-83B427DB97B2.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS111A7CAF-CE8A-4980-BAA3-AEE8D35173BF.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS12D7B109-AA58-442C-91BD-904D364DE1E8.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS161AD031-0099-4C89-B6F0-FA8AA865ED3C.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1F526DC0-F8BC-400C-B473-45E13FB1CD2C.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS246574AB-9102-4C19-83A0-D7AE551749A2.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS25937003-3290-48F1-9240-9186CB19DD5B.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS26BD6BA7-6496-4BBC-8F22-037923FCB7A5.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2C8632D8-8A2E-41E9-B77F-BA66FF8FDFA6.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E214582-2B94-41A2-9D6C-71A048346E7A.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS34905C70-2417-41A1-AFC0-2C88C43F716F.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3511B6BB-4856-4C46-A551-A157C317A435.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS39595B8F-8208-4655-B49D-6A4D19699724.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3B666C47-4F07-493F-A925-31C5366C0615.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3E6BDF0F-14CC-45CD-A011-F95F81FB7D95.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40263562-E922-4DBC-AB6B-E477E23275FC.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS425E542E-5CE1-4524-A259-F1AE00E3B660.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS49FB966F-67C4-46E1-B1A0-B653C61A6916.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4B2A6D54-C6E6-4417-8B94-8D8EC56796F0.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4F91B085-DF25-4767-9AF3-530EDEF9EF76.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5337F9E4-B447-46C9-B590-F4F572C34B2B.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS55F076FA-F8A5-4149-997E-0315872C127E.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS56481F37-53BC-42F2-8A94-5CFD7EE64E99.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5933DCDC-9889-425E-BF14-D15C8F956842.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS599DC475-3B1F-41C0-BB74-4538B1B551CC.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS63BB3E32-CCFE-4B91-863E-82D08666CBF5.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS64488E86-3889-4962-B929-165774DE5DB7.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6515A712-07CD-4497-AFAF-93F565A7AAFE.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS66E17010-9112-4C24-B896-6AC4E201850E.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67EB2708-57E5-4D5C-97A7-DC1453DD4AA9.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6A32E06A-5358-4288-A63D-01CF68061C00.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS70FAD79C-0286-48C3-B0F5-95DE51669AF8.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS76B31F48-B761-4507-BE65-4A18378B4A2D.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7927AEA5-2329-418D-92D8-10303891E1B6.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS79FCBED3-C461-47B4-8983-15A4762DA341.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7A34FF4E-B900-4906-9D1E-E2CA87A2876C.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7EE63CAC-881A-452F-B470-D08BEDCD3A27.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS801352C0-EA35-46B8-AC67-72FDE8B1B0E1.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS82B0ECF8-63D1-4574-B71B-E55CAB5EAF6C.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS84FDA447-D4C2-45F4-A2C8-5B5758BD70DA.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS85CFEC9B-CB51-44A4-BE34-4FAA58A2C58A.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86B3C182-1103-4618-A73B-CD8DA4B4E0B1.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9033DD88-23C2-4881-9207-92749AD92742.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9145443E-8A04-4DF9-8E45-82576D0F52E6.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS938DD9EB-8EDF-4620-BEBE-BB6833B70D96.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS93C4596E-DB36-4A00-9DE1-C4F6E6C41E18.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS94AE52B6-578B-4928-8480-6AC32A58CE72.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9778B845-32FE-4F16-ADAC-A3FFEA42CF62.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS978BD075-C241-4A20-9CA4-0DDE140E0702.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D4FF134-41BF-469E-B2F7-8358DD7EA021.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9FB6AA72-3956-4397-B049-87C4100C86F1.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA9B42BB1-EC3C-40AF-8EEA-2D9AD85EB997.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAA7E2FF1-EA47-485D-86DA-F5A9EE3132DC.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAC1E8A40-9351-4F45-BC6E-E2E4A887BEA0.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAE38B91E-8ED3-45B4-8D7F-D4F28D617A4B.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB2AE8896-8019-41B5-AFC0-03C2917EE9D1.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB51CEB8F-74C0-4D7B-BC9F-5C5BA1C69F95.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB5387A5D-2690-418F-A98D-6C71997F5A6F.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB639ED4C-6C3C-4E41-9CE7-11F45B7447EB.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC0B2AEC9-4FE8-422F-B4E4-96DB3B3F9886.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC6346C84-11E3-4490-A6F7-A3C2DEBB8FB3.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC6EC1812-F8D1-43B8-AD08-9EC4EE93007C.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC7FCD7D3-FD76-476F-B434-EB22A1941694.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC84AF1A7-04CD-4045-AA2F-AC4220E27E9A.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA49200C-DBC4-4EB6-B2B2-738942735314.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCC2BB81B-DA8C-4211-B139-DD12B999A9FC.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF8749BD-D432-4A81-95AE-30D52A0E7DDB.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD33A345F-6B23-4373-8AE1-85F47CB0088B.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD4F3FC27-777A-43B0-B750-EBB471E1F527.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5366853-5D8B-4BBA-B628-F5E6D03D05EF.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5389D43-59AC-4C76-AD7B-00BA3E3491D8.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD597E9CB-464D-40DC-B55E-0573EAE27D4A.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDE9C7F6F-D674-41C8-81FC-93614B41903C.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE033D389-441D-4208-A333-C0B41C297293.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE0A9B4BA-FAD8-4E7E-8D49-F988CDC1A346.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEAA72A39-E600-4052-A265-E0D5A10959C2.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEEB99938-6B5C-4263-9884-F78C56E9CC11.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEF2D82D5-5E18-4636-86ED-1AEEB803F194.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF00B6899-9583-4D1C-98E8-3178AF1F7D85.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF272469C-06DA-44C1-93A5-A8FDD7B9CB6B.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF459C7C6-FC80-4856-971B-C47F583D7261.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF8F1357B-D114-4E34-B98D-2B9E5896A6ED.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFB27D8B2-D725-4427-BB60-A829F3DA9A0B.tmp Obj/Lock skipped
C:\ " \LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFF72A50F-7FE1-4239-A0C0-D01163D9B604.tmp Obj/Lock skipped
C:\ " \LocalService\Cookies\index.dat Obj/Lock skipped
C:\ " \LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Obj/Lock skipped
C:\ " \LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Obj/Lock skipped
C:\ " \LocalService\Local Settings\History\History.IE5\index.dat Obj/Lock skipped
C:\ " \LocalService\Local Settings\temp\Cookies\index.dat Obj/Lock skipped
C:\ " \LocalService\Local Settings\temp\History\History.IE5\index.dat Obj/Lock skipped
C:\ " \LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Obj/Lock skipped
C:\ " \LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Obj/Lock skipped
C:\ " \LocalService\NTUSER.DAT Obj/Lock skipped
C:\ " \LocalService\ntuser.dat.LOG Obj/Lock skipped
C:\ " \NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Obj/Lock skipped
C:\ " \NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Obj/Lock skipped
C:\ " \NetworkService\NTUSER.DAT Obj/Lock skipped
C:\ " \NetworkService\ntuser.dat.LOG Obj/Lock skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Obj/Lock skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Obj/Lock skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Obj/Lock skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Obj/Lock skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Obj/Lock skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Obj/Lock skipped
C:\Program Files\PeerGuardian2\history.db Obj/Lock skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Obj/Lock skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Obj/Lock skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Obj/Lock skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Obj/Lock skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Obj/Lock skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP14\change.log Obj/Lock skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000079.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000084.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000085.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000086.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\WINDOWS\Debug\PASSWD.LOG Obj/Lock skipped
C:\ " \SchedLgU.Txt Obj/Lock skipped
C:\ " \SoftwareDistribution\EventCache\{F01877B8-AAE9-4DB0-8EFE-08C28873C86A}.bin Obj/Lock skipped
C:\ " \SoftwareDistribution\ReportingEvents.log Obj/Lock skipped
C:\ " \system32\config\Antivirus.Evt Obj/Lock skipped
C:\ " \system32\config\AppEvent.Evt Obj/Lock skipped
C:\ " \system32\config\default Obj/Lock skipped
C:\ " \system32\config\default.LOG Obj/Lock skipped
C:\ " \system32\config\Internet.evt Obj/Lock skipped
C:\ " \system32\config\SAM Obj/Lock skipped
C:\ " \system32\config\SAM.LOG Obj/Lock skipped
C:\ " \system32\config\SecEvent.Evt Obj/Lock skipped
C:\ " \system32\config\SECURITY Obj/Lock skipped
C:\ " \system32\config\SECURITY.LOG Obj/Lock skipped
C:\ " \system32\config\software Obj/Lock skipped
C:\ " \system32\config\software.LOG Obj/Lock skipped
C:\ " \system32\config\SysEvent.Evt Obj/Lock skipped
C:\ " \system32\config\system Obj/Lock skipped
C:\ " \system32\config\system.LOG Obj/Lock skipped
C:\ " \system32\h323log.txt Obj/Lock skipped
C:\ " \system32\LogFiles\WUDF\WUDFTrace.etl Obj/Lock skipped
C:\ " \system32\wbem\Repository\FS\INDEX.BTR Obj/Lock skipped
C:\ " \system32\wbem\Repository\FS\INDEX.MAP Obj/Lock skipped
C:\ " \system32\wbem\Repository\FS\MAPPING.VER Obj/Lock skipped
C:\ " \system32\wbem\Repository\FS\MAPPING1.MAP Obj/Lock skipped
C:\ " \system32\wbem\Repository\FS\MAPPING2.MAP Obj/Lock skipped
C:\ " \system32\wbem\Repository\FS\OBJECTS.DATA Obj/Lock skipped
C:\ " \system32\wbem\Repository\FS\OBJECTS.MAP Obj/Lock skipped
C:\ " \Temp\Perflib_Perfdata_4b0.dat Obj/Lock skipped
C:\ " \Temp\_avast4_\Webshlock.txt Obj/Lock skipped
C:\ " \WindowsUpdate.log Obj/Lock skipped

Scan process completed.
gwjunk
2007-10-29, 05:50
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:23 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Greg\Desktop\gwjunk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.bookmarks.file", "C:\\Documents and Settings\\Greg\\Application Data\\Mozilla\\Profiles\\default\\n61r3hpz.slt\\bookmarks.html");
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\GREG\\APPLICATION DATA\\Mozilla\\Profiles\\default\\n61r3hpz.slt");
user_pref("browser.download.dir", "E:\\Queen");
user_pref("browser.download.progressDnldDialog.keepAlive", false);
user_pref("browser.downloadmanager.behavior", 1);
user_pref("browser.history_expire_days", 0);
user_pref("browser.search.defaultengine", "")
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.bookmarks.file", "C:\\Documents and Settings\\Greg\\Application Data\\Mozilla\\Profiles\\default\\n61r3hpz.slt\\bookmarks.html");
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\GREG\\APPLICATION DATA\\Mozilla\\Profiles\\default\\n61r3hpz.slt");
user_pref("browser.download.dir", "E:\\Queen");
user_pref("browser.download.progressDnldDialog.keepAlive", false);
user_pref("browser.downloadmanager.behavior", 1);
user_pref("browser.history_expire_days", 0);
user_pref("browser.search.defaultengine", "")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [PCTV4Me] "C:\Program Files\PCTV4Me\pctv4me.exe" /hide
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102048806690
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8878 bytes
Shaba
2007-10-29, 10:03
Hi

Kaspersky findings are either no viruses at all

C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\ " \Greg\Desktop\Misc Computer Access Proxy Folder\mirc63.exe NSIS: infected - 4 skipped

or in system restore.

C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000079.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000084.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000085.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ace skipped
C:\System Volume Information\_restore{577EE6D5-F10F-45F5-B1AC-691ECAAFF2A5}\RP3\A0000086.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped

Any other problems?
Shaba
2007-11-05, 09:54
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.