View Full Version : possable vundo ???????
bronson3304
2008-01-23, 12:46
this is m first thread so please bare with me. i think i have the vundo virus. i run trend micro and ad aware and trend micro has quarantined a virus named b104.exe.bin and says its located windows/ thats all it says. i can't clean or delete the file. i have tried everything i can think of but nothing works. symptoms are explorer.exe closes then my computer freezes, also random popups.
any help would be appreciated, thanks
steamwiz
2008-01-24, 22:54
Please follow the directions here :-
http://forums.spybot.info/showthread.php?t=288
steam
bronson3304
2008-01-25, 10:02
i installed spybot and updated it but during the scan it pop ups an error message that says insert disk. and if i close it out it just comes back. and also i built m computer and for some reason there is no advanced o options in my boot menu so i don't know how to boot it in safe mode. the only time i seen that screen is after m computer crashed when i over clocked it. i will wait for a reply before i prosed with the rest of the beginning stuff.
thanks
steamwiz
2008-01-26, 03:16
Please post a hijackthis log
steam
bronson3304
2008-01-26, 08:30
i'm sorry but i don't know how to do that could you please tell me how.
steamwiz
2008-01-26, 20:33
Hi bronson3304
Please follow the directions here :-
http://forums.spybot.info/showthread.php?t=288
steam
bronson3304
2008-01-26, 22:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\HPZipm12.exe
I:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Trend Micro\BM\TMBMSRV.exe
I:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
I:\Program Files\Trend Micro\Internet Security\TmProxy.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
I:\Program Files\ASUS\PC Probe II\Probe2.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
I:\Program Files\AWS\WeatherBug\Weather.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\ASUS\AASP\1.00.17\aaCenter.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - I:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {1D6CF66A-65AF-0536-F0BE-60A3E4F8F099} - I:\WINDOWS\system32\mtqlus.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {631FFD69-69AA-0502-F0BE-60A3E4F8F099} - I:\WINDOWS\system32\mtqlus.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "I:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [E3E4E7E] EAEBE.exe
O4 - HKLM\..\Run: [AsusStartupHelp] I:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "I:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "I:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Weather] I:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196495825078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196495820781
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3318D-584A-4A77-B923-C7BFDFAE5272}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3318D-584A-4A77-B923-C7BFDFAE5272}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{71D3318D-584A-4A77-B923-C7BFDFAE5272}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - I:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - I:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - I:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - I:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 6628 bytes
steamwiz
2008-01-27, 00:18
Download Superantispyware.
http://www.superantispyware.com/
Once downloaded and installed update the definitions
and then run a full system scan quarantine what it finds!
* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
http://www.superantispyware.com/definitions.html
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
THEN ...
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Please remember to post :-
1. SUPERAntiSpyware Scan Log
2. C:\ComboFix.txt
3. a new hijackthis log.( run after everything else)
steam
bronson3304
2008-01-28, 07:21
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/27/2008 at 00:12 AM
Application Version : 3.9.1008
Core Rules Database Version : 3389
Trace Rules Database Version: 1383
Scan type : Complete Scan
Total Scan Time : 00:42:10
Memory items scanned : 463
Memory threats detected : 0
Registry items scanned : 5741
Registry threats detected : 11
File items scanned : 43473
File threats detected : 92
Adware.ContextHelper
HKLM\Software\Classes\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}#AppID
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\InprocServer32
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\InprocServer32#ThreadingModel
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\ProgID
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\Programmable
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\TypeLib
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\VersionIndependentProgID
I:\PROGRAM FILES\CONTEXTTOOL\CONTEXTTOOL-2.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
Adware.Tracking Cookie
I:\Documents and Settings\Scott Bronson\Cookies\scott_bronson@nextag[1].txt
I:\Documents and Settings\Scott Bronson\Cookies\scott bronson@tacoda[2].txt
I:\Documents and Settings\Scott Bronson\Cookies\scott bronson@doubleclick[1].txt
I:\Documents and Settings\Scott Bronson\Cookies\scott bronson@mediaplex[1].txt
I:\Documents and Settings\Scott Bronson\Cookies\scott bronson@atdmt[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie smith@ad.yieldmanager[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@247realmedia[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@2o7[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@5.go.globaladsales[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@a.websponsors[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@a.websponsors[3].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ad.yieldmanager[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@adecn[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@adinterax[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@adlegend[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads.adbrite[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads.addynamix[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads.glispa[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads.joinaxxess[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads.pointroll[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads.realtechnetwork[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads.revsci[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads2.blastro[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads3.blastro[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ads4.blastro[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@adserver.easyad[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@adserver6.teracent[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@advertising[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@advertising[3].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@anat.tacoda[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@atdmt[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@atdmt[3].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@atwola[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@azjmp[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@bs.serving-sys[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@burstnet[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@casalemedia[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@coolsavings[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@date.ventivmedia[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@doubleclick[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@e-2dj6wfliqkc5ihq.stats.esomniture[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ehg-verizon.hitbox[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@ehg.hitbox[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@gcc-00.googleadservices[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@interclick[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@jamster[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@login.tracking101[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@lynxtrack[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@media.adrevolver[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@media.adrevolver[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@media.adrevolver[3].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@media6degrees[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@mediaplex[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@partner2profit[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@partners.tattomedia[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@path.pureadstracking[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@precisionclick[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@pro-market[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@realmedia[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@reduxads.valuead[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@reduxads.valuead[3].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@revsci[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@richmedia.yahoo[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@roiservice[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@rotator.adjuggler[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@rotator.its.adjuggler[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@sales.liveperson[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@sales.liveperson[3].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@sales.liveperson[4].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@server.iad.liveperson[3].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@shopping.112.2o7[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@specificclick[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@stat.dealtime[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@statcounter[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@tacoda[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@trafficmp[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@tremor.adbureau[2].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@tremor.adbureau[3].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@tribalfusion[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@uclick[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@windowsmedia[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@www.burstbeacon[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@www.burstnet[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@zedo[1].txt
I:\Documents and Settings\Jackie Smith\Cookies\jackie_smith@zedo[3].txt
I:\Documents and Settings\Scott Bronson\Cookies\scott bronson@adlegend[1].txt
I:\Documents and Settings\Scott Bronson\Cookies\scott bronson@ads.bridgetrack[1].txt
I:\Documents and Settings\Scott Bronson\Cookies\scott bronson@windowsmedia[1].txt
I:\Documents and Settings\Scott Bronson\Local Settings\Temp\Cookies\scott_bronson@mediaplex[2].txt
Trojan.Downloader-AUPD
I:\DOCUMENTS AND SETTINGS\SCOTT BRONSON\LOCAL SETTINGS\TEMP\AUPD.EXE
Trojan.Downloader-Gen/Suspicious
I:\SYSTEM VOLUME INFORMATION\_RESTORE{CA8D7481-F847-4B2D-88D4-F6EB5E302DE6}\RP1\A0000120.EXE
bronson3304
2008-01-28, 07:28
ComboFix 08-01-23.1C - Scott Bronson 2008-01-27 0:22:31.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3091 [GMT -5:00]
Running from: I:\Documents and Settings\Scott Bronson\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.
2008-01-27 00:22 . 2000-08-31 08:00 51,200 --a------ I:\WINDOWS\Nircmd.exe
2008-01-26 23:25 . 2008-01-27 00:16 <DIR> d-------- I:\Program Files\SUPERAntiSpyware
2008-01-24 05:00 . 2008-01-26 23:16 23 --a------ I:\WINDOWS\BlendSettings.ini
2008-01-24 03:47 . 2008-01-25 05:35 <DIR> d-------- I:\Program Files\Bethesda Softworks
2008-01-24 03:34 . 2008-01-24 03:34 <DIR> d-------- I:\Program Files\PowerISO
2008-01-24 03:26 . 2008-01-24 03:26 <DIR> d-------- I:\Program Files\DAEMON Tools Lite
2008-01-24 03:24 . 2008-01-24 03:24 716,272 --a------ I:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 04:47 . 2003-03-31 07:00 13,463,552 --a--c--- I:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-23 04:46 . 2008-01-23 04:46 749 -rah----- I:\WINDOWS\WindowsShell.Manifest
2008-01-23 04:46 . 2008-01-23 04:46 749 -rah----- I:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-23 04:46 . 2008-01-23 04:46 749 -rah----- I:\WINDOWS\system32\sapi.cpl.manifest
2008-01-23 04:46 . 2008-01-23 04:46 749 -rah----- I:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-23 04:46 . 2008-01-23 04:46 488 -rah----- I:\WINDOWS\system32\logonui.exe.manifest
2008-01-23 04:35 . 2003-03-31 07:00 24,661 --a------ I:\WINDOWS\system32\spxcoins.dll
2008-01-23 04:35 . 2003-03-31 07:00 24,661 --a--c--- I:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-23 04:35 . 2003-03-31 07:00 13,312 --a------ I:\WINDOWS\system32\irclass.dll
2008-01-23 04:35 . 2003-03-31 07:00 13,312 --a--c--- I:\WINDOWS\system32\dllcache\irclass.dll
2008-01-23 04:27 . 2007-11-30 03:45 210 ---hs---- I:\BOOT.BAK
2008-01-23 01:39 . 2004-02-27 00:00 962,612 --a------ I:\WINDOWS\system32\mfc42d.dll
2008-01-23 01:39 . 2004-02-17 00:00 434,252 --a------ I:\WINDOWS\system32\MSVCRTD.DLL
2008-01-23 01:19 . 2008-01-23 01:39 <DIR> d-------- I:\Program Files\ASUS
2008-01-23 01:19 . 2006-01-10 03:50 24,576 -ra------ I:\WINDOWS\system32\AsIO.dll
2008-01-23 01:19 . 2006-10-18 14:12 12,664 -ra------ I:\WINDOWS\system32\drivers\AsIO.sys
2008-01-23 01:19 . 2006-10-19 03:11 12,096 --a------ I:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-01-23 01:19 . 2006-10-19 03:11 10,304 --a------ I:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-01-21 14:45 . 2008-01-21 14:45 <DIR> d-------- I:\Program Files\Lavasoft
2008-01-21 14:45 . 2008-01-26 23:25 <DIR> d-------- I:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 17:44 . 2008-01-20 17:44 <DIR> d-------- I:\Program Files\7-Zip
2008-01-20 02:07 . 2008-01-20 02:07 33,292 --a------ I:\WINDOWS\system32\drivers\scdemu.sys
2008-01-18 06:12 . 2008-01-18 06:12 <DIR> d-------- I:\WINDOWS\system32\93949
2008-01-18 02:41 . 2008-01-20 17:52 <DIR> d-------- I:\Program Files\SlySoft
2008-01-17 21:51 . 2008-01-17 21:51 <DIR> d-------- I:\Program Files\Yahoo! Games
2008-01-17 13:49 . 2008-01-17 13:49 <DIR> d-------- I:\WINDOWS\system32\embedded
2008-01-17 13:49 . 2008-01-17 13:49 <DIR> d-------- I:\Program Files\DVDIdle Pro
2008-01-17 04:32 . 2008-01-17 04:32 <DIR> d-------- I:\Program Files\uTorrent
2008-01-17 02:34 . 2086-01-17 03:14 <DIR> d-------- I:\Program Files\Dot1XCfg
2008-01-17 02:32 . 2008-01-17 02:32 24 ---hs---- I:\WINDOWS\S961A9559.tmp
2008-01-10 18:55 . 2008-01-10 18:55 97,216 --a------ I:\WINDOWS\system32\drivers\AnyDVD.sys
2008-01-10 12:33 . 2008-01-24 03:12 <DIR> d-------- I:\THE_BOURNE_ULTIMATUM
2008-01-05 16:50 . 2008-01-05 16:50 28 --a------ I:\WINDOWS\DVDFabGold.INI
2008-01-05 13:14 . 2008-01-16 12:59 <DIR> d-------- I:\DVDFabPlatinum_Temp
2008-01-05 13:12 . 2008-01-05 13:14 <DIR> d-------- I:\Program Files\DVDFab Platinum
2008-01-02 17:42 . 2008-01-17 04:57 <DIR> d-------- I:\Program Files\DVDFab Platinum 4
2007-12-30 12:20 . 2008-01-05 14:09 <DIR> d-------- I:\delete me
2007-12-29 16:02 . 2007-12-29 16:02 <DIR> d-------- I:\Program Files\DVD Shrink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:28 --------- d-----w I:\Program Files\Trend Micro
2008-01-24 08:47 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-01-23 06:18 --------- d-----w I:\Program Files\Common Files\InstallShield
2008-01-02 22:42 47,360 ----a-w I:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-31 22:50 --------- d-----w I:\Program Files\Common Files\Ahead
2007-12-30 06:50 --------- d-----w I:\Program Files\Google
2007-12-29 20:56 --------- d-----w I:\Program Files\Common Files\Ulead Systems
2007-12-25 21:12 --------- d-----w I:\Program Files\Verizon Wireless
2007-12-24 02:22 --------- d-----w I:\Program Files\Windows Installer Clean Up
2007-12-24 02:22 --------- d-----w I:\Program Files\MSECACHE
2007-12-24 01:50 --------- d-----w I:\Program Files\QuickTime
2007-12-23 22:34 --------- d-----w I:\Program Files\iTunes
2007-12-23 22:34 --------- d-----w I:\Program Files\iPod
2007-12-23 22:32 --------- d-----w I:\Program Files\Common Files\Apple
2007-12-23 22:32 --------- d-----w I:\Program Files\Apple Software Update
2007-12-14 16:32 12,632 ----a-w I:\WINDOWS\system32\lsdelete.exe
2007-12-11 02:29 --------- d-----w I:\Program Files\Yahoo!
2007-12-11 02:07 --------- d-----w I:\Program Files\Common Files\Scanner
2007-12-09 05:07 --------- d-----w I:\Program Files\AWS
2007-12-09 05:05 --------- d-----w I:\Program Files\WeatherMan
2007-12-04 01:03 --------- d-----w I:\Program Files\C-Media 6501 Sound
2007-12-03 02:39 --------- d-----w I:\Program Files\LimeWire
2007-12-02 23:39 --------- d-----w I:\Program Files\Microsoft Games
2007-12-02 23:36 --------- d-----w I:\Program Files\Hasbro Interactive
2007-12-02 04:46 --------- d-----w I:\Program Files\Opera
2007-12-02 02:50 --------- d-----w I:\Program Files\The Weather Exchange Installer
2007-12-02 00:15 --------- d-----w I:\Program Files\Essentials Codec Pack
2007-12-01 23:57 --------- d-----w I:\Program Files\Nero
2007-12-01 21:31 --------- d-----w I:\Program Files\DivX
2007-12-01 21:12 --------- d-----w I:\Program Files\Windows Media Connect 2
2007-12-01 18:36 --------- d-----w I:\Program Files\Common Files\HP
2007-12-01 09:23 --------- d-----w I:\Program Files\Java
2007-12-01 09:10 --------- d-----w I:\Program Files\Common Files\Java
2007-12-01 08:26 --------- d-----w I:\Program Files\MSXML 4.0
2007-11-30 17:53 --------- d-----w I:\Program Files\Microsoft Works
2007-11-30 17:43 --------- d-----w I:\Program Files\HP
2007-11-30 17:43 --------- d-----w I:\Program Files\Hewlett-Packard
2007-11-30 17:42 --------- d-----w I:\Program Files\Common Files\Hewlett-Packard
2007-11-30 17:34 --------- d-----w I:\Program Files\Ulead Systems
2007-11-30 17:07 --------- d-----w I:\Program Files\DIFX
2007-11-30 17:00 --------- d--h--w I:\Program Files\Uninstall Information
2007-11-30 16:56 --------- d-----w I:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D6CF66A-65AF-0536-F0BE-60A3E4F8F099}]
I:\WINDOWS\system32\mtqlus.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631FFD69-69AA-0502-F0BE-60A3E4F8F099}]
I:\WINDOWS\system32\mtqlus.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"OE"="I:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-01-23 02:25 488712]
"Weather"="I:\Program Files\AWS\WeatherBug\Weather.exe" [2008-01-23 02:25 1347584]
"MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SUPERAntiSpyware"="I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2007-06-28 11:43 8466432]
"UfSeAgnt.exe"="I:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-23 02:25 1393928]
"E3E4E7E"="EAEBE.exe" []
"AsusStartupHelp"="I:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2008-01-23 02:25 363008]
"Launch PC Probe II"="I:\Program Files\ASUS\PC Probe II\Probe2.exe" [2008-01-23 02:25 2129408]
"nwiz"="nwiz.exe" [2007-06-28 11:43 1626112 I:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="I:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59 44544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= I:\PROGRA~1\DVDIDL~1\DVDShell.dll [2004-10-09 20:18 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= I:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
I:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=I:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=I:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=I:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\I:^Documents and Settings^Scott Bronson^Start Menu^Programs^Startup^MEMonitor.lnk]
path=I:\Documents and Settings\Scott Bronson\Start Menu\Programs\Startup\MEMonitor.lnk
backup=I:\WINDOWS\pss\MEMonitor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-01-18 02:38 1637312 I:\Documents and Settings\Scott Bronson\My Documents\Downloads\AnyDVD & AnyDVD HD 6.3.0.0 - Final\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
I:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C6501Sound]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 I:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 11:51 486856 I:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 05:41 49152 I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 I:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
--a------ 2007-04-08 11:44 303104 I:\Program Files\Essentials Codec Pack\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 I:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
I:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 19:53 153136 I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 11:43 8466432 I:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-28 11:43 81920 I:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-28 11:43 1626112 I:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
--a------ 2008-01-23 02:25 488712 I:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 02:05 217088 I:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 I:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 04:11 132496 I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-23 02:25 68856 I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
--a------ 2003-11-18 20:20 45056 I:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
--a------ 2004-01-12 23:40 69632 I:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2008-01-23 02:25 1347584 I:\Program Files\AWS\WeatherBug\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-01 21:11 4670968 I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
R3 cm102u32;C-Media CM6501 Like Sound Interface;I:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 04:04]
S3 usbprint;Microsoft USB PRINTER Class;I:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\OblivionLauncher.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 15:53:01 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- I:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 00:23:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-27 0:23:58
.
2008-01-26 12:00:17 --- E O F ---
bronson3304
2008-01-28, 07:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28, on 2008-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
I:\Program Files\Messenger\msmsgs.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\ASUS\AASP\1.00.17\aaCenter.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\HPZipm12.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
I:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
I:\Program Files\Trend Micro\BM\TMBMSRV.exe
I:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
I:\Program Files\Trend Micro\Internet Security\TmProxy.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
O2 - BHO: (no name) - {1D6CF66A-65AF-0536-F0BE-60A3E4F8F099} - I:\WINDOWS\system32\mtqlus.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {631FFD69-69AA-0502-F0BE-60A3E4F8F099} - I:\WINDOWS\system32\mtqlus.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "I:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [E3E4E7E] EAEBE.exe
O4 - HKLM\..\Run: [AsusStartupHelp] I:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "I:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "I:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Weather] I:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196495825078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196495820781
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3318D-584A-4A77-B923-C7BFDFAE5272}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3318D-584A-4A77-B923-C7BFDFAE5272}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - I:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - I:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - I:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - I:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 6603 bytes
pskelley
2008-02-05, 02:45
I apologize for the wait, steamwiz is not available just now. How is this computer running, any problems?
Tell me what this is: O4 - HKLM\..\Run: [E3E4E7E] EAEBE.exe If you do not know, let's remove it. You can scan it before doing so if you wish, use one or more of these free scanners:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {1D6CF66A-65AF-0536-F0BE-60A3E4F8F099} - I:\WINDOWS\system32\mtqlus.dll (file missing)
O2 - BHO: (no name) - {631FFD69-69AA-0502-F0BE-60A3E4F8F099} - I:\WINDOWS\system32\mtqlus.dll (file missing)
O4 - HKLM\..\Run: [E3E4E7E] EAEBE.exe
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart and post a new HJT log, let me know how the computer is running.
See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
Check your Java progam for an update, I believe you have one.
Thanks
bronson3304
2008-02-05, 09:59
thats alright, just glad to get help at all. but the computer is still running weird, closing programs and freezing up. and i don't know what the .exe was but i removed it. but here is the new hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:55, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\HPZipm12.exe
I:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\ASUS\PC Probe II\Probe2.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Trend Micro\BM\TMBMSRV.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
I:\Program Files\AWS\WeatherBug\Weather.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\ASUS\AASP\1.00.17\aaCenter.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
I:\Program Files\Trend Micro\Internet Security\TmProxy.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "I:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] I:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch PC Probe II] "I:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "I:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Weather] I:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196495825078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196495820781
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3318D-584A-4A77-B923-C7BFDFAE5272}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3318D-584A-4A77-B923-C7BFDFAE5272}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - I:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - I:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - I:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - I:\Program Files\Trend Micro\Internet Security\TmProxy.exe
--
End of file - 6741 bytes
pskelley
2008-02-05, 14:06
Once again I apologize for the delay, The HJT log looks to be clean of malware, so this may not be a malware issue causing the problems. Let's start looking for an answer like this:
1) Tell me how much RAM you have installed on the computer.
Start > RIGHT click MyComputer > Click properties. RAM will be in the lower right corner the System Properties Windows.
2) Start looking at this information for ways to make performance better:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
3) Run a free diagnostic here: http://www.pcpitstop.com/pcpitstop/
(I do not suggest you purchase anything)
You have to register (free) then when the diagnostic scan is complete you will be able to post a link to the Test Results here for me to view. If you have doubts about what to post, look at what other folks are posting here:
http://pcpitstop.invisionzone.com/index.php?showforum=6
4) Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here, along with the RAM count, a link to the Test Results at PCPitStop and any feedback you think will help.
Thanks...Phil
bronson3304
2008-02-06, 10:58
i know you only asked for the ram, but i will list the specs. also i built this computer :
amd 6000 (overclocked 3%, runs at 3.15 ghz
asus m2n-e sli
320 gb hd
512 mb pci graphic card
4 gb ddr2 pc 800 mem. but windows only sees 3.5 gb (don't know why?)
also trend micro has quarantined a virus that it won't let me delete. b104.exe.bin location: I:/windows\ (my hard drive was labeled I instead of C during install. when i googled the b104.exe.bin it bought up alot of forums about the Trojan vundo.
here is the link for the online scan
http://www.pcpitstop.com/techexpress.asp?id=MQZWSWY9TTGSQXZG
and the txt doc.
KASPERSKY ONLINE SCANNER REPORT
2008-02-05 03:44
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 510328
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 48293
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:30:13
Infected Object Name Virus Name Last Action
I:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
I:\Documents and Settings\All Users\Application Data\Trend Micro\OE\oe_engine\01\tmaseng.dll Object is locked skipped
I:\Documents and Settings\All Users\Application Data\Trend Micro\OE\Users\{10A20212-9F01-458E-BD7D-DDDA946C5EB0}\log\TMASUpdate.20080203.log Object is locked skipped
I:\Documents and Settings\All Users\Application Data\Trend Micro\OE\Users\{10A20212-9F01-458E-BD7D-DDDA946C5EB0}\WTCData.dat Object is locked skipped
I:\Documents and Settings\Jackie Smith\Cookies\index.dat Object is locked skipped
I:\Documents and Settings\Jackie Smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\Jackie Smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\Jackie Smith\Local Settings\History\History.IE5\index.dat Object is locked skipped
I:\Documents and Settings\Jackie Smith\Local Settings\Temp\Perflib_Perfdata_8e8.dat Object is locked skipped
I:\Documents and Settings\Jackie Smith\Local Settings\Temp\Perflib_Perfdata_fa4.dat Object is locked skipped
I:\Documents and Settings\Jackie Smith\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
I:\Documents and Settings\Jackie Smith\NTUSER.DAT Object is locked skipped
I:\Documents and Settings\Jackie Smith\ntuser.dat.LOG Object is locked skipped
I:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
I:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
I:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
I:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
I:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
I:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
I:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
I:\Documents and Settings\Scott Bronson\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\cert8.db Object is locked skipped
I:\Documents and Settings\Scott Bronson\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
I:\Documents and Settings\Scott Bronson\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\history.dat Object is locked skipped
I:\Documents and Settings\Scott Bronson\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\key3.db Object is locked skipped
I:\Documents and Settings\Scott Bronson\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\parent.lock Object is locked skipped
I:\Documents and Settings\Scott Bronson\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\search.sqlite Object is locked skipped
I:\Documents and Settings\Scott Bronson\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\urlclassifier2.sqlite Object is locked skipped
I:\Documents and Settings\Scott Bronson\Cookies\index.dat Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\Cache\_CACHE_001_ Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\Cache\_CACHE_002_ Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\Cache\_CACHE_003_ Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\Cache\_CACHE_MAP_ Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Application Data\Mozilla\Firefox\Profiles\fot9jpc6.default\XUL.mfl Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\History\History.IE5\index.dat Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Temp\Perflib_Perfdata_11ec.dat Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Temp\Perflib_Perfdata_888.dat Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Temp\Perflib_Perfdata_dac.dat Object is locked skipped
I:\Documents and Settings\Scott Bronson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
I:\Documents and Settings\Scott Bronson\NTUSER.DAT Object is locked skipped
I:\Documents and Settings\Scott Bronson\ntuser.dat.LOG Object is locked skipped
I:\Program Files\ASUS\PC Probe II\Pci.tab Object is locked skipped
I:\Program Files\Trend Micro\Internet Security\Trusted.dat Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{CA8D7481-F847-4B2D-88D4-F6EB5E302DE6}\RP33\change.log Object is locked skipped
I:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
I:\WINDOWS\S961A9559.tmp Object is locked skipped
I:\WINDOWS\SchedLgU.Txt Object is locked skipped
I:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
I:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
I:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log Object is locked skipped
I:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
I:\WINDOWS\SoftwareDistribution\EventCache\{88E9964F-A1F8-412F-A57F-132334C80D9A}.bin Object is locked skipped
I:\WINDOWS\SoftwareDistribution\EventCache\{AEA4010E-EB09-4684-8E55-21ECBE024CC3}.bin Object is locked skipped
I:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
I:\WINDOWS\Sti_Trace.log Object is locked skipped
I:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
I:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
I:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\default Object is locked skipped
I:\WINDOWS\system32\config\default.LOG Object is locked skipped
I:\WINDOWS\system32\config\Internet.evt Object is locked skipped
I:\WINDOWS\system32\config\SAM Object is locked skipped
I:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
I:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\SECURITY Object is locked skipped
I:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
I:\WINDOWS\system32\config\software Object is locked skipped
I:\WINDOWS\system32\config\software.LOG Object is locked skipped
I:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
I:\WINDOWS\system32\config\system Object is locked skipped
I:\WINDOWS\system32\config\system.LOG Object is locked skipped
I:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
I:\WINDOWS\system32\h323log.txt Object is locked skipped
I:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
I:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
I:\WINDOWS\wiadebug.log Object is locked skipped
I:\WINDOWS\wiaservc.log Object is locked skipped
I:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2008-02-06, 14:02
That Kaspersky scan is clean, you may find information about how to clean the Trend Micro quarantine folder here:
http://www.google.com/search?hl=en&q=clean+the+Trend+Micro+quarantine&btnG=Google+Search
or ask them: http://esupport.trendmicro.com/support/consumer/consumerhome.do?locale=en_US
PCPitStop Diagnostic: I suggest you review all information, due to time constraints, I can only look quickly. You can also post any query you have here:
http://pcpitstop.invisionzone.com/index.php?showforum=6
You have a variety of minor issues.
DISK: look at this information.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here are a couple of good free forums that will be able to help with possible XP issues:
http://www.bleepingcomputer.com/forums/forum56.html
http://www.techsupportforum.com/microsoft-support/windows-xp-support/
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.