-
HijackThis Log: Please help Diagnose
Hi
I have not been able to get rid of Virtumonde after multiple scans and fixes using Spybot, Norton 260, Ad-aware and Kaspersky Online scanner.
This is my first post about this issue. I have included recent scan logs to show what I have already done and included the HijackThis log below.
Thanks in advance.
==================================================
eTrust Antivirus Web Scanner log:
Virus scan finished. 3 viruses found.
win2A0.tmp.exe Win32/Kastem.AE infected C:\WINDOWS\Temp\
win2A6.tmp.exe Win32/Aflac.D infected C:\WINDOWS\Temp\
win44.tmp Win32/Kastem.AE infected C:\WINDOWS\Temp\
Note: All infected files were deleted after scan.
==================================================
==================================================
Spy Bot log (done in Safe Mode):
--- Report generated: 2007-07-27 20:06 ---
Virtumonde: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
==================================================
==================================================
VundoFix scan log:
No infected files were found.
==================================================
==================================================
VirtumondeBe Gone scan log:
[07/27/2007, 20:19:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Stepen\Desktop\VirtumundoBeGone.exe" )
[07/27/2007, 20:19:47] - Detected System Information:
[07/27/2007, 20:19:47] - Windows Version: 5.1.2600, Service Pack 2
[07/27/2007, 20:19:47] - Current Username: Stepen (Admin)
[07/27/2007, 20:19:47] - Windows is in NORMAL mode.
[07/27/2007, 20:19:47] - Searching for Browser Helper Objects:
[07/27/2007, 20:19:47] - BHO 1: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[07/27/2007, 20:19:47] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/27/2007, 20:19:47] - BHO 3: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[07/27/2007, 20:19:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2007, 20:19:48] - Checking for HKLM\...\Winlogon\Notify\NppBho
[07/27/2007, 20:19:48] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[07/27/2007, 20:19:48] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/27/2007, 20:19:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2007, 20:19:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/27/2007, 20:19:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/27/2007, 20:19:48] - BHO 5: {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} (URLDetector Class)
[07/27/2007, 20:19:48] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/27/2007, 20:19:48] - BHO 7: {857A461D-8D96-4996-A4A0-AEA0A2535B86} ()
[07/27/2007, 20:19:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2007, 20:19:48] - No filename found. Continuing.
[07/27/2007, 20:19:48] - BHO 8: {A7EBA094-A0FA-464D-A63C-82C8ACEA55FE} ()
[07/27/2007, 20:19:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2007, 20:19:49] - Checking for HKLM\...\Winlogon\Notify\ddaby
[07/27/2007, 20:19:49] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
[07/27/2007, 20:19:49] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[07/27/2007, 20:19:49] - Finished Searching Browser Helper Objects
[07/27/2007, 20:19:49] - Finishing up...
[07/27/2007, 20:19:49] - Nothing found! Exiting...
==================================================
==================================================
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:47:45 PM, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\My Documents\My Downloads\Applications\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - (no file)
O2 - BHO: (no name) - {A7EBA094-A0FA-464D-A63C-82C8ACEA55FE} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Resize &Window - C:\Program Files\ietools\resize_window.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Toggle AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9764845A-2609-432B-8504-A0DE05CB1CA5}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: ddcayxu - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
==================================================
-
Security Expert: Visiting Fellow
Please download Wscfix.
- Unzip it to your desktop.
- You will now see two files: Wscsvcfix.exe and readme.txt. Double-click Wscsvcfix.exe to run the program.
- Click the Inspect and Fix button once, and then restart Windows for the changes to take effect.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 .
- Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.
- Run HijackThis
- Click on Open the Misc Tools section
- Click Delete a file on reboot
- Find and select this file:
C:\WINDOWS\SYSTEM32\winmyy32.dll - Click Open
- You will be asked if you want to restart your computer, click Yes
- Your computer will be restarted
Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - (no file)
O2 - BHO: (no name) - {A7EBA094-A0FA-464D-A63C-82C8ACEA55FE} - C:\WINDOWS\system32\ddaby.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: ddcayxu - C:\WINDOWS\
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
Then close all windows except HijackThis and click Fix Checked
Go here to run an online scannner from Kaspersky.
- Click on "Kaspersky Online Scanner"
- A new smaller window will pop up. Press on "Accept". After reading the contents.
- Now Kaspersky will update the anti-virus database. Let it run.
- Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
- Then click on "My Computer", and the scan will start.
- Once finished, save the log as "KAV.txt" to the desktop.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post back with the Kaspersky log, a new HijackThis log & let me know of any remaining problems
-
Update - partially successful
Hi
I followed all of the instructions. Kaspersky picked up 1 problem - Trojan.Win32.Dialer.qn in the C:\System Volume Information directory. I turned off System Restore Point then rescaned C:\System Volume Information directory with Kaspersky and got the following result:
"Scan complete. No malware has been detected. The sections that have been scanned are CLEAN."
I then rebooted and turned System Restore Point back on. I rescanned with HijackThis and did a full system scan with Kasperski (logs below Ad-Aware scan log summary) and got the following result from Kasperski:
"Scan complete. No malware has been detected. The sections that have been scanned are CLEAN."
Things were looking good up until then. I ran Spybot to confirm that Virtumonde was gone but got the following result:
"1 problem found - Virtumonde > HKEY_LOCAL_MACHINE\software\microsoft\MSSGR"
I fixed the 1 problem with Spybot and then ran a scan with Ad-Aware 2007 which yielded the results in the following log file summary (I have tried to remove the www.trinsic.org bookmarks several times but it keeps returning).
==================================================
Ad-Aware 2007 log:
Infections Detected: 13
Cleaned Infections
=============
Browser: Firefox Bookmark URL: http://www.trinsic.org/index.php?tss=87&n=14, Belonging to Possible Browser Hijack attempt
Browser: Firefox Bookmark URL: http://www.trinsic.org/index.php?tss=68&n=30, Belonging to Possible Browser Hijack attempt
Browser: Firefox Bookmark URL: http://www.trinsic.org/index.php?sea...&Yes%5B%5D=cra, Belonging to Possible Browser Hijack attempt
End of Cleaned Infections
=============
Cleaned Infections
=============
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt www.bullguard.com fpc1000639991288 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt indextools.com itsessionid1000639991288 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt indextools.com itvisitorid1000639991288 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt keywordmax.com KMVisitor /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt realestate.com.au EmailAddress /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt realestate.com.au GUID /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt realestateview.com.au __utmz /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt realestateview.com.au __utma /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1059499801/, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles/default.e3h\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1069444854/, Belonging to Tracking Cookie
End of Cleaned Infections
==================================================
==================================================
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:55:01 AM, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
E:\My Documents\My Downloads\Applications\HijackThis\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Resize &Window - C:\Program Files\ietools\resize_window.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Toggle AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - C:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9764845A-2609-432B-8504-A0DE05CB1CA5}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
==================================================
Kaspersky log is in next post.
-
Kaspersky log - part 1
continued ...
==================================================
Kaspersky scan log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 28, 2007 1:36:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/07/2007
Kaspersky Anti-Virus database records: 368733
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 190046
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 03:28:01
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07262007-145128.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_EV-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_EV-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-04.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-05.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-06.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-07.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_FP-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-04.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-05.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-06.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_GX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-04.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-05.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-06.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-07.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-08.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-09.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_PX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-02.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-04.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_RG-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_TG-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_TG-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\LDB_VX-Index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\CF918A86.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\cert8.db Object is locked skipped
C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\formhistory.dat Object is locked skipped
C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\history.dat Object is locked skipped
C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\key3.db Object is locked skipped
C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\parent.lock Object is locked skipped
C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\search.sqlite Object is locked skipped
C:\Documents and Settings\Stepen\Application Data\Mozilla\Firefox\Profiles\default.e3h\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Stepen\Application Data\Prevx\proc.cat Object is locked skipped
C:\Documents and Settings\Stepen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Identities\{97B60D04-6CCD-419C-959E-29A298DFA876}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Identities\{97B60D04-6CCD-419C-959E-29A298DFA876}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A396D121-54E4-434C-8761-C4266960ADA7} Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.e3h\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.e3h\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.e3h\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.e3h\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\History\History.IE5\MSHist012007072820070729\index.dat Object is locked skipped
C:\Documents and Settings\Stepen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stepen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Stepen\ntuser.dat.LOG Object is locked skipped
... continued next post ...
-
Kaspersky log - part 2
... continued Kaspersky log ...
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\Program Files\Prevx2\lclbrk.cache Object is locked skipped
C:\Program Files\Prevx2\log\px-log.txt Object is locked skipped
C:\Program Files\Prevx2\paws.cache Object is locked skipped
C:\Program Files\Prevx2\prevx.cache Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1E6D6318-202B-4659-AA4D-67A3556A0809}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\STEPHEN.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Prefetch\OLD\ACROBAT.EXE-20E0511D.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\ALG.EXE-0F138680.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\AUPDATE.EXE-2253CB60.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\AZUREUS.EXE-008B7A30.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\BPUMQRYUSAGE.EXE-00D38AF7.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\CAMERAWINDOWCOMP.EXE-2ADB53A6.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\CHECKIT.EXE-2914E683.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\CMD.EXE-087B4001.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\CONTROL.EXE-013DBFB5.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\CTCMS.EXE-3897A504.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\CTDETECT.EXE-3A528B09.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\CTHELPER.EXE-11B416D5.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\CTSYSVOL.EXE-1702D80C.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\DEFRAG.EXE-273F131E.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\DESKUP.EXE-2D2508E7.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\DFRGNTFS.EXE-269967DF.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\DRWTSN32.EXE-2B4B52AC.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\DUMPREP.EXE-1B46F901.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\DWWIN.EXE-30875ADC.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\EAX.EXE-2FF4BB43.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\EMULE.EXE-2A971BEB.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\EM_EXEC.EXE-21B4F4A4.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\EWATCH.EXE-26D34468.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\EXPLORER.EXE-082F38A9.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\FIREFOX.EXE-17EE503B.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\FIREFOX.EXE-28641590.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\GCASDTSERV.EXE-04B13CAF.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\GCASSERV.EXE-3660CD4E.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\GCASSWUPDATER.EXE-06378256.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\HELPCTR.EXE-3862B6F5.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\HELPHOST.EXE-247D2792.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\HELPSVC.EXE-2878DDA2.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\HPGS2WND.EXE-06AC8C27.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\HPGS2WNF.EXE-0E86C34B.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\HPZENG05.EXE-00C9A3B8.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\HPZIPM12.EXE-145E7369.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\HPZSTC05.EXE-29C9AEF3.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\IEXPLORE.EXE-27122324.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\IMAPI.EXE-0BF740A4.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\IMGICON.EXE-33F2ACF4.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\IMGSTART.EXE-0794314C.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\IPODSERVICE.EXE-3192DE38.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\IRIVERMUSICMANAGER.EXE-2C6F7A98.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\ITOUCH.EXE-0DDF2B56.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\ITUNES.EXE-1A268432.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\JAVAW.EXE-074042F4.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\JUSCHED.EXE-2D198197.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\Layout.ini Object is locked skipped
C:\WINDOWS\Prefetch\OLD\LIMEWIRE.EXE-1944953E.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\LOGI_MWX.EXE-1B741F45.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\LOGON.SCR-151EFAEA.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\LONGHORNUI.EXE-1764D278.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\LUCOMS~1.EXE-02DB5950.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\MMC.EXE-39071BCC.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\MMC.EXE-398DCF39.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\MSPMSPSV.EXE-159858D5.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\MYCD.EXE-1A871F49.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\MYCDPRO.EXE-31A2EEFD.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\NAVW32.EXE-365BADC3.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\NDETECT.EXE-16E64095.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\NMAIN.EXE-2BA406E0.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\NOTEPAD.EXE-336351A9.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\NPROTECT.EXE-2BCFA594.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\NTOSBOOT-B00DFAAD.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\NTVDM.EXE-1A10A423.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\NWIZ.EXE-2D0F9FBC.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\OBC.EXE-2E42DAAF.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\PACKAGER.EXE-1D369367.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\PRCVIEW.EXE-003D5F36.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\QTTASK.EXE-342507FB.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\QUICKTIMEPLAYER.EXE-280B4828.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\REGEDIT.EXE-1B606482.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\REGSVR32.EXE-25EEFE2F.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RSTRUI.EXE-03C49A96.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-12B2E6AE.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-147710F4.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-14D8FFC0.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-18ACD379.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-1B5FE7C0.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-20A96C8F.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-229E8B67.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-24060C3D.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-24DBE541.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-24FCA208.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-3119AEC4.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-415F88EC.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-43139946.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-451FC2C0.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-452C2606.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\RUNDLL32.EXE-472C5269.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SBDRVDET.EXE-2E29F9E6.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SBSERV.EXE-32089713.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SDNTC.EXE-1A8516B1.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SETUP_WM.EXE-3135CBD6.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SGTRAY.EXE-339F806A.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SNDVOL32.EXE-383480B7.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SPKSET.EXE-166CD934.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SSMYPICS.SCR-01C62024.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SURMIXER.EXE-0E498396.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SVCHOST.EXE-3530F672.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SYMDRMC.EXE-045993EC.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SYMLCSVC.EXE-0DE3B05C.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SYMUNDO.EXE-3ACDC16C.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\SYSTRAY.EXE-345DCC1C.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\TASKMGR.EXE-20256C55.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\TASKSWITCH.EXE-11390459.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\TEXTPAD.EXE-2F8ACEA8.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\TEXTPAD.EXE-3B04D533.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\TWEAKUI.EXE-04B65C37.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\UPDREG.EXE-084B6B55.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\USERINIT.EXE-30B18140.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\VLC.EXE-22DF01AA.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\VSMON.EXE-1609C098.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WDFMGR.EXE-2CF4013B.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WINDOC.EXE-2B7257C0.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WINPROJ.EXE-15B93EF2.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WINWORD.EXE-29F5CB89.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WISEUPDT.EXE-06CCF17D.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WISPTIS.EXE-0C21B942.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WMIPRVSE.EXE-28F301A9.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEF9C.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEF9D.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEFA3.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEFA4.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WMPLAYER.EXE-18DDEFA5.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WRSSSDK.EXE-053DAB7A.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\WUAUCLT.EXE-399A8E72.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\ZAPRO.EXE-198F7E48.pf Object is locked skipped
C:\WINDOWS\Prefetch\OLD\ZOOMBROWSER.EXE-33FACBC8.pf Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETADCE.tmp Object is locked skipped
C:\WINDOWS\Temp\JETAE7A.tmp Object is locked skipped
C:\WINDOWS\Temp\ZLT25.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-10021102}.CDF Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
==================================================
end of log
-
Security Expert: Visiting Fellow
Have you tried deleting the http://www.trinsic.org/ bookmarks manually in firefox?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules