Jump to content

tavita86

Members
  • Content Count

    26
  • Joined

  • Last visited

Everything posted by tavita86

  1. Hi Ok ive done al that here are the results Smitfraudfix Log SmitFraudFix v2.230 Scan done at 14:22:57.68, Sun 30/09/2007 Run from C:\Documents and Settings\ieru toomua\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\.protected Deleted C:\WINDOWS\main_uninstaller.exe Deleted C:\WINDOWS\privacy_danger\ Deleted C:\DOCUME~1\IERUTO~1\STARTM~1\Programs\Startup\.protected Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected Deleted C:\DOCUME~1\IERUTO~1\Desktop\Error Cleaner.url Deleted C:\DOCUME~1\IERUTO~1\Desktop\Privacy Protector.url Deleted C:\DOCUME~1\IERUTO~1\Desktop\Spyware?Malware Protection.url Deleted C:\DOCUME~1\IERUTO~1\FAVORI~1\Error Cleaner.url Deleted C:\DOCUME~1\IERUTO~1\FAVORI~1\Privacy Protector.url Deleted C:\Program Files\VideoAccessCodec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS3\Services\Tcpip\..\{832EAE94-F015-4698-9588-BC7AC84B6831}: DhcpNameServer=192.168.2.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End HiJackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:35:19 PM, on 30/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Mouse Driver\MouseDrv.exe C:\SysMa2\svchost.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: MSVPS System - {ECBD04D1-1133-4480-8A8C-BC9FDD54D6C1} - C:\WINDOWS\div32.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Policies\Explorer\Run: [100] C:\SysMa2\svchost.exe O4 - Startup: .protected O4 - Global Startup: .protected O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: mssql - {44C4E3AD-B01F-4B3A-B2E7-73BFF51A2322} - C:\WINDOWS\mssql.dll O21 - SSODL: syscore - {3C73E2D4-7C41-4820-A58D-1B921B0DB0CD} - C:\WINDOWS\syscore.dll O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12514 bytes Cheers David
  2. Hi thanks for the help here are the results SmitFraudFix v2.230 Scan done at 19:23:36.56, Wed 26/09/2007 Run from C:\Documents and Settings\ieru toomua\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Mouse Driver\MouseDrv.exe C:\SysMa2\svchost.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\main_uninstaller.exe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ieru toomua »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ieru toomua\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IERUTO~1\FAVORI~1 C:\DOCUME~1\IERUTO~1\FAVORI~1\Error Cleaner.url FOUND ! C:\DOCUME~1\IERUTO~1\FAVORI~1\Privacy Protector.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\IERUTO~1\Desktop\Error Cleaner.url FOUND ! C:\DOCUME~1\IERUTO~1\Desktop\Privacy Protector.url FOUND ! C:\DOCUME~1\IERUTO~1\Desktop\Spyware?Malware Protection.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\VideoAccessCodec\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.2.1 DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{832EAE94-F015-4698-9588-BC7AC84B6831}: DhcpNameServer=192.168.2.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{832EAE94-F015-4698-9588-BC7AC84B6831}: DhcpNameServer=192.168.2.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{832EAE94-F015-4698-9588-BC7AC84B6831}: DhcpNameServer=192.168.2.1 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Cheers
  3. OK it has stopped doing that now... here is the new HJT log Logfile of HijackThis v1.99.1 Scan saved at 7:08:42 PM, on 9/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - http://video.vividas.com/media/5225_ARU/we.../vivid_ocx.jpeg O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  4. Hi I tried installing a program on my laptop today and as it was installing it started to download something called "Video Access Codec v1.4" After some research on the internet it seems as though this is a trojan. I have included a HJT log below. Please help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:12:49 PM, on 25/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Mouse Driver\MouseDrv.exe C:\SysMa2\svchost.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default.as...;l=en&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.as...;l=en&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: MSVPS System - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - C:\WINDOWS\mscore.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Policies\Explorer\Run: [100] C:\SysMa2\svchost.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: drvsvp - {90DE5F55-95D0-494C-A71B-D4F6FAAC0DBC} - C:\WINDOWS\drvsvp.dll O21 - SSODL: msmduo - {24D02D73-B47C-4C4C-828E-393DDC6D5AB8} - C:\WINDOWS\msmduo.dll O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12740 bytes
  5. Hi Thanks for your help so far. When i turned on my computer today i got a message called "wuauclt.exe - Application error" (there were also other ones called drwtsn32.exe - Application error and many more) and inside it said "The instruction at 0x5a00c8b4 referenced memory at 0xe135ff00. The memory could not be "read". Clock OK to terminate program" and now it seems i cant open anything without all these error messages coming up. I was thinking that this could be due to Comodo firewall blocking all these applications but im not sure. Your help on this please. David
  6. OK all that has been done here is the new HJT log Logfile of HijackThis v1.99.1 Scan saved at 1:40:40 PM, on 9/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - http://video.vividas.com/media/5225_ARU/we.../vivid_ocx.jpeg O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe Cheers David
  7. Oh and my subscription to Norton has expired
  8. OK ive deleted all those files EXCEPT for the email. The folder which it was in was copied over from before we reformatted our computer (so that mum wouldn lose all of her Outlook contacts) so that suspicious email isnt opening in Outlook. When i open the folder "D:\New Folder\Documents and Settings\david\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox" theres a file called Outlook.pst in there which i assum the email is in. do i delete that file? Below is the new HJT Log Logfile of HijackThis v1.99.1 Scan saved at 12:16:39 PM, on 9/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - http://video.vividas.com/media/5225_ARU/we.../vivid_ocx.jpeg O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Cheers David
  9. Ok here are the results Kaspersky scan results ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, September 20, 2007 9:50:53 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 19/09/2007 Kaspersky Anti-Virus database records: 420744 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 65264 Number of viruses found: 31 Number of infected objects: 63 Number of suspicious objects: 2 Duration of the scan process: 01:22:04 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\david\Cookies\index.dat Object is locked skipped C:\Documents and Settings\david\Desktop\New Folder (2)\ph_smf21-2006-04-02\crack.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped C:\Documents and Settings\david\Desktop\New Folder (2)\ph_smf21-2006-04-02.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped C:\Documents and Settings\david\Desktop\New Folder (2)\ph_smf21-2006-04-02.rar RAR: infected - 1 skipped C:\Documents and Settings\david\Desktop\New Folder (2)\SubliminalFlash.exe/file6 Infected: Constructor.Win32.Negett.a skipped C:\Documents and Settings\david\Desktop\New Folder (2)\SubliminalFlash.exe Inno: infected - 1 skipped C:\Documents and Settings\david\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\david\Desktop\SmitfraudFix\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\david\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\david\Local Settings\History\History.IE5\MSHist012007092020070921\index.dat Object is locked skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\4PE3SD23\slideticker[1].swf Object is locked skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\DGSV5XW9\1[1] Object is locked skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\FZHBZ1WW\menu[1].swf Object is locked skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\FZHBZ1WW\timelineplayer[1].swf Object is locked skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\OFXZ2IRH\slideticker[1].swf Object is locked skipped C:\Documents and Settings\david\mc2.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped C:\Documents and Settings\david\NTUSER.DAT Object is locked skipped C:\Documents and Settings\david\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\david\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\08EF5269.exe Infected: Trojan-Downloader.Win32.Cryptic.gen skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0ADB7FD2.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0B4D5CEC.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CD22F32 Infected: IM-Worm.Win32.Licat.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0DB0563E Infected: IM-Worm.Win32.Licat.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0E8F7808.dll Infected: Trojan-PSW.Win32.Small.br skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\112E1347 Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\11313D44 Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B0F1F51 Infected: Trojan-PSW.Win32.Agent.im skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\28EA3C12 Infected: Trojan-PSW.Win32.Agent.jo skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32E85058 Infected: Trojan-PSW.Win32.Agent.jo skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\347D33FA.HTM Infected: Trojan-Downloader.VBS.Psyme.fc skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D120728 Infected: Trojan-PSW.Win32.Agent.jo skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D1C051D Infected: Trojan-PSW.Win32.Agent.jo skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\41EE03CF Infected: Trojan-PSW.Win32.Agent.jo skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\47FD41D9.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4DEA4700.exe Infected: Backdoor.Win32.MSNMaker.ab skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4E80525B.exe Infected: Trojan.Win32.Pakes skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4E837C57.exe Infected: Trojan.Win32.Pakes skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\510C5CD8.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51165ACE.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\512058C3.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\512A56B8.exe Infected: Trojan-Downloader.Win32.Small.ejj skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\555964D1.exe Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\574D7CAB.exe Infected: IM-Worm.Win32.Licat.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5DC21EFA Infected: Trojan-PSW.Win32.Agent.im skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5DE562D2 Infected: not-a-virus:AdWare.Win32.Mostofate.z skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5FB363BB.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\604311CF Infected: Trojan-PSW.Win32.Agent.jo skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\68DC62C7.exe Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A712F07 Infected: IM-Worm.Win32.Licat.i skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78903D7D.exe Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78F60AEC Infected: Trojan-Downloader.Win32.Small.ejj skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7F8D1DCC Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7FD42F7C Infected: Trojan-Downloader.Win32.Delf.ain skipped C:\Program Files\Subliminal Flash\WaveServer.exe Infected: Constructor.Win32.Negett.a skipped C:\qoobox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped C:\qoobox\Quarantine\C\WINDOWS\DOWNLO~1\UDC6_0001_D21M0303NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped C:\qoobox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\ippflt.sys.vir Infected: Rootkit.Win32.Agent.hr skipped C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP320\A0085066.dll Infected: Trojan-Downloader.Win32.Agent.cnq skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP321\A0085131.exe Infected: Trojan-Downloader.Win32.Zlob.cgv skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP321\A0085132.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.cgv skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP321\A0085132.exe ZIP: infected - 1 skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP321\A0085146.EXE Infected: Backdoor.Win32.Small.na skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP323\A0086208.EXE Infected: Trojan-Downloader.Win32.Agent.cnq skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP324\A0086389.dll Infected: not-a-virus:AdWare.Win32.Agent.gs skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP336\A0098355.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP336\A0098357.sys Infected: Rootkit.Win32.Agent.hr skipped C:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP338\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{21606727-519A-4FB9-B869-2CC186D4B279}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\dmdlg.1 Infected: Trojan-Downloader.Win32.Agent.cnq skipped C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd4749.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\mc2.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\New Folder\Documents and Settings\david\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/23 Dec 2005 20:55 from Toomua:Alice/Michael.zip Infected: Trojan-Downloader.Win32.Bagle.p skipped D:\New Folder\Documents and Settings\david\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/AVG Virus Vault/28 Mar 2005 16:16 from Mail Delivery Subsystem:Returned mail: se/28 Mar 2005 16:15 to [email protected]:Mail Delivery (failure .html Suspicious: Exploit.HTML.Iframe.FileDownload skipped D:\New Folder\Documents and Settings\david\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 1, suspicious - 1 skipped D:\Outlook Backup\Outlook backup.pst/Personal Folders/Inbox/23 Dec 2005 20:55 from Toomua:Alice/Michael.zip Infected: Trojan-Downloader.Win32.Bagle.p skipped D:\Outlook Backup\Outlook backup.pst/Personal Folders/AVG Virus Vault/28 Mar 2005 16:16 from Mail Delivery Subsystem:Returned mail: se/28 Mar 2005 16:15 to [email protected]:Mail Delivery (failure .html Suspicious: Exploit.HTML.Iframe.FileDownload skipped D:\Outlook Backup\Outlook backup.pst Mail MS Mail: infected - 1, suspicious - 1 skipped D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{15AFF332-F95E-4C5C-8BA3-CF14D8FC77F4}\RP338\change.log Object is locked skipped Scan process completed. New HiJackThis Log Logfile of HijackThis v1.99.1 Scan saved at 9:52:01 AM, on 9/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - http://video.vividas.com/media/5225_ARU/we.../vivid_ocx.jpeg O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Cheers David
  10. ok ive done all that here are my scan results Virus Total Results File dmdlg.dll received on 09.18.2007 11:03:27 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 8/32 (25%) Loading server information... Your file is queued in position: 1. Estimated start time is between 39 and 56 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.9.18.0 2007.09.18 - AntiVir 7.6.0.10 2007.09.18 TR/Dldr.ConHook.Gen Authentium 4.93.8 2007.09.18 - Avast 4.7.1043.0 2007.09.17 - AVG 7.5.0.485 2007.09.17 - BitDefender 7.2 2007.09.18 Trojan.Conhook.Y CAT-QuickHeal 9.00 2007.09.17 - ClamAV 0.91.2 2007.09.18 - DrWeb 4.33 2007.09.18 Trojan.Iespy eSafe 7.0.15.0 2007.09.17 - eTrust-Vet 31.1.5142 2007.09.17 - Ewido 4.0 2007.09.17 - FileAdvisor 1 2007.09.18 - Fortinet 3.11.0.0 2007.09.18 - F-Prot 4.3.2.48 2007.09.17 - F-Secure 6.70.13030.0 2007.09.18 W32/BHO.QG Ikarus T3.1.1.12 2007.09.18 - Kaspersky 4.0.2.24 2007.09.18 - McAfee 5121 2007.09.17 - Microsoft 1.2803 2007.09.18 - NOD32v2 2536 2007.09.18 - Norman 5.80.02 2007.09.18 W32/BHO.QG Panda 9.0.0.4 2007.09.17 Suspicious file Prevx1 V2 2007.09.18 Heuristic: Suspicious Self Modifying EXE Rising 19.41.12.00 2007.09.18 - Sophos 4.21.0 2007.09.18 - Sunbelt 2.2.907.0 2007.09.15 - Symantec 10 2007.09.18 - TheHacker 6.2.5.061 2007.09.17 - VBA32 3.12.2.4 2007.09.18 - VirusBuster 4.3.26:9 2007.09.17 - Webwasher-Gateway 6.0.1 2007.09.18 Trojan.Dldr.ConHook.Gen Additional information File size: 102745 bytes MD5: b155f8ba90f540d85ade36009a9c2187 SHA1: a135f12a4f2af72ea67950b64ade62be92834d77 packers: MORPHINE, UPX packers: Morphine Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5...8754800229B0CE8 New HiJack This Log Logfile of HijackThis v1.99.1 Scan saved at 9:13:31 PM, on 9/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - http://video.vividas.com/media/5225_ARU/we.../vivid_ocx.jpeg O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Cheers David
  11. Hi Thanks for your help here are the logs Uninstall list Absolute MP3 Splitter version 2.5 Adobe Flash Player 9 Adobe Reader 6.0 Adobe Shockwave Player Allok MP3 to AMR Converter 2.0.2 AnyDVD Apple Software Update ArcSoft PhotoStudio 5.5 Athlon 64 Processor Driver Blaze Media Pro CloneDVD2 Companion wizard Counter-Strike 1.6 Cucusoft DVD to iPod + iPod Video Converter Suite 5.25.5.8 DivX Player DivX Pro Codec Dr.DivX DVD Shrink 3.2 Dynalink RTA100+ USB Express Setup Hijackthis 1.99.1 HijackThis 1.99.1 iPod for Windows 2005-10-12 iTunes J2SE Runtime Environment 5.0 Update 3 Lame ACM MP3 Codec LG Internet Kit LG Internetkit LG Media Center LG PC Sync LG Phone Manager LG PhoneManager LG SyncManager LG USB Modem driver LimeWire PRO 4.12.6 LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Microsoft Office Professional Edition 2003 Movie Joiner Nero 7 Premium Nokia Connectivity Cable Driver Nokia PC Connectivity Solution Nokia PC Suite Norton SystemWorks 2003 Norton WMI Update ParetoLogic Anti-Spyware Polaroid Digital Camera Quick AVI MPEG Joiner v2.0 QuickTime Realtek AC'97 Audio Skype™ 3.2 Sony Picture Utility Sony USB Driver Spyware Doctor 4.0 Subliminal Flash 3.0 Tansee iPod Transfer v3.6 Update for Windows XP (KB898461) VIA Platform Device Manager VIA/S3G Display Driver VideoEgg Publisher Windows Driver Package - Nokia Modem (07/24/2006 6.81.0.23) Windows Installer 3.1 (KB893803) Windows Live Messenger WinRAR archiver XviD MPEG-4 Video Codec Combofix Log ComboFix 07-09-17.2 - "david" 2007-09-17 23:11:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.127 [GMT 10:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Common Files\companion wizard C:\Program Files\Common Files\Companion Wizard\compwiz.exe C:\Program Files\Common Files\companion wizard\compwiz.exe C:\Program Files\Common Files\Companion Wizard\log.txt C:\Program Files\Common Files\companion wizard\log.txt C:\Program Files\Common Files\companion wizard\WapCHK.dll C:\Program Files\Common Files\Companion Wizard\WapCHK.dll C:\WA6P C:\WINDOWS\dat.txt C:\WINDOWS\DOWNLO~1\UDC6_0001_D21M0303NetInstaller.exe C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe C:\WINDOWS\rs.txt C:\WINDOWS\svchost.ini C:\WINDOWS\system32\drivers\ippflt.sys C:\WINDOWS\system32\stera.log C:\WINDOWS\system32\wapiit.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_IPPFLT -------\ippflt ((((((((((((((((((((((((( Files Created from 2007-08-17 to 2007-09-17 ))))))))))))))))))))))))))))))) . 2007-09-17 23:10 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-06 10:22 <DIR> d-------- C:\Program Files\Valve 2007-09-03 10:39 <DIR> d-------- C:\Program Files\Subliminal Flash 2007-08-30 10:57 <DIR> d-------- C:\WINDOWS\system32\AppCert 2007-08-30 10:56 102,745 --a------ C:\WINDOWS\system32\dmdlg.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-17 23:19 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-17 22:57 --------- d-------- C:\Program Files\Blaze Media Pro 2007-09-16 17:49 --------- d-------- C:\DOCUME~1\david\APPLIC~1\LimeWire 2007-09-06 10:22 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-03 11:23 --------- d-------- C:\Program Files\Spyware Doctor 2007-08-26 22:21 --------- d-------- C:\DOCUME~1\david\APPLIC~1\DataLayer 2007-08-26 16:22 --------- d-------- C:\DOCUME~1\david\APPLIC~1\Skype 2007-08-20 22:14 --------- d-------- C:\Program Files\MSN Messenger 2007-08-02 19:40 --------- d-------- C:\Program Files\LG Media Center 2007-08-01 17:29 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec 2006-11-27 15:49 1886 --a------ C:\DOCUME~1\david\vsetup.exe 2006-11-26 21:17 139489 --a------ C:\DOCUME~1\david\mc2.exe 2006-09-05 21:49:58 56 --sh--r C:\WINDOWS\system32\AD236A25FB.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4069D1FE-5B6B-427D-ACD2-FDC9FC737894}] 2001-08-18 10:36 102745 --a------ C:\WINDOWS\system32\dmdlg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22] "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-08-23 22:38] "PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-01-23 12:29] "LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-01-23 13:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:56] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [2006-08-31 16:03 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Khid] C:\Documents and Settings\david\Application Data\?icrosoft.NET\?ti2evxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] VTtrayp.exe R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS S3 iadusb;Dynalink RTA100+ USB;C:\WINDOWS\system32\DRIVERS\glauiad.sys S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys . Contents of the 'Scheduled Tasks' folder "2007-09-04 06:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-09-15 00:01:25 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe "2007-09-14 07:31:40 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job" "2007-09-13 20:28:17 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job" - C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe "2007-09-17 13:18:39 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-17 23:19:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-09-17 23:21:41 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-17 23:21 . --- E O F --- New HiJack This Log Logfile of HijackThis v1.99.1 Scan saved at 11:24:30 PM, on 9/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {4069D1FE-5B6B-427D-ACD2-FDC9FC737894} - C:\WINDOWS\system32\dmdlg.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - http://video.vividas.com/media/5225_ARU/we.../vivid_ocx.jpeg O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Also note that once i ran combofix every now and then something pops up from Norton Saying "Scanning message 1 of 1" and i had never sent any messages so it seems like emials are being sent from my computer by themselves. Once again thanks alot for your help David
  12. Hi guys it seems as tho i have a browser hijack whenever i search for something on google i seem to get weird and different results every time and when i click on a link it takes me to the same few sites every time (after i click i says something like "jump" and then goes to dailysearch.com and then to one of those sites) i have includedf a HJT log below please help!! Logfile of HijackThis v1.99.1 Scan saved at 10:17:43 AM, on 9/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ozemail.com.au:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1;192.168.1.2;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {4069D1FE-5B6B-427D-ACD2-FDC9FC737894} - C:\WINDOWS\system32\dmdlg.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - http://video.vividas.com/media/5225_ARU/we.../vivid_ocx.jpeg O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  13. No there is no such folder in the application directory
  14. Hey there was no text in the IDfile....
  15. Hey here are the two reports ndis2.txt: Volume in drive C has no label. Volume Serial Number is E8D8-432F Directory of C:\WINDOWS\System32\drivers 08/04/2004 11:14 AM 182,912 ndis.sys 08/03/2004 11:10 PM 10,880 NdisIP.sys 08/18/2001 01:55 AM 9,600 ndistapi.sys 08/10/2004 04:32 PM 12,928 ndisuio.sys 08/04/2004 11:14 AM 91,776 ndiswan.sys 5 File(s) 308,096 bytes 0 Dir(s) 3,103,047,680 bytes free ComboFix.txt: "david" - 07-04-02 23:24:33 Service Pack 2 ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\david\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\DOCUME~1 C:\qoobox\purity\DOCUME~1\david C:\qoobox\purity\DOCUME~1\david\APPLIC~1 C:\qoobox\purity\DOCUME~1\david\APPLIC~1\from.txt C:\qoobox\purity\DOCUME~1\david\APPLIC~1\ICROSO~1.NET C:\qoobox\purity\Program Files\Common Files\SKS~1 C:\qoobox\purity\Program Files\Common Files\WNSXS~1 C:\qoobox\purity\Program Files\Common Files\SKS~1\??sks C:\qoobox\purity\Program Files\Common Files\SKS~1\??sks\ctxad-504.0000 ((((((((((((((((((((((((((((((( Files Created from 2007-03-02 to 2007-04-02 )))))))))))))))))))))))))))))))))) 2007-04-02 23:18 182,912 --a------ C:\WINDOWS\system32\drivers\ndis.sys 2007-03-30 15:36 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-03-28 12:49 61 --a------ C:\WINDOWS\winmoprp.dll 2007-03-28 12:48 61 --a------ C:\WINDOWS\msscds32.dll 2007-03-22 12:41 <DIR> d-------- C:\Program Files\mIRC 2007-03-18 17:53 <DIR> d-------- C:\DOCUME~1\david\Phone Browser 2007-03-18 17:53 <DIR> d-------- C:\DOCUME~1\david\APPLIC~1\DataLayer 2007-03-11 15:58 <DIR> d-------- C:\DOCUME~1\david\APPLIC~1\Nokia Multimedia Player 2007-03-11 15:57 <DIR> d-------- C:\DOCUME~1\david\APPLIC~1\Nokia 2007-03-11 15:55 <DIR> d-------- C:\Program Files\DIFX 2007-03-11 15:54 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-03-11 15:53 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-03-11 15:53 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-03-11 15:53 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2007-03-11 15:53 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-03-11 15:53 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-03-11 15:53 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-03-11 15:53 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-03-11 15:53 <DIR> d-------- C:\Program Files\Nokia 2007-03-11 15:53 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-03-11 15:53 <DIR> d-------- C:\DOCUME~1\david\APPLIC~1\PC Suite 2007-03-11 15:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite 2007-03-11 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-02 23:23 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-03-30 18:01 -------- d-------- C:\Program Files\norton systemworks 2007-03-28 16:10 3350 --ahs---- C:\WINDOWS\system32\kgygaavl.sys 2007-03-28 16:04 -------- d-------- C:\Program Files\daemon tools 2007-03-28 14:07 -------- d-------- C:\Program Files\spyware doctor 2007-03-28 13:43 -------- d-------- C:\Program Files\symantec 2007-03-25 19:07 1104874 --a------ C:\DOCUME~1\david\APPLIC~1\nmm-metadata.db 2007-02-26 18:40 -------- d-------- C:\Program Files\tansee ipod transfer 2007-01-04 15:48 0 --a------ C:\WINDOWS\system32\wwww.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "ParetoLogic Anti-Spyware"="\"C:\\Program Files\\ParetoLogic\\Anti-Spyware\\Pareto_AS.exe\" -NM -hidesplash" "Khid"="C:\\Documents and Settings\\david\\Application Data\\?icrosoft.NET\\?ti2evxx.exe" "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe" "ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe" "LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\ehome\\ehtray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="raid_tool" "hkey"="HKLM" "command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VTTimer" "hkey"="HKLM" "command"="VTTimer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VTtrayp" "hkey"="HKLM" "command"="VTtrayp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{51C55F9E-C308-4c95-89AB-8858D8AFD819}"="ParetoLogic Anti-Spyware" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job C:\WINDOWS\tasks\ParetoLogic Anti-Spyware.job C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-02 23:28:28 C:\ComboFix2.txt ... 07-03-30 17:19
  16. hey the size of the file ndis.sys was NOT 265,988 bytes as u said it should be. The size of ndis.sys is as follows Size: 274 KB (281,348 bytes) Size on disk: 276 KB (282,624 bytes) should i still proceed with your directions? cheers David
  17. Hey The report that it produced is below. Cheers David Volume in drive C has no label. Volume Serial Number is E8D8-432F Directory of C:\WINDOWS\System32\drivers 03/28/2007 12:47 PM 281,348 ndis.sys 08/03/2004 11:10 PM 10,880 NdisIP.sys 08/18/2001 01:55 AM 9,600 ndistapi.sys 08/10/2004 04:32 PM 12,928 ndisuio.sys 08/04/2004 11:14 AM 91,776 ndiswan.sys 5 File(s) 406,532 bytes 0 Dir(s) 3,205,881,856 bytes free
  18. 843880E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 843880E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 843880E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 843880E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 843880E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 843880E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 843880E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 843880E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 843880E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 83FF4518 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 83FF4518 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 845CDA58 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 841E30E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 841E30E8 Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_CREATE 845A5C78 Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_CLOSE 845A5C78 Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_DEVICE_CONTROL 845A5C78 Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 845A5C78 Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_POWER 845A5C78 Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_SYSTEM_CONTROL 845A5C78 Device \Driver\viamraid \Device\Scsi\viamraid1 IRP_MJ_PNP 845A5C78 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 843C36C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 843C36C0 Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 8422A628 Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 8422A628 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 840942B8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 840942B8 ---- Files - GMER 1.0.12 ---- ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{210515E9-8829-0C11-06DA-3C48AE70A05C}\01\11-{210515E9-8829-0C11-06DA-3C48AE70A05C}-v1-{E4A6DFD2-34C1-4971-97F4-6B6435EAB51B}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{996F4B94-AC6C-FFA9-00E0-BD2A9D6F8FC2}\01\10-{996F4B94-AC6C-FFA9-00E0-BD2A9D6F8FC2}-v1-{FA34268B-7F77-4997-B6FA-979210DDC45F}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\01\10-{42893528-3194-2204-0F43-08622A590128}-v1-{45524374-CF53-4630-AF89-A13FFAAD670E}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\16\16-{45524374-CF53-4630-AF89-A13FFAAD670E}-v16-{45524374-CF53-4630-AF89-A13FFAAD670E}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\16\16-{45524374-CF53-4630-AF89-A13FFAAD670E}-v16-{45524374-CF53-4630-AF89-A13FFAAD670E}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\17\17-{45524374-CF53-4630-AF89-A13FFAAD670E}-v17-{45524374-CF53-4630-AF89-A13FFAAD670E}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\17\17-{45524374-CF53-4630-AF89-A13FFAAD670E}-v17-{45524374-CF53-4630-AF89-A13FFAAD670E}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\28\28-{45524374-CF53-4630-AF89-A13FFAAD670E}-v28-{45524374-CF53-4630-AF89-A13FFAAD670E}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\28\28-{45524374-CF53-4630-AF89-A13FFAAD670E}-v28-{45524374-CF53-4630-AF89-A13FFAAD670E}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\29\29-{45524374-CF53-4630-AF89-A13FFAAD670E}-v29-{45524374-CF53-4630-AF89-A13FFAAD670E}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\29\29-{45524374-CF53-4630-AF89-A13FFAAD670E}-v29-{45524374-CF53-4630-AF89-A13FFAAD670E}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\30\30-{45524374-CF53-4630-AF89-A13FFAAD670E}-v30-{45524374-CF53-4630-AF89-A13FFAAD670E}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\30\30-{45524374-CF53-4630-AF89-A13FFAAD670E}-v30-{45524374-CF53-4630-AF89-A13FFAAD670E}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\31\31-{45524374-CF53-4630-AF89-A13FFAAD670E}-v31-{45524374-CF53-4630-AF89-A13FFAAD670E}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\31\31-{45524374-CF53-4630-AF89-A13FFAAD670E}-v31-{45524374-CF53-4630-AF89-A13FFAAD670E}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\32\32-{45524374-CF53-4630-AF89-A13FFAAD670E}-v32-{45524374-CF53-4630-AF89-A13FFAAD670E}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\32\32-{45524374-CF53-4630-AF89-A13FFAAD670E}-v32-{45524374-CF53-4630-AF89-A13FFAAD670E}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\33\33-{45524374-CF53-4630-AF89-A13FFAAD670E}-v33-{45524374-CF53-4630-AF89-A13FFAAD670E}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\33\33-{45524374-CF53-4630-AF89-A13FFAAD670E}-v33-{45524374-CF53-4630-AF89-A13FFAAD670E}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\43\43-{45524374-CF53-4630-AF89-A13FFAAD670E}-v43-{45524374-CF53-4630-AF89-A13FFAAD670E}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\43\43-{45524374-CF53-4630-AF89-A13FFAAD670E}-v43-{45524374-CF53-4630-AF89-A13FFAAD670E}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\45\45-{45524374-CF53-4630-AF89-A13FFAAD670E}-v45-{45524374-CF53-4630-AF89-A13FFAAD670E}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42893528-3194-2204-0F43-08622A590128}\45\45-{45524374-CF53-4630-AF89-A13FFAAD670E}-v45-{45524374-CF53-4630-AF89-A13FFAAD670E}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{C4744820-F95C-AB8A-374A-A3740D4906DD}\01\26-{C4744820-F95C-AB8A-374A-A3740D4906DD}-v1-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\01\15-{60B60993-4B29-6586-DE46-0A2EC4A7741D}-v1-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\16\16-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v16-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\16\16-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v16-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\16\16-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v16-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\17\17-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v17-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\17\17-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v17-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\17\17-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v17-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\18\15-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v18-{6F15C025-33CA-4E26-8A72-F290778FB368}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{60B60993-4B29-6586-DE46-0A2EC4A7741D}\18\15-{C147DDCF-E4D4-4D78-9763-30ED6F6617AA}-v18-{6F15C025-33CA-4E26-8A72-F290778FB368}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
  19. 845A5808 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 845A5808 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8422A628 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8422A628 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 845A50E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 845A50E8 Device \Driver\00000043 \Device\00000047 IRP_MJ_POWER [F73F0F68] sptd.sys Device \Driver\00000043 \Device\00000047 IRP_MJ_SYSTEM_CONTROL [F7405A70] sptd.sys Device \Driver\00000043 \Device\00000047 IRP_MJ_PNP [F73FE728] sptd.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 845CDA58 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 845CDA58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 843360E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8421B578 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8421B578 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 843360E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 843360E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 842485A8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 842485A8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 842485A8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 842485A8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 842485A8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 842485A8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 842485A8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 842485A8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 842485A8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 842485A8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 842485A8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 842485A8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 845A5A
  20. Hey here is my gmer report i couldnt fit the whole report into one post (too many characters) so i have spread the report out thrut he next 3 posts. hope this helps cheers David GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-31 00:59:29 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT 841170A8 ZwConnectPort SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. ? C:\WINDOWS\System32\Drivers\SPTD4749.SYS The process cannot access the file because it is being used by another process. ? C:\WINDOWS\system32\drivers\NDIS.sys The process cannot access the file because it is being used by another process. ? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process. ? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. ---- User code sections - GMER 1.0.12 ---- .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[564] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[564] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[564] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[564] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[564] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[764] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[764] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[824] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[824] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\soundman.exe[952] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\soundman.exe[952] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\soundman.exe[952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\soundman.exe[952] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\soundman.exe[952] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\LXSUPMON.EXE[1080] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LXSUPMON.EXE[1080] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\LXSUPMON.EXE[1080] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\LXSUPMON.EXE[1080] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\LXSUPMON.EXE[1080] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[1088] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[1088] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe[1088] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\Program Files\iTunes\iTunesHelper.exe[1132] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\iTunes\iTunesHelper.exe[1132] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\iTunes\iTunesHelper.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\iTunes\iTunesHelper.exe[1132] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[1132] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[1204] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[1204] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[1204] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[1204] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\ehome\ehRecvr.exe[1312] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\ehRecvr.exe[1312] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\ehome\ehRecvr.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\ehome\ehRecvr.exe[1312] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\ehome\ehRecvr.exe[1312] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe[1432] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe[1432] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe[1432] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe[1432] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\explorer.exe[1524] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[1524] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\explorer.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\explorer.exe[1524] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\explorer.exe[1524] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1624] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1624] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1624] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1624] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\LexBceS.exe[1744] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LexBceS.exe[1744] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\LexBceS.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\LexBceS.exe[1744] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\LexBceS.exe[1744] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\Lexpps.exe[1816] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\Lexpps.exe[1816] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\Lexpps.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\Lexpps.exe[1816] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\Lexpps.exe[1816] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\ehome\ehSched.exe[1936] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ehome\ehSched.exe[1936] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\ehome\ehSched.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\ehome\ehSched.exe[1936] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\ehome\ehSched.exe[1936] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1992] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1992] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1992] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1992] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1992] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE[2100] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE[2100] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE[2100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE[2100] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE[2100] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[2144] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[2144] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\david\Desktop\gmer\gmer.exe[2208] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\david\Desktop\gmer\gmer.exe[2208] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ] .text C:\Documents and Settings\david\Desktop\gmer\gmer.exe[2208] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\david\Desktop\gmer\gmer.exe[2208] kernel32
  21. Ok just to make a correction from wat i said in my previous post. i still am getting messages from norton saying they blocked emails beiong sent from my computer. Cheers David
  22. Hye guys Thanks alot for the help. I followed all your steps Aaflac. When i loged into my computer again Nortaon still detected totour.exe although my computer seems to have stopped sending junk mail (as i am not getting any messages from norton sayin they have blocked emails sent from my computer). The sysclean log and combo fix log is below. Once again thanks for the help. SYSCLEAN.LOG /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2006, Trend Micro, Inc. | | http://www.antivirus.com | \--------------------------------------------------------------/ 2007-03-30, 15:38:27, Auto-clean mode specified. 2007-03-30, 15:38:27, Running scanner "C:\Documents and Settings\david\Desktop\Sysclean\TSC.BIN"... 2007-03-30, 15:43:02, Scanner "C:\Documents and Settings\david\Desktop\Sysclean\TSC.BIN" has finished running. 2007-03-30, 15:43:02, TSC Log: Damage Cleanup Engine (DCE) 5.0(Build 1107) Windows XP(Build 2600: Service Pack 2) Start time : Fri Mar 30 2007 15:38:27 Load Damage Cleanup Template (DCT) "C:\Documents and Settings\david\Desktop\Sysclean\tsc.ptn" (version 850) [success] Complete time : Fri Mar 30 2007 15:43:02 Execute pattern count(3073), Virus found count(0), Virus clean count(0), Clean failed count(0) 2007-03-30, 15:43:28, An error was detected on "C:\Documents and Settings\david\Application Data\?icrosoft.NET\*.*": The filename, directory name, or volume label syntax is incorrect. 2007-03-30, 15:45:02, An error was detected on "C:\Program Files\Common Files\W?nSxS\*.*": The filename, directory name, or volume label syntax is incorrect. 2007-03-30, 15:45:02, An error was detected on "C:\Program Files\Common Files\??sks\*.*": The filename, directory name, or volume label syntax is incorrect. 2007-03-30, 15:45:34, An error was detected on "C:\System Volume Information\*.*": Access is denied. 2007-03-30, 15:47:33, An error was detected on "D:\System Volume Information\*.*": Access is denied. 2007-03-30, 16:24:14, Files Detected: Copyright © 1990 - 2004 Trend Micro Inc. Report Date : 3/30/2007 15:47:34 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 377 (170414 Patterns) (2007/03/29) (437700) Command Line: C:\Documents and Settings\david\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\david\Desktop\Sysclean C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\412745AV\swp[1].exe [TROJ_Generic] C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\A4QXN940\inserv[1].exe [TROJ_AGENT.VAW] C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\TLM3KHQR\winlogon[1].exe [TROJ_AGENT.VAV] C:\RECYCLER\NPROTECT\00287051.exe [TROJ_AGENT.VAV] C:\WINDOWS\inserv.exe [TROJ_AGENT.VAW] C:\WINDOWS\system32\dxdlg32.exe [TROJ_Generic] 46675 files have been read. 46675 files have been checked. 40808 files have been scanned. 75824 files have been scanned. (including files in archived) 6 files containing viruses. Found 6 viruses totally. Maybe 0 viruses totally. Stop At : 3/30/2007 16:24:14 ---------*---------*---------*---------*---------*---------*---------*---------* 2007-03-30, 16:24:14, Files Clean: Copyright © 1990 - 2004 Trend Micro Inc. Report Date : 3/30/2007 15:47:34 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 377 (170414 Patterns) (2007/03/29) (437700) Command Line: C:\Documents and Settings\david\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\david\Desktop\Sysclean Success Clean [ TROJ_Generic]( 1) from C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\412745AV\swp[1].exe Success Clean [ TROJ_AGENT.VAW]( 1) from C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\A4QXN940\inserv[1].exe Success Clean [ TROJ_AGENT.VAV]( 1) from C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\TLM3KHQR\winlogon[1].exe Success Clean [ TROJ_AGENT.VAV]( 1) from C:\RECYCLER\NPROTECT\00287051.exe Success Clean [ TROJ_AGENT.VAW]( 1) from C:\WINDOWS\inserv.exe Success Clean [ TROJ_Generic]( 1) from C:\WINDOWS\system32\dxdlg32.exe 46675 files have been read. 46675 files have been checked. 40808 files have been scanned. 75824 files have been scanned. (including files in archived) 6 files containing viruses. Found 6 viruses totally. Maybe 0 viruses totally. Stop At : 3/30/2007 16:24:14 36 minutes 32 seconds (2191.47 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2007-03-30, 16:24:14, Clean Fail: Copyright © 1990 - 2004 Trend Micro Inc. Report Date : 3/30/2007 15:47:34 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 377 (170414 Patterns) (2007/03/29) (437700) Command Line: C:\Documents and Settings\david\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\david\Desktop\Sysclean 46675 files have been read. 46675 files have been checked. 40808 files have been scanned. 75824 files have been scanned. (including files in archived) 6 files containing viruses. Found 6 viruses totally. Maybe 0 viruses totally. Stop At : 3/30/2007 16:24:14 36 minutes 32 seconds (2191.47 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2007-03-30, 16:24:14, Scanner "C:\Documents and Settings\david\Desktop\Sysclean\VSCANTM.BIN" has finished running. 2007-03-30, 16:34:13, Files Detected: Copyright © 1990 - 2004 Trend Micro Inc. Report Date : 3/30/2007 16:24:14 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 377 (170414 Patterns) (2007/03/29) (437700) Command Line: C:\Documents and Settings\david\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\david\Desktop\Sysclean D:\RECYCLER\NPROTECT\00000354.ZIP (1/1 Viruses Found) 21721 files have been read. 21721 files have been checked. 19638 files have been scanned. 23079 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 3/30/2007 16:34:13 ---------*---------*---------*---------*---------*---------*---------*---------* 2007-03-30, 16:34:13, Files Clean: Copyright © 1990 - 2004 Trend Micro Inc. Report Date : 3/30/2007 16:24:14 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 377 (170414 Patterns) (2007/03/29) (437700) Command Line: C:\Documents and Settings\david\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\david\Desktop\Sysclean Success Clean [ WORM_GAOBOT.DF]( 1) from D:\RECYCLER\NPROTECT\00000354.ZIP,(Setup.exe) 21721 files have been read. 21721 files have been checked. 19638 files have been scanned. 23079 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 3/30/2007 16:34:13 9 minutes 50 seconds (590.53 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2007-03-30, 16:34:13, Clean Fail: Copyright © 1990 - 2004 Trend Micro Inc. Report Date : 3/30/2007 16:24:14 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 377 (170414 Patterns) (2007/03/29) (437700) Command Line: C:\Documents and Settings\david\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\david\Desktop\Sysclean 21721 files have been read. 21721 files have been checked. 19638 files have been scanned. 23079 files have been scanned. (including files in archived) 2 files containing viruses. Found 2 viruses totally. Maybe 0 viruses totally. Stop At : 3/30/2007 16:34:13 9 minutes 50 seconds (590.53 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2007-03-30, 16:34:13, Scanner "C:\Documents and Settings\david\Desktop\Sysclean\VSCANTM.BIN" has finished running. COMBOFIX.TXT "david" - 07-03-30 16:56:44 Service Pack 2 ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\david\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\KB95842.log C:\Program Files\Common Files\{38D84~1\Activate.exe C:\Program Files\Common Files\{38D84~1\toolbardll.lzma C:\WINDOWS\system32\jbhook.dll C:\WINDOWS\system32\jbloader.dll C:\WINDOWS\msvbs32.dll C:\WINDOWS\pc.exe C:\Program Files\Common Files\{38D84~1 C:\Program Files\Common Files\{E8D84~1 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\DOCUME~1 C:\qoobox\purity\DOCUME~1\david C:\qoobox\purity\DOCUME~1\david\APPLIC~1 C:\qoobox\purity\DOCUME~1\david\APPLIC~1\from.txt C:\qoobox\purity\DOCUME~1\david\APPLIC~1\ICROSO~1.NET C:\qoobox\purity\Program Files\Common Files\SKS~1 C:\qoobox\purity\Program Files\Common Files\WNSXS~1 C:\qoobox\purity\Program Files\Common Files\SKS~1\??sks C:\qoobox\purity\Program Files\Common Files\SKS~1\??sks\ctxad-504.0000 ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-30 )))))))))))))))))))))))))))))))))) 2007-03-30 15:36 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-03-28 12:49 61 --a------ C:\WINDOWS\winmoprp.dll 2007-03-28 12:48 61 --a------ C:\WINDOWS\msscds32.dll 2007-03-22 12:41 <DIR> d-------- C:\Program Files\mIRC 2007-03-18 17:53 <DIR> d-------- C:\DOCUME~1\david\Phone Browser 2007-03-18 17:53 <DIR> d-------- C:\DOCUME~1\david\APPLIC~1\DataLayer 2007-03-11 15:58 <DIR> d-------- C:\DOCUME~1\david\APPLIC~1\Nokia Multimedia Player 2007-03-11 15:57 <DIR> d-------- C:\DOCUME~1\david\APPLIC~1\Nokia 2007-03-11 15:55 <DIR> d-------- C:\Program Files\DIFX 2007-03-11 15:54 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-03-11 15:53 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-03-11 15:53 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-03-11 15:53 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2007-03-11 15:53 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-03-11 15:53 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-03-11 15:53 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-03-11 15:53 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-03-11 15:53 <DIR> d-------- C:\Program Files\Nokia 2007-03-11 15:53 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-03-11 15:53 <DIR> d-------- C:\DOCUME~1\david\APPLIC~1\PC Suite 2007-03-11 15:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite 2007-03-11 15:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-30 17:03 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-03-28 16:10 3350 --ahs---- C:\WINDOWS\system32\kgygaavl.sys 2007-03-28 16:04 -------- d-------- C:\Program Files\daemon tools 2007-03-28 14:07 -------- d-------- C:\Program Files\spyware doctor 2007-03-28 13:43 -------- d-------- C:\Program Files\symantec 2007-03-28 12:47 281348 --a------ C:\WINDOWS\system32\drivers\ndis.sys 2007-03-25 19:07 1104874 --a------ C:\DOCUME~1\david\APPLIC~1\nmm-metadata.db 2007-03-21 17:42 -------- d-------- C:\Program Files\blaze media pro 2007-03-10 23:15 -------- d-------- C:\DOCUME~1\david\APPLIC~1\limewire 2007-02-26 18:40 -------- d-------- C:\Program Files\tansee ipod transfer 2007-02-23 18:43 -------- d-------- C:\Program Files\norton systemworks 2007-01-30 17:24 -------- d--h----- C:\Program Files\installshield installation information 2007-01-04 15:48 0 --a------ C:\WINDOWS\system32\wwww.exe 2006-12-17 17:12 125 ---hs---- C:\DOCUME~1\david\APPLIC~1\.zreglib (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "ParetoLogic Anti-Spyware"="\"C:\\Program Files\\ParetoLogic\\Anti-Spyware\\Pareto_AS.exe\" -NM -hidesplash" "Khid"="C:\\Documents and Settings\\david\\Application Data\\?icrosoft.NET\\?ti2evxx.exe" "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe" "ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe" "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe" "LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMON.EXE RUN" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\ehome\\ehtray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="raid_tool" "hkey"="HKLM" "command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VTTimer" "hkey"="HKLM" "command"="VTTimer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VTtrayp" "hkey"="HKLM" "command"="VTtrayp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{51C55F9E-C308-4c95-89AB-8858D8AFD819}"="ParetoLogic Anti-Spyware" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MCHINJDRV Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job C:\WINDOWS\tasks\ParetoLogic Anti-Spyware.job C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-30 17:06:24
  23. Hi Aaflac thanks for the reply Just one question when i go to download the file "Virus Pattern File (Official Pattern Release) 4.373.00" there is only the file "Official Pattern Release 4.375.00" there. Do I download that one? Thanks David
×
×
  • Create New...