Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member
    Join Date
    Jan 2008
    Posts
    9
    Points
    0

    Default Virus/trojan/something

    I am really in need of some help here. I have been battling a virus,trojan, or something since 12-2007. It started on my home desktop & since my laptop is networked it flowed to that. I have restored & restored about 10 times & nothing seems to get rid of these abnormal running programs that I have. My pc is running really slow & now I believe it has creeped into my other pc that I thought was safe. It has disabled my norton antivirus saying that the symantec could not access the scan engine because it is inproperly installed. My other virus software on the laptop Mcafee says I have nothing on my pc but I know there is something hding itself. Can anyone give me a starting point, please?

    Here is my highjack this scan for the most recently infected pc:

    nning processes:
    CRunning processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Novell\XTAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\Brother\BRPrintAuditor\Brsvau3a.exe
    C:\Program Files\Brother\BRPrintAuditor\brausc3a.exe
    C:\Program Files\Brother\BRPrintAuditor\BRAgtSrv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Aleric\MyIVO\bin\myivosrv.exe
    C:\Program Files\Novell\ZENworks\nalntsrv.exe
    C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Aleric\MyIVO\bin\myivodds.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Novell\ZENworks\wm.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
    C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Novell\ZENworks\NalAgent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\dpmw32.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Aleric\MyIVO\bin\myivomgr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Novell\GroupWise\notify.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Novell\GroupWise\grpwise.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\UNZIPPED\Procmon.exe
    C:\Program Files\Security Task Manager\taskman.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intra.umm.edu/ummc/index.htm
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
    O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [myivo] C:\Program Files\Aleric\MyIVO\bin\myivomgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl05c\FAXRX.exe
    O4 - Startup: Shortcut to CGMIDAS-Share.lnk = C:\Documents and Settings\BLANSING.UMMS-EA320DEC8C\Desktop\CGMIDAS-Share.nal
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Notify.lnk = C:\Novell\GroupWise\notify.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
    O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://intra/wficat.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1193416385031
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1193418534484
    O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - http://kronosw1.umm.edu/WFC/plugins/...3_1_02-win.exe
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: BrPrAuSvc (BrAuSvc) - brother Industries Ltd - C:\Program Files\Brother\BRPrintAuditor\Brsvau3a.exe
    O23 - Service: Brother BRPrintAuditor Agent (BRPA_Agent) - Unknown owner - C:\Program Files\Brother\BRPrintAuditor\BRAgtSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MyIVO - Unknown owner - C:\Program Files\Aleric\MyIVO\bin\myivosrv.exe
    O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
    O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
    O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

    --.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

  2. #2
    Member
    Join Date
    Jan 2008
    Posts
    9
    Points
    0

    Default I think i posted in the wrong forum

    I think i posted in the wrong forum, sorry about that I will repost in there.

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Hi:

    Your HJT is not complete, the top part is missing. Need to see a new HJT log.

    BG

  4. #4
    Member
    Join Date
    Jan 2008
    Posts
    9
    Points
    0

    Default

    I am not sure why it came across incomplete:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:53:39 AM, on 1/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\unzipped\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/?cookieattempt=1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 9481 bytes

  5. #5
    Member
    Join Date
    Jan 2008
    Posts
    9
    Points
    0

    Default

    I got my new hard drive for my desktop pc & intstalled that tonight. However now it appears the brand new hard drive is once again infected. I am at a loss for what to do now. I ran all of the suggested scans in the sticky but they only turned up cookies mostly. PLEASE SOMEONE HELP!

  6. #6
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Is the last log you posted for the old or new HD ?

    If it is for the old one, need to see a new HJT log.

    What errors are you getting exactly and what program is telling you this?

    BG

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    You say you have a problem/infection ... but you don't say much about it ...

    Your hijackthis log is clean, apart from it showing your java is about 50 years out of date ...

    maybe you just need to give your computers a good clean out, then again if you're having a problem with a new hard-drive, maybe you have a hardware problem, not necessarily the hard-drive...

    Please try and describe the problem in more detail, you're giving us very little to go on...

    As for Norton, it corrupts very easily, and can cause a lot of other problems when it does ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  8. #8
    Member
    Join Date
    Jan 2008
    Posts
    9
    Points
    0

    Default

    well there are weird processes running & now on my desktop I cannot even run programs because it says the directory can no longer be located.

    Here are the running processes do you see anything weird?


    --- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

    2007-08-31 blindman.exe (1.0.0.6)
    2007-08-31 SDMain.exe (1.0.0.4)
    2007-08-31 SDUpdate.exe (1.0.6.4)
    2007-08-31 SDWinSec.exe (1.0.0.8)
    2007-08-31 SpybotSD.exe (1.5.1.15)
    2007-08-31 TeaTimer.exe (1.5.0.9)
    2008-01-12 unins000.exe (51.46.0.0)
    2007-08-31 Update.exe (1.4.0.5)
    2007-08-31 advcheck.dll (1.5.3.0)
    2007-04-02 aports.dll (2.1.0.0)
    2007-04-02 DelZip179.dll (1.79.5.3)
    2007-08-31 SDHelper.dll (1.5.0.8)
    2007-08-31 Tools.dll (2.1.2.0)
    2008-01-09 Includes\Cookies.sbi
    2007-12-26 Includes\Dialer.sbi
    2008-01-09 Includes\DialerC.sbi
    2008-01-09 Includes\HeavyDuty.sbi
    2007-12-26 Includes\Hijackers.sbi
    2008-01-09 Includes\HijackersC.sbi
    2007-10-04 Includes\Keyloggers.sbi
    2008-01-09 Includes\KeyloggersC.sbi
    2004-11-29 Includes\LSP.sbi
    2008-01-09 Includes\Malware.sbi
    2008-01-09 Includes\MalwareC.sbi
    2007-10-24 Includes\PUPS.sbi
    2008-01-09 Includes\PUPSC.sbi
    2008-01-09 Includes\Revision.sbi
    2008-01-09 Includes\Security.sbi
    2008-01-09 Includes\SecurityC.sbi
    2007-11-07 Includes\Spybots.sbi
    2008-01-09 Includes\SpybotsC.sbi
    2007-11-06 Includes\Tracks.uti
    2007-12-12 Includes\Trojans.sbi
    2008-01-09 Includes\TrojansC.sbi
    2008-12-24 Plugins\TCPIPAddress.dll

    PID: 0 ( 0) [System]
    PID: 440 ( 0) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 516 ( 0) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 540 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
    size: 502272
    PID: 584 ( 0) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 596 ( 0) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 748 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 796 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 836 ( 0) C:\Program Files\Windows Defender\MsMpEng.exe
    size: 13592
    MD5: F45DD1E1365D857DD08BC23563370D0E
    PID: 880 ( 0) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 932 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1060 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1844 ( 0) C:\WINDOWS\System32\wltrysvc.exe
    size: 65536
    MD5: 61490BFA6558C8DD3027E130D9A02D4B
    PID: 1900 ( 0) C:\WINDOWS\System32\bcmwltry.exe
    size: 872556
    MD5: 72D58BB02CD83E6B7B9A97E06B3F0F43
    PID: 1912 ( 0) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    size: 587096
    MD5: 25F8546FD40E40EC5A2A23AECAE4FDCA
    PID: 1924 ( 0) C:\WINDOWS\Explorer.EXE
    size: 1032192
    MD5: A0732187050030AE399B241436565E64
    PID: 112 ( 0) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
    PID: 1080 ( 0) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    size: 1135728
    MD5: 8FA646F0E639D9A8C8B98E217D471DC0
    PID: 1100 ( 0) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    size: 100032
    MD5: 7768CE75C5CBF0D8F441CE2BBD806B7F
    PID: 1164 ( 0) C:\WINDOWS\eHome\ehRecvr.exe
    size: 237568
    MD5: 8301243BDE5B6CD316D79C0191D50D9A
    PID: 1180 ( 0) C:\WINDOWS\eHome\ehSched.exe
    size: 102912
    MD5: A53243709439AC2A4C216B817F8D7411
    PID: 1236 ( 0) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    size: 356352
    MD5: 23EEB337BF684589D261F2359E19C72C
    PID: 1636 ( 0) C:\WINDOWS\system32\tcpsvcs.exe
    size: 19456
    MD5: 32933B07FC16D9F778BEE12545FA1B1A
    PID: 1676 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 356 ( 0) C:\WINDOWS\ehome\mcrdsvc.exe
    size: 99328
    MD5: DF0A511F38F16016BF658FCA0090CB87
    PID: 2056 ( 0) C:\WINDOWS\system32\dllhost.exe
    size: 5120
    MD5: DD87DB7387B9EB441C5674888A0D840C
    PID: 2212 ( 0) C:\WINDOWS\system32\wbem\wmiprvse.exe
    size: 218112
    MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
    PID: 2332 ( 0) C:\WINDOWS\ehome\ehtray.exe
    size: 67584
    MD5: 7E48B4958C131E9643DDCD2E7CA3FE9F
    PID: 2360 ( 0) C:\WINDOWS\system32\hkcmd.exe
    size: 77824
    MD5: 82ADC58B63E069AC4641A33EA9841E54
    PID: 2376 ( 0) C:\WINDOWS\system32\igfxpers.exe
    size: 114688
    MD5: A0E2FFB7B0FCE82AA3BCC3105306C45C
    PID: 2392 ( 0) C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    size: 132496
    MD5: D4F0F7437327DBAA264338BAAFB5E5AF
    PID: 2400 ( 0) C:\Program Files\Dell\QuickSet\quickset.exe
    size: 684032
    MD5: 918BC1E0D5C85CA3E3FF85A428AE3844
    PID: 2408 ( 0) C:\WINDOWS\system32\WLTRAY.exe
    size: 696425
    MD5: 4998B9DCE09C712627F67DC84413086E
    PID: 2416 ( 0) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    size: 53248
    MD5: B3E3C57FD22E71CE20389372D972C6DC
    PID: 2448 ( 0) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: 583B7D111304BE63D7D9CB65482D2187
    PID: 2456 ( 0) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    size: 106496
    MD5: A14DB520786FAD113401495D93DEBBF3
    PID: 2472 ( 0) C:\Program Files\Windows Defender\MSASCui.exe
    size: 866584
    MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
    PID: 2484 ( 0) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    size: 847872
    MD5: 189CB7A0DD6F8E4BF205DB06B259EE97
    PID: 2536 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1460560
    MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
    PID: 2884 ( 0) C:\WINDOWS\system32\igfxsrvc.exe
    size: 159744
    MD5: 2888E77950D6E98A1B1D1BBD05FA4887
    PID: 2956 ( 0) C:\WINDOWS\eHome\ehmsas.exe
    size: 46592
    MD5: 03A905FBA1D62317087DB5C21C0F8F62
    PID: 3016 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 3088 ( 0) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 2352 ( 0) C:\Program Files\internet explorer\iexplore.exe
    size: 93184
    MD5: E7484514C0464642BE7B4DC2689354C8
    PID: 2908 ( 0) C:\Program Files\Internet Explorer\IEXPLORE.EXE
    size: 93184
    MD5: E7484514C0464642BE7B4DC2689354C8
    PID: 4060 ( 0) C:\Program Files\internet explorer\iexplore.exe
    size: 93184
    MD5: E7484514C0464642BE7B4DC2689354C8
    PID: 1816 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4943184
    MD5: C92780F50B8BB7A89E919585916494A9
    PID: 3920 ( 0) C:\Program Files\internet explorer\iexplore.exe
    size: 93184
    MD5: E7484514C0464642BE7B4DC2689354C8

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Quote Originally Posted by bslansinger
    well there are weird processes running & now on my desktop I cannot even run programs because it says the directory can no longer be located.
    NO there's nothing weird there ... they're all legit.

    What weird processes are you referring to ?

    Let's run some additional scans ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member
    Join Date
    Jan 2008
    Posts
    9
    Points
    0

    Default

    some of the weird stuff I have noticed is there will be 10 or more svchosts running at once. I have run other scans & been told that I had the vondu trojan, backweb was infected, some errors have been ccapp.exe has done something. here is the combo fix:

    ComboFix 08-01-09.2 - Administrator 2008-01-13 18:06:57.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.167 [GMT -8:00]
    Running from: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GF6L27QV\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
    .

    2008-01-13 18:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-13 17:53 . 2008-01-13 17:53 d-------- C:\WINDOWS\LastGood
    2008-01-13 17:45 . 2008-01-13 18:08 458,784 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-13 17:45 . 2008-01-13 18:08 74,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-01-13 17:45 . 2008-01-13 17:46 1,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-01-13 17:45 . 2008-01-13 17:46 1,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-13 17:43 . 2008-01-13 17:43 d-------- C:\Program Files\Kaspersky Lab
    2008-01-13 17:43 . 2008-01-13 17:51 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-13 17:42 . 2008-01-13 17:42 d-------- C:\KAV
    2008-01-13 17:29 . 2008-01-13 17:29 d-------- C:\WINDOWS\Sun
    2008-01-13 17:29 . 2008-01-13 17:31 d-------- C:\Documents and Settings\Administrator\.housecall6.6
    2008-01-13 17:23 . 2008-01-13 17:23 d-------- C:\WINDOWS\system32\bits
    2008-01-13 17:23 . 2008-01-13 17:57 d--h----- C:\WINDOWS\$hf_mig$
    2008-01-13 17:23 . 2005-02-24 19:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-01-13 17:21 . 2008-01-13 17:22 d-------- C:\Program Files\RegClean
    2008-01-13 17:21 . 2008-01-13 17:31 d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
    2008-01-13 17:11 . 2004-07-01 14:08 361,984 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
    2008-01-13 17:11 . 2004-07-01 14:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
    2008-01-13 17:11 . 2004-07-01 14:08 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
    2008-01-13 17:11 . 2004-06-30 15:59 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
    2008-01-13 17:11 . 2004-07-01 14:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2008-01-13 17:11 . 2004-07-01 14:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
    2008-01-13 17:11 . 2004-07-01 14:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
    2008-01-13 17:11 . 2004-07-01 14:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
    2008-01-13 17:11 . 2004-07-01 14:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
    2008-01-13 17:11 . 2004-07-01 14:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
    2008-01-13 17:10 . 2008-01-13 17:10 55,569,052 --a------ C:\WINDOWS\1.reg
    2008-01-13 17:08 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
    2008-01-13 17:08 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
    2008-01-13 17:08 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2008-01-13 17:08 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
    2008-01-13 17:08 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2008-01-13 17:08 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2008-01-13 17:08 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
    2008-01-13 16:57 . 2004-04-02 19:35 245,920 -r-hs---- C:\cmldr
    2008-01-13 16:57 . 2008-01-13 16:44 204 -rahs---- C:\BOOT.BAK
    2008-01-13 16:52 . 2008-01-13 16:52 d-------- C:\WINDOWS\Options
    2008-01-13 16:49 . 2008-01-13 16:49 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
    2008-01-13 16:49 . 2008-01-13 16:49 4,130 -rahs---- C:\WINDOWS\system32\drivers\HP_D7223H-ABA A650Y_YW_Pavi_QMXP430_E43NAprBLG6_4_IOxford_SASUSTeK Computer INC._V1.xx_B3.26_T040604_WXP1_L409_M512_J200_7Intel_8Pentium 4_93.2_1104C8023_N10EC8139_P_Z11C1048C_K_A808624D5_U808624D2_G10DE0326.MRK
    2008-01-13 16:47 . 2004-05-12 20:08 d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
    2008-01-13 16:47 . 2004-05-17 01:44 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
    2008-01-13 16:47 . 2004-05-12 22:06 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
    2008-01-13 16:47 . 2004-05-28 20:44 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
    2008-01-13 16:47 . 2004-05-28 20:44 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
    2008-01-13 16:47 . 2004-05-28 20:44 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
    2008-01-13 16:47 . 2004-05-28 20:44 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
    2008-01-13 16:47 . 2004-05-28 20:44 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
    2008-01-13 16:47 . 2003-09-10 23:36 21,060 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
    2008-01-13 16:47 . 2004-05-28 20:44 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
    2008-01-13 16:47 . 2003-09-19 01:47 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
    2008-01-13 16:46 . 2008-01-13 16:46 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
    2008-01-13 16:46 . 2008-01-13 16:46 d-------- C:\Program Files\Sonic
    2008-01-13 16:46 . 2008-01-13 16:46 d-------- C:\Program Files\RecordNow!
    2008-01-13 16:46 . 2008-01-13 16:46 d-------- C:\Program Files\Common Files\SureThing Shared
    2008-01-13 16:46 . 2008-01-13 16:46 d-------- C:\Program Files\Common Files\Sonic
    2008-01-13 16:44 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
    2008-01-13 16:44 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-01-13 15:44 . 2004-05-12 20:08 d-------- C:\Documents and Settings\Default User\WINDOWS
    2008-01-13 15:44 . 2008-01-13 17:51 178 --a------ C:\WINDOWS\system\hpsysdrv.DAT
    2008-01-13 15:42 . 2001-08-17 13:58 25,472 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
    2008-01-13 15:42 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-13 15:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-13 15:37 . 2008-01-13 15:37 d-------- C:\WINDOWS\I386
    2008-01-13 15:30 . 2008-01-13 15:35 dr------- C:\Documents and Settings\All Users\Documents
    2008-01-13 15:29 . 2008-01-13 17:23 dr-hsc--- C:\WINDOWS\system32\dllcache
    2008-01-13 15:09 . 2004-04-02 19:35 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll
    2008-01-13 15:06 . 2004-04-02 19:38 3,374,640 --a--c--- C:\WINDOWS\system32\dllcache\tourW.exe
    2008-01-13 15:02 . 2004-04-02 19:32 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin
    2008-01-13 15:01 . 2004-04-02 19:26 4,186,256 --a--c--- C:\WINDOWS\system32\dllcache\luna.mst
    2008-01-13 15:00 . 2004-04-02 19:08 2,028,032 --a--c--- C:\WINDOWS\system32\dllcache\cdosys.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-05-12 18:08 32881]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04 52736]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 14:38 241664]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 02:23 49152]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 02:15 483328]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 18:02 61440]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-05-12 19:41 151597]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-16 18:16 229376]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 10:43 233472]
    "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 21:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "NAV CfgWiz"="c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 17:24 124096]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 14:57 81920]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-23 20:43 3026944]
    "nwiz"="nwiz.exe" [2004-02-23 20:43 753664 C:\WINDOWS\system32\nwiz.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 19:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
    "UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-02-28 00:07 88364 C:\WINDOWS\AGRSMMSG.exe]
    "RegClean"="C:\Program Files\RegClean\RegClean.exe" [2007-12-14 09:39 8340712]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 11:19:24]


    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-14 01:51:55 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
    - C:\Program Files\RegClean\RegClean.ex
    - C:\Program Files\RegClean
    "2004-05-17 09:45:39 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-13 18:08:54
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-13 18:09:25
    ComboFix-quarantined-files.txt 2008-01-14 02:09:21
    .
    2008-01-14 01:23:52 --- E O F ---

Page 1 of 2 12 LastLast