No windows update & Regedit lock

[jezzzzy]

No change. Still disabled.

 

[jezzzzy]

Still disabled.

 

[Shaba]

Open HijackThis, click do a system scan only and checkmark this:

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Close all windows including browser and press fix checked.

Reboot.

Post back a fresh HijackThis log and tell me if regedit works now?

 

[jezzzzy]

No change. I also ran HijackThis as you instructed and checked the 07 box and clicked "fix selected" and then after the fix, i did a quick scan again and the item was still in the list. Not sure if that helps.

 

[Shaba]

You are doing everything from admin account?

Please re-run combofix and post its log here along with a fresh HijackThis log.

 

[jezzzzy]

This is XP Home. No admin account, per se. But the user does have "admin" rights.

 

[Shaba]

OK, that is fine.

Continue with combofix run, please

 

[jezzzzy]

Ok. Running now. Not sure if it matters, but ComboFix started and then didn't open the "blue" window. I had to run it again to get it to start. I don't have task manager, so it's hard to tell what happened. It's running now.

 

[jezzzzy]

Combofix Log:
ComboFix 08-09-28.01 - Powery 2008-10-01 11:02:51.3 - NTFSx86
Running from: C:\Documents and Settings\Powery\Desktop\Fix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-10-01 09:14 . 2008-10-01 09:14 250 --a------ C:\WINDOWS\gmer.ini
2008-09-28 02:09 . 2008-09-28 02:09 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-27 23:50 . 2008-09-27 23:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-27 23:50 . 2008-09-27 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-27 23:44 . 2008-09-28 02:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-27 23:41 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-27 23:39 . 2008-05-08 08:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-27 23:38 . 2008-04-11 14:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-27 23:38 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-27 23:26 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-27 23:26 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-27 23:26 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-27 23:26 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-27 23:25 . 2008-09-27 23:25 <DIR> d---s---- C:\Documents and Settings\Powery\UserData
2008-09-27 22:35 . 2008-09-27 23:12 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-09-27 18:30 . 2008-10-01 10:36 53,488 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-09-27 18:30 . 2008-10-01 10:36 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-09-27 16:31 . 2008-09-27 16:32 <DIR> d-------- C:\Program Files\CA
2008-09-27 16:31 . 2008-09-27 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-09-27 16:31 . 2008-09-27 23:12 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-09-27 16:31 . 2008-09-27 23:12 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-09-27 16:31 . 2008-06-02 13:05 99,568 --a------ C:\WINDOWS\system32\isafeif.dll
2008-09-27 16:31 . 2008-09-27 23:12 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2008-09-27 16:31 . 2008-06-02 13:06 83,256 --a------ C:\WINDOWS\system32\vetredir.dll
2008-09-27 16:31 . 2008-09-27 23:12 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-27 16:31 . 2008-09-27 23:12 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-27 16:31 . 2008-09-27 23:12 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-27 16:31 . 2008-09-27 23:12 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-01 20:38 . 2008-09-01 20:38 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Lavasoft
2008-09-01 14:44 . 2003-11-20 20:28 <DIR> d-------- C:\Documents and Settings\Powery\WINDOWS
2008-09-01 14:44 . 2003-11-20 21:32 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\toshiba
2008-09-01 14:44 . 2008-09-01 14:46 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Symantec
2008-09-01 14:44 . 2003-11-21 14:25 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\InterVideo
2008-09-01 14:44 . 2003-11-20 20:59 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\InterTrust
2008-09-01 14:44 . 2003-11-20 21:52 <DIR> d-------- C:\Documents and Settings\Powery\Application Data\Drag'n Drop CD+DVD
2008-09-01 14:44 . 2008-10-01 10:41 <DIR> d-------- C:\Documents and Settings\Powery
2008-09-01 14:40 . 2008-09-01 14:40 32,768 --a------ C:\WINDOWS\~DF85FF.tmp
2008-09-01 14:37 . 2008-09-01 14:37 32,768 --a------ C:\WINDOWS\~DFB011.tmp
2008-09-01 12:25 . 2008-09-01 12:25 32,768 --a------ C:\WINDOWS\~DFD577.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 19:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 19:15 --------- d-----w C:\Program Files\Norton SystemWorks
2008-09-27 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-01 18:44 --------- d-----w C:\Program Files\Web Publish
2008-09-01 18:41 8,224 ----a-w C:\GDIPFONTCACHEV1.DAT
2008-08-30 16:22 32,768 ----a-w C:\WINDOWS\~DF1245.tmp
2008-07-13 03:01 32,768 ----a-w C:\WINDOWS\~DFE65E.tmp
2008-07-13 03:01 16,384 ----a-w C:\WINDOWS\~DFD595.tmp
2006-03-28 14:19 110,592 --sha-w C:\WINDOWS\system32\imupdate.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-29_17.58.48.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-01 13:14:43 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-18 01:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2008-10-01 13:14:43 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2008-09-28 17:22:53 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-29 21:51:12 53,634 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-28 17:22:53 381,930 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-29 21:51:13 381,930 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"TFncKy"="C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe" [2003-08-18 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-22 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-28 155648]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2003-10-31 1019904]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-09-27 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-27 234736]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-09-27 14088]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-27 771312]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-27 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-27 259312]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 40960]
"MSN IM Update"="imupdate.exe" [2006-03-28 C:\WINDOWS\system32\imupdate.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^20-20 Shortcut Bar.lnk]
backup=C:\WINDOWS\pss\20-20 Shortcut Bar.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Boingo.lnk]
backup=C:\WINDOWS\pss\Boingo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^oxjz.exe]
backup=C:\WINDOWS\pss\oxjz.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Explosion Calendar Checker.lnk]
backup=C:\WINDOWS\pss\Photo Explosion Calendar Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Delivery Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-B Notebook Adapter Utility.lnk]
backup=C:\WINDOWS\pss\Wireless-B Notebook Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^My Pc^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2003-04-16 00:01 258048 C:\WINDOWS\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-07-17 21:38 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
--a------ 2003-11-05 09:38 1380352 C:\PROGRA~1\B'SCLI~1\Win2K\BsCLiP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 22:26 368706 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 14:29 40960 C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-02 20:16 172032 C:\Program Files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2003-10-20 13:39 159744 c:\TOSHIBA\Ivp\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--a------ 2002-02-04 22:32 53248 C:\Program Files\REGSHAVE\Regshave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2004-07-25 15:45 1277952 C:\Program Files\Support.com\BellSouth\hcenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-24 00:28 24576 C:\WINDOWS\system32\000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-04-18 15:20 88363 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN IM Update]
--ahs---- 2006-03-28 10:19 110592 C:\WINDOWS\system32\imupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2003-10-15 20:03 73728 C:\WINDOWS\system32\TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2003-11-20 01:15 278528 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Swupdtmr"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 9344]
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-03-19 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-03-21 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-03-21 45584]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-03-19 115216]
R2 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-11-04 390400]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-04 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-03-21 66576]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-04-15 281104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-05-30 88816]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\rtl8180.sys [2003-10-01 184832]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-27 185584]
S3 ATWPKT;ATWPKT;C:\WINDOWS\system32\Drivers\ATWPKT.SYS [2002-03-20 19140]
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\BWNDIS5.SYS [2003-01-11 15744]
S3 USA19H;USA19H;C:\WINDOWS\system32\DRIVERS\USA19H2k.sys [2003-06-24 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS [2003-06-24 44928]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp:///
O17 -: HKLM\CCS\Interface\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENetFlt.dll
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 11:12:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-01 11:18:06
ComboFix-quarantined-files.txt 2008-10-01 15:17:54
ComboFix2.txt 2008-09-30 18:55:51
ComboFix3.txt 2008-09-29 22:07:49

Pre-Run: 8,310,751,232 bytes free
Post-Run: 8,297,508,864 bytes free

251 --- E O F --- 2008-09-29 03:46:38


HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:23 AM, on 10/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Powery\Desktop\Fix\jezzzzy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222579674140
O17 - HKLM\System\CCS\Services\Tcpip\..\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9127 bytes

 

[jezzzzy]

Regedit and Task Manager are fixed.

 

[Shaba]

Great

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here

 

[jezzzzy]

Ok. After a restart, my task manager is gone again. Should I continue with Kapersky or do something different?

 

[Shaba]

Is regedit gone too?

Yes, we will continue with this:

Delete this file:

C:\WINDOWS\system32\imupdate.exe

Empty Recycle Bin.

A bootlog is a file where windows writes down which drivers are loaded and which not during startup.
Using Windows explorer, see if you find c:\windows\ntbtlog.txt - If it exists, delete the file.

• Click Start then Run and type in msconfig in the edit box and hit Enter or click Ok
• Click on the boot.ini tab and check the box that says /BOOTLOG
• Click Apply & Ok and reboot the PC (may take a bit longer to boot)
• After it reboots, you will get a message that msconfig has been used to change your start settings.
• In msconfig, Check Normal Startup on the GENERAL tab, and on the BOOT.INI tab, Uncheck /BOOTLOG. Click Apply, OK.
• When a message asks if you want to Reboot now, Click Exit Without Reboot. You don't need to.
• Using Windows Explorer, locate c:\windows\ntbtlog.txt and post the content of the file.

 

[jezzzzy]

Regedit gone too.

"Access Denied" when trying to delete imupdate.exe. It's in the startup registry key. I can try to remove that with msconfig, restart and try to delete again. Should I do that?

 

[Shaba]

Fix this entry:

O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe

Reboot.

Delete this:

C:\WINDOWS\system32\imupdate.exe

Reboot.

Check if regedit and task manager are still disabled.

If they are, do that bootlog part, please.

 

[jezzzzy]

Service Pack 210 1 2008 13:27:37.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver compbatt.sys
Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver pcmcia.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver BsStor.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver TVALZ.SYS
Loaded driver Mup.sys
Loaded driver kmxstart.sys
Loaded driver \SystemRoot\System32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\System32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\System32\DRIVERS\rtl8180.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\Apfiltr.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS
Loaded driver \SystemRoot\system32\drivers\pfc.sys
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\drivers\smwdm.sys
Loaded driver \SystemRoot\system32\drivers\aeaudio.sys
Loaded driver \SystemRoot\System32\DRIVERS\AGRSM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\System32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\drivers\ialmkchw.sys
Loaded driver \SystemRoot\system32\drivers\ialmsbw.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Loaded driver \SystemRoot\System32\DRIVERS\kmxcfg.sys
Loaded driver \SystemRoot\System32\DRIVERS\kmxagent.sys
Loaded driver \SystemRoot\System32\DRIVERS\KmxFile.sys
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Did not load driver \SystemRoot\System32\DRIVERS\kmxagent.sys
Loaded driver \SystemRoot\System32\DRIVERS\kmxfw.sys
Loaded driver \SystemRoot\System32\Drivers\VETFDDNT.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\VETEFILE.SYS
Loaded driver \SystemRoot\System32\Drivers\VET-REC.SYS
Loaded driver \SystemRoot\System32\Drivers\VET-FILT.SYS
Did not load driver \SystemRoot\System32\Drivers\VET-FILT.SYS
Loaded driver \SystemRoot\System32\Drivers\VETEBOOT.SYS
Did not load driver \SystemRoot\System32\Drivers\VETEFILE.SYS
Loaded driver \SystemRoot\System32\Drivers\VETMONNT.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Udfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\BsUDF.SYS
Loaded driver \SystemRoot\System32\Drivers\meiudf.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Did not load driver \SystemRoot\System32\DRIVERS\kmxagent.sys
Loaded driver \SystemRoot\System32\DRIVERS\KmxSbx.sys
Loaded driver \??\C:\WINDOWS\System32\drivers\TBiosDrv.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\System32\DRIVERS\netdevio.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\Drivers\SENTINEL.SYS
Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
Loaded driver \SystemRoot\System32\Drivers\tossmbnt.SYS
Loaded driver \SystemRoot\System32\Drivers\ASCTRM.SYS
Loaded driver \SystemRoot\System32\Drivers\Aspi32.SYS
Loaded driver \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Did not load driver \SystemRoot\System32\DRIVERS\kmxagent.sys
Did not load driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\KmxCF.sys
Loaded driver \SystemRoot\System32\Drivers\MASPINT.SYS
Did not load driver \SystemRoot\System32\Drivers\mrtRate.SYS
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys

 

[Shaba]

Please re-do that REG ADD part instructed here, reboot and post back a fresh HijackThis log.

 

[jezzzzy]

Task Manager and Regedit are back.

HJT Log here:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:49 PM, on 10/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\TFNF5.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Powery\Desktop\Fix\jezzzzy.exe
C:\Program Files\Support.com\bin\tgcmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [MSN IM Update] imupdate.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222579674140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{44721E11-AB57-49F8-B555-C3CDCEA5CF91}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D08DFE9E-3A5A-44FC-A682-836101BD7651}: NameServer = 192.168.1.254
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11111 bytes

 

[Shaba]

Great news

Please now scan with kaspersky and post back kaspersky report and a fresh HijackThis log.

 

[jezzzzy]

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 2, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 01, 2008 18:43:57
Records in database: 1280689


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases no

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 126341
Threat name 7
Infected objects 47
Suspicious objects 0
Duration of the scan 02:59:18

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

C:\NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet 1

C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\080B4CFD Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\08724305 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0B0D1F7B Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\139C08FC Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\14027F03 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15D13181 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1DF738DF Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1F923B02 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20AB4A21 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20AE741E Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20B11E1A Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20B44816 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20B87213 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20BE460C Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20C51A05 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20C84401 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20CB6DFD Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20CE17FA Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20D815EF Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20DC3FEB Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20DF69E8 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20E213E4 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20E53DE1 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\20EC11D9 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25170ADA Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2B896D08 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\33582ED2 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\36B332FF Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\37192907 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4DD42AFD Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54826C2D Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\59CA5D03 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\62C21025 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\655A1901 Infected: Trojan-Downloader.Win32.TSUpdate.l 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\676C0590 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6E8C578C Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\71514B08 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7C7B10FF Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7CCC7B84 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7CE10706 Infected: not-a-virus:AdWare.Win32.Look2Me.ab 1

C:\QooBox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1

C:\QooBox\Quarantine\C\WINDOWS\TXkgUGM\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a 1

C:\QooBox\Quarantine\C\WINDOWS\TXkgUGM\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BMAP1BUO\AppWrap[1].exe Infected: not-a-virus:AdWare.Win32.AdURL.c 1

The selected area was scanned.