Copy and paste the following file path C:\Program Files\Internet Explorer\msimg32.dll
into the box on the top of the page:
Click on the submit button
do the same for the following files as well
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
Please post the results in your next reply.
Go ahead and clean out Nortons quaratine folder
C:\Program Files\Norton AntiVirus\Quarantine
then lets clear out the infected restore points
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click
My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore.
On the Desktop, right-click
My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
then go ahead and rescan with Kaspersky and see what we come back with
Found SPR/AdTool.MyWebSearch.AU
ArcaVir Found Riskware.Adtool.Mywebsearch.Au
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Adware.MyWebSearch.M
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch.au (6, 2, 615)
Fortinet Found W32/MyWebSearch
Kaspersky Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch.au
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
C:\Program Files\MSN Messenger\msimg32.dll
AntiVir Found SPR/AdTool.MyWebSearch.AU
ArcaVir Found Riskware.Adtool.Mywebsearch.Au
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Adware.MyWebSearch.M
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch.au (6, 2, 615)
Fortinet Found W32/MyWebSearch
Kaspersky Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch.au
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
C:\Program Files\MSN Messenger\riched20.dll
AntiVir Found ADSPY/MyWebSearch.A.47
ArcaVir Found Adware.Mywebsearch
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Adware.MyWebSearch.AV
ClamAV Found Adware.Searchbar-19
Dr.Web Found Adware.Msearch
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch (6, 2, 615)
Fortinet Found Adware/MyWebSearch
Kaspersky Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch
NOD32 Found Win32/FunWeb application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.ToolBar.MyWebSearch
wahoo! yippee!!! all clean (i think) :bigggrin:
KASPERSKY ONLINE SCANNER REPORT
Monday, March 26, 2007 8:50:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/03/2007
Kaspersky Anti-Virus database records: 286267
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 61964
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:06:20
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\MSHist012007032620070327\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\~DFE337.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Simone Loong\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SIMONELAPTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT0288d.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02891.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I've just gone to update my virus definitions on Norton and it can't connect to the internet.
I've installed Zone Alarm but not quite sure how to use it. For example, just got this message about win32 but not sure what it means. Is my laptop sending out a virus???
Double-click on comboscan.exe to run it, and follow the prompts.
The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)
Post the Comboscan.txt from the Comboscan into your next reply
ComboScan v20070306.20 run by Simone Loong on 2007-03-27 at 10:12:55
Computer is in Normal Mode.
-- System Restore
Successfully created ComboScan Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-03-27 09:13:00 UTC - RP4 - ComboScan Restore Point
3: 2007-03-26 21:57:38 UTC - RP3 - Software Distribution Service 2.0
2: 2007-03-26 21:45:20 UTC - RP2 - Software Distribution Service 2.0
1: 2007-03-26 16:32:30 UTC - RP1 - System Checkpoint
lets use killbox again to delete the following please
C:\Documents and Settings\Simone Loong\Application Data\Dxccwrd.dll
C:\Documents and Settings\Simone Loong\Application Data\Dxcdmns.dll
C:\Documents and Settings\Simone Loong\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Simone Loong\Application Data\Dxcknwrd.dll
[FONT=Verdana][SIZE=1][/SIZE][/FONT][FONT=Times New Roman][SIZE=3]
[/SIZE][/FONT]
Rescan with DSS (Comboscan) again please and post back the log from it
The only major thing I've noticed is that file explorer takes a while to open.
Windows Security keeps telling me that Norton is out of date. And just now, Norton tells me that it's encountered a problem and needs to be uninstalled/reinstalled.
Hope your feeling better
Lets get after this. This scan will take a while to run,
First download AVG Anti-Spyware from HERE and save that file to your desktop. This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Just for something to do, I ran kaspersky before. Results below.
Now will do the AVG thing.
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 28, 2007 3:05:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/03/2007
Kaspersky Anti-Virus database records: 287431
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 66370
Number of viruses found: 2
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:18:21
Infected Object Name / Virus Name / Last Action
C:\!KillBox\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\!KillBox\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\OiUninstaller.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\call256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chat512.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\index2.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\user1024.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\user16384.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\user256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\user4096.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\MSHist012007032820070329\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\flaD.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\~DF1C22.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\~DFEC4C.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Simone Loong\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SIMONELAPTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{918C3E24-1E7F-47DB-B35A-4B845E582DE3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT01b4a.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0408c.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I've been a bad girl again, I haven't followed instructions :o
I ran the AVG scan, then fell asleep. When I woke up, all fuzzy headed, I saved the report, shut down and rebooted in normal mode. Then I went to post the results only to realise I hadn't taken any action with the previous scan. D'oh!!
I didn't have the patience to run the entire scan again, so I did a
Fast System Scan, then checked that report against the first report, then ran a Custom Scan on C:\Program Files\Common Files and C:\Documents and Settings\Simone Loong to pick up the remaining files.
It seems that everything that was mentioned in the first report has been picked up by the 2 separate scans. Plz correct me if I'm wrong.
So I've attached the
- first complete system scan (Report-Scan-20070328-185612.txt)
- the fast scan which says I haven't taken any action but I promise I did! I just forgot to save the report after I took action (Report-Scan-fast scan.txt)
- the custom scan (Report-Scan-2nd scan.txt)
Sorry to be painful. I'm useless when I just wake up !!
Did the killbox thingy. Sent you your files. Perhaps tomorrow if you have time you might explain how killbox works. Like why do the files end up in the !killbox folder? Time for Zzzzzz's
What will happen with AVG when the 30 days runs out?
The gaurd will no longer be available to you and you will not get automatic updates, but you can still use the program for scanning your lap top but you will have to manually update it
Still getting the Windows Security message that Norton is out of date and when I open Norton is just says 'refreshing'.
Bah I hate Nortons !!!! did you try manually updating it ?
I ran Autofix on Symantec.com and they think that my copy of Norton hasn't been activated ??? They suggested a fix but that didn't work either. Emailed tech support for help.
In the meantime, Norton has picked up at least two malicious scripts one called parasite.js and the other called defrag.js
The file path for both of them is:
c:\docume~1\simone~1\locals~1\temp\hpispz
Comments
s.
into the box on the top of the page:
do the same for the following files as well
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
Go ahead and clean out Nortons quaratine folder
C:\Program Files\Norton AntiVirus\Quarantine
then lets clear out the infected restore points
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click
My Computer.Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
On the Desktop, right-click
My Computer.Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
then go ahead and rescan with Kaspersky and see what we come back with
C:\Program Files\Internet Explorer\msimg32.dll
Found SPR/AdTool.MyWebSearch.AU
ArcaVir Found Riskware.Adtool.Mywebsearch.Au
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Adware.MyWebSearch.M
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch.au (6, 2, 615)
Fortinet Found W32/MyWebSearch
Kaspersky Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch.au
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
C:\Program Files\MSN Messenger\msimg32.dll
AntiVir Found SPR/AdTool.MyWebSearch.AU
ArcaVir Found Riskware.Adtool.Mywebsearch.Au
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Adware.MyWebSearch.M
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch.au (6, 2, 615)
Fortinet Found W32/MyWebSearch
Kaspersky Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch.au
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
C:\Program Files\MSN Messenger\riched20.dll
AntiVir Found ADSPY/MyWebSearch.A.47
ArcaVir Found Adware.Mywebsearch
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Adware.MyWebSearch.AV
ClamAV Found Adware.Searchbar-19
Dr.Web Found Adware.Msearch
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch (6, 2, 615)
Fortinet Found Adware/MyWebSearch
Kaspersky Anti-Virus Found not-a-virus:AdTool.Win32.MyWebSearch
NOD32 Found Win32/FunWeb application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.ToolBar.MyWebSearch
Did the system restore uncheck, recheck thingy as you asked.
Now running system scan on kaspersky...
KASPERSKY ONLINE SCANNER REPORT
Monday, March 26, 2007 5:24:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/03/2007
Kaspersky Anti-Virus database records: 286181
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 62115
Number of viruses found: 9
Number of infected objects: 11 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:09:05
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Desktop\not good\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\MSHist012007032620070327\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\~DF4FB.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Simone Loong\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000169.exe Infected: Trojan-Downloader.Win32.Agent.bdr skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000171.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000172.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000173.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000174.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000186.exe Infected: not-a-virus:AdWare.Win32.Softomate.aj skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000199.exe Infected: not-a-virus:AdWare.Win32.Softomate.aj skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000205.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000217.exe Infected: not-a-virus:AdWare.Win32.Softomate.al skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\A0000225.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\BACKUP.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\bu_tosave.rdb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SIMONELAPTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT02981.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02985.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Also managed to bin the msimg32.dll which wouldn't allow me to delete it previously.
Looks almost done
KASPERSKY ONLINE SCANNER REPORT
Monday, March 26, 2007 8:50:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/03/2007
Kaspersky Anti-Virus database records: 286267
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 61964
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:06:20
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\MSHist012007032620070327\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\~DFE337.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Simone Loong\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SIMONELAPTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT0288d.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02891.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
BitDefender Online Scanner - Real Time Virus Report
Generated at: Mon, Mar 26, 2007 - 22:19:35
Scan Info
Scanned Files
394172
Infected Files
0
Virus Detected
No virus found.
I've installed Zone Alarm but not quite sure how to use it. For example, just got this message about win32 but not sure what it means. Is my laptop sending out a virus???
- Close all applications and windows.
- Double-click on comboscan.exe to run it, and follow the prompts.
- The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)Post the Comboscan.txt from the Comboscan into your next reply
ComboScan v20070306.20 run by Simone Loong on 2007-03-27 at 10:12:55
Computer is in Normal Mode.
-- System Restore
Successfully created ComboScan Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-03-27 09:13:00 UTC - RP4 - ComboScan Restore Point
3: 2007-03-26 21:57:38 UTC - RP3 - Software Distribution Service 2.0
2: 2007-03-26 21:45:20 UTC - RP2 - Software Distribution Service 2.0
1: 2007-03-26 16:32:30 UTC - RP1 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as Simone Loong.exe)
Logfile of HijackThis v1.99.1
Scan saved at 10:13:36 AM, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SlipStream Web Accelerator\slipcore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Unwired\UwSCT.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\Content.IE5\5M3VU4W8\comboscan[1].exe
C:\PROGRA~1\HIJACK~1\Simone Loong.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.unwired.com.au/launch.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\SlipStream Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135569143640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135569061500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC823201-EA27-428D-9F8D-4D8C38032E8F}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\)
backup-20070325-162249-160 O2 - BHO: (no name) - °@5122B-85FF-4DD3-9515-F075BEDE5EB5} - (no file)
backup-20070325-162249-263 O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
backup-20070325-162249-609 O2 - BHO: (no name) - rsion - (no file)
backup-20070325-162249-680 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYLEGB
backup-20070325-162249-692 R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
backup-20070325-162249-765 O2 - BHO: (no name) - ¨¨B-80C6-11D3-9483-B03D0EC10000} - (no file)
backup-20070325-162249-797 O2 - BHO: (no name) - €@49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
backup-20070325-162249-925 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
backup-20070325-162249-932 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
backup-20070325-162249-975 O2 - BHO: (no name) - à@3D70E-1895-11CF-8E15-001234567890} - (no file)
-- File Associations
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
3S alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys
3S alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys
1R AmdK8 (AMD Processor Driver) - C:\WINDOWS\system32\drivers\AmdK8.sys
3S Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3R ATSWPDRV (AuthenTec TruePrint USB Driver (AES2500)) - C:\WINDOWS\system32\drivers\ATSwpDrv.sys
3S b57w2k (Broadcom NetLink (TM) Gigabit Ethernet) - C:\WINDOWS\system32\drivers\b57xp32.sys
3R BCM43XX (Broadcom 802.11 Network Adapter Driver) - C:\WINDOWS\system32\drivers\BCMWL5.SYS
3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys
3R CAMCAUD (Conexant AMC Audio) - C:\WINDOWS\system32\drivers\camc6aud.sys
3R CAMCHALA - C:\WINDOWS\system32\drivers\camc6hal.sys
1R cdrbsdrv - C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
1R ClntMgmt.sys - C:\WINDOWS\system32\drivers\clntmgmt.sys
0R drvmcdb - C:\WINDOWS\system32\drivers\drvmcdb.sys
2R drvnddm - C:\WINDOWS\system32\drivers\drvnddm.sys
1R eabfiltr - C:\WINDOWS\system32\drivers\eabfiltr.sys
3S eabusb - C:\WINDOWS\system32\drivers\EabUsb.sys
3R GEARAspiWDM (GEAR CDRom Filter) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S GTIPCI21 - C:\WINDOWS\system32\drivers\gtipci21.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R HSFHWATI - C:\WINDOWS\system32\drivers\HSFHWATI.sys
3S HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070321.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070321.018\NAVEX15.SYS
3S NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
1R SAVRT - C:\Program Files\Norton AntiVirus\SAVRT.SYS
1R SAVRTPEL - C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys
3S SMCIRDA (SMC IrCC Miniport Device Driver) - C:\WINDOWS\system32\drivers\smcirda.sys
3S SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS
3S SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys
1R sscdbhk5 - C:\WINDOWS\system32\drivers\sscdbhk5.sys
1R ssrtln - C:\WINDOWS\system32\drivers\ssrtln.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070308.002\SymIDSCo.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
2R tfsnboio - C:\WINDOWS\system32\dla\tfsnboio.sys
2R tfsncofs - C:\WINDOWS\system32\dla\tfsncofs.sys
2R tfsndrct - C:\WINDOWS\system32\dla\tfsndrct.sys
2R tfsndres - C:\WINDOWS\system32\dla\tfsndres.sys
2R tfsnifs - C:\WINDOWS\system32\dla\tfsnifs.sys
2R tfsnopio - C:\WINDOWS\system32\dla\tfsnopio.sys
2R tfsnpool - C:\WINDOWS\system32\dla\tfsnpool.sys
2R tfsnudf - C:\WINDOWS\system32\dla\tfsnudf.sys
2R tfsnudfa - C:\WINDOWS\system32\dla\tfsnudfa.sys
3R tifm21 - C:\WINDOWS\system32\drivers\tifm21.sys
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R vsdatant - C:\WINDOWS\system32\vsdatant.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
1R WmiAcpi (Microsoft Windows Management Interface for ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
2R ASChannel (Local Communication Channel) - C:\WINDOWS\System32\svchost.exe -k Cognizance
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3S FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
2R NPFMntor (Norton AntiVirus Firewall Monitor Service) - "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
3S SAVScan - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
2S SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
3R ServiceLayer - "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2S SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2S vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
-- Scheduled Tasks
2007-03-26 15:42:19 436 --ah
C:\WINDOWS\Tasks\User_Feed_Synchronization-{573C561A-2AB9-4D09-B602-4F4AB0822355}.job<USER_F~1.JOB>
2007-03-26 12:06:02 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-03-23 21:00:02 546 --a
C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Administrator.job<NORTON~1.JOB>
2007-02-27 11:30:09 496 --a
C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Simone Loong.job<NORTON~2.JOB>
-- Files created between 2007-02-27 and 2007-03-27
2007-03-27 09:43:02 0 d
C:\WINDOWS\LastGood
2007-03-26 23:12:36 0 d
C:\Program Files\MSBuild
2007-03-26 23:08:31 0 d
C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-03-26 23:07:35 0 d
C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-26 23:06:13 14048
n--- C:\WINDOWS\system32\spmsg2.dll
2007-03-26 23:05:59 0 d
C:\0dcadcd3c1ba5bbe58f15ad6520c<0DCADC~1>
2007-03-26 22:56:58 36352
n--- C:\WINDOWS\system32\tsgqec.dll
2007-03-26 22:56:58 288768
n--- C:\WINDOWS\system32\rhttpaa.dll
2007-03-26 22:56:57 116736
n--- C:\WINDOWS\system32\aaclient.dll
2007-03-26 20:55:42 0 d
C:\WINDOWS\BDOSCAN8
2007-03-26 16:30:41 0 d
C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-25 20:34:22 0 d
C:\!KillBox
2007-03-25 15:02:38 0 d
C:\WINDOWS\system32\appmgmt
2007-03-25 14:53:55 4212 ---h
C:\WINDOWS\system32\zllictbl.dat
2007-03-25 14:53:40 75512 --a
C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
2007-03-25 14:53:10 1087216 --a
C:\WINDOWS\system32\zpeng24.dll
2007-03-25 14:53:10 0 d
C:\WINDOWS\system32\ZoneLabs
2007-03-25 14:52:36 0 d
C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-25 14:50:17 28 --a
C:\Documents and Settings\Simone Loong\Application Data\Dxccwrd.dll
2007-03-25 14:49:26 108 --a
C:\Documents and Settings\Simone Loong\Application Data\Dxcdmns.dll
2007-03-25 14:48:47 117 --a
C:\Documents and Settings\Simone Loong\Application Data\Dxcuknwrd.dll<DXCUKN~1.DLL>
2007-03-25 10:34:37 0 d
C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-03-25 10:18:33 0 d
C:\bintheredunthat<BINTHE~1>
2007-03-25 08:06:25 552 --a
C:\WINDOWS\system32\d3d8caps.dat
2007-03-24 20:15:21 0 d
C:\BFU
2007-03-24 18:33:08 0 d
C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-03-24 10:21:05 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-23 23:27:36 0 d
C:\93a6babd4615075e475704b1<93A6BA~1>
2007-03-23 11:07:36 0 d
C:\Documents and Settings\Simone Loong\Application Data\Lavasoft
2007-03-23 11:05:24 0 d
C:\Program Files\Lavasoft
2007-03-23 11:01:51 0 d
C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-23 09:19:22 826971 --a
C:\Documents and Settings\Simone Loong\Application Data\Dxcknwrd.dll
2007-03-22 22:47:49 8464 --a
C:\WINDOWS\system32\sporder.dll
2007-03-12 01:01:08 76560 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-11 18:42:11 0 d
C:\Documents and Settings\Simone Loong\.housecall6.6<HOUSEC~1.6>
2007-02-28 00:22:06 180224 --a
C:\WINDOWS\system32\eswia52.dll
2007-02-28 00:22:06 282624 --a
C:\WINDOWS\system32\esint52.dll
-- Find3M Report
2007-03-27 09:56:51 0 d
C:\Documents and Settings\Simone Loong\Application Data\Skype
2007-03-27 09:46:19 0 d
C:\Program Files\Unwired
2007-03-26 17:30:12 0 d
C:\Program Files\OptusNet Dial-up Internet<OPTUSN~1>
2007-03-26 16:01:27 0 d
C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-25 19:01:29 0 d
C:\Program Files\SlipStream Web Accelerator<SLIPST~1>
2007-03-25 19:01:25 0 d
C:\Program Files\QuickTime<QUICKT~1>
2007-03-25 19:00:42 0 d
C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-25 18:59:20 0 d
C:\Program Files\Messenger<MESSEN~1>
2007-03-25 18:58:57 0 d
C:\Program Files\iTunes
2007-03-25 18:55:53 0 d
C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-25 15:02:31 0 d
C:\Program Files\Java
2007-03-25 14:33:33 0 d
C:\Program Files\Symantec
2007-03-25 07:42:20 0 d
C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-24 23:10:12 22 --a
C:\Program Files\c.zip
2007-03-24 23:10:12 22 --a
C:\Program Files\b.zip
2007-03-24 23:09:45 22 --a
C:\Program Files\a.zip
2007-03-24 18:23:57 25214 --a
C:\Program Files\A.ico
2007-03-24 18:23:55 25214 --a
C:\Program Files\B.ico
2007-02-26 12:55:21 147456 --a
C:\WINDOWS\system32\vbzip10.dll
2007-02-18 11:45:51 560 --a
C:\Documents and Settings\Simone Loong\Application Data\ViewerApp.dat<VIEWER~1.DAT>
2007-02-12 13:02:53 0 d
C:\Documents and Settings\Simone Loong\Application Data\Snapfish
2007-02-11 22:38:18 0 d---s---- C:\Documents and Settings\Simone Loong\Application Data\Microsoft<MICROS~1>
2007-02-07 12:39:08 517840 --a
C:\WINDOWS\system32\SymNeti.dll
2007-02-07 12:39:04 132816 --a
C:\WINDOWS\system32\SymRedir.dll
2007-02-05 10:40:01 0 d
C:\Program Files\del.icio.us<DELICI~1.US>
2007-02-05 10:39:00 0 d
C:\Program Files\Skype
2007-02-05 10:39:00 0 d
C:\Program Files\Common Files\Skype
2007-02-04 17:21:06 0 d
C:\Program Files\EPSON
2007-02-03 18:19:00 0 dr-h
C:\Documents and Settings\Simone Loong\Application Data\yahoo!
2007-01-30 11:03:22 2951 --a
C:\WINDOWS\mozver.dat
2007-01-29 12:23:19 0 d
C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-01-29 12:20:09 0 d
C:\Program Files\Windows Media Connect<WINDOW~4>
2007-01-29 09:58:06 60416
n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 14:53:39 0 d
C:\Documents and Settings\Simone Loong\Application Data\AdobeUM
2007-01-12 10:27:42 232960 --a
C:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712
n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752
n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400
n--- C:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54 105984 --a
C:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 --a
C:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 --a
C:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 --a
C:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 --a
C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488
n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 --a
C:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 --a
C:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 --a
C:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14 17408 --a
C:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48 124928 --a
C:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 --a
C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 --a
C:\WINDOWS\system32\ieudinit.exe
-- Registry Dump
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"CognizanceTS"="rundll32.exe C:\\PROGRA~1\\HPQ\\IAM\\Bin\\AsTsVcc.dll,RegisterModule"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SlipStream"="\"C:\\Program Files\\SlipStream Web Accelerator\\slipcore.exe\""
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Cognizance REG_MULTI_SZ ASChannel\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of ComboScan: finished at 2007-03-27 at 10:14:00
lets use killbox again to delete the following please [/SIZE][/FONT]
Rescan with DSS (Comboscan) again please and post back the log from it
let me know how the computer is behaving now
Those files you mentioned are located in the !killbox folder, see attached.
Damn! and suddenly I have pop-ups again!! GRRRR!!!!!
Also, in that little pic I've attached, what are those folders with all the numbers?
Windows Security keeps telling me that Norton is out of date. And just now, Norton tells me that it's encountered a problem and needs to be uninstalled/reinstalled.
Outerinfo has also reinstalled itself.
Apart from that, all seems well
ComboScan v20070306.20 run by Simone Loong on 2007-03-28 at 07:24:18
Computer is in Normal Mode.
-- HijackThis (run as Simone Loong.exe)
Logfile of HijackThis v1.99.1
Scan saved at 7:24:24 AM, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Simone Loong\My Documents\s?stem32\?ti2evxx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Simone Loong\Desktop\comboscan.exe
C:\PROGRA~1\HIJACK~1\SIMONE~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.short-media.com/forum/showthread.php?t=55343&page=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [GLF2E.tmp] cmd /c "rmdir /s /q "C:\Program Files\GLF2E.tmp""
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135569143640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135569061500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC823201-EA27-428D-9F8D-4D8C38032E8F}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- Files created between 2007-02-28 and 2007-03-28
2007-03-28 07:15:14 0 d
C:\!KillBox
2007-03-28 06:45:21 2 --a
C:\WINDOWS\system32\wcpicom32.exe<WCPICO~1.EXE>
2007-03-28 06:45:20 0 d
C:\Program Files\Outerinfo<OUTERI~1>
2007-03-28 06:45:18 60928
n--- C:\WINDOWS\system32\piydde.dll
2007-03-28 06:44:51 40183 ---hs---- C:\Program Files\Common Files\Yazzle1670OinUninstaller.exe<YAZZLE~2.EXE>
2007-03-27 10:57:44 0 d
C:\Documents and Settings\Simone Loong\Application Data\MailFrontier<MAILFR~1>
2007-03-27 10:37:20 0 d
C:\Program Files\iTunes
2007-03-27 10:29:47 0 d
C:\Program Files\QuickTime<QUICKT~1>
2007-03-26 23:12:36 0 d
C:\Program Files\MSBuild
2007-03-26 23:08:31 0 d
C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-03-26 23:07:35 0 d
C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-26 23:06:13 14048
n--- C:\WINDOWS\system32\spmsg2.dll
2007-03-26 23:05:59 0 d
C:\0dcadcd3c1ba5bbe58f15ad6520c<0DCADC~1>
2007-03-26 22:56:58 36352
n--- C:\WINDOWS\system32\tsgqec.dll
2007-03-26 22:56:58 288768
n--- C:\WINDOWS\system32\rhttpaa.dll
2007-03-26 22:56:57 116736
n--- C:\WINDOWS\system32\aaclient.dll
2007-03-26 20:55:42 0 d
C:\WINDOWS\BDOSCAN8
2007-03-26 16:30:41 0 d
C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-25 15:02:38 0 d
C:\WINDOWS\system32\appmgmt
2007-03-25 14:53:55 4212 ---h
C:\WINDOWS\system32\zllictbl.dat
2007-03-25 14:53:40 75512 --a
C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
2007-03-25 14:53:10 1087216 --a
C:\WINDOWS\system32\zpeng24.dll
2007-03-25 14:53:10 0 d
C:\WINDOWS\system32\ZoneLabs
2007-03-25 14:52:36 0 d
C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-25 10:34:37 0 d
C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-03-25 10:18:33 0 d
C:\bintheredunthat<BINTHE~1>
2007-03-25 08:06:25 552 --a
C:\WINDOWS\system32\d3d8caps.dat
2007-03-24 20:15:21 0 d
C:\BFU
2007-03-24 18:33:08 0 d
C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-03-24 10:21:05 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-23 23:27:36 0 d
C:\93a6babd4615075e475704b1<93A6BA~1>
2007-03-23 11:07:36 0 d
C:\Documents and Settings\Simone Loong\Application Data\Lavasoft
2007-03-23 11:05:24 0 d
C:\Program Files\Lavasoft
2007-03-23 11:01:51 0 d
C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-22 22:47:49 8464 --a
C:\WINDOWS\system32\sporder.dll
2007-03-12 01:01:08 76560 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-11 18:42:11 0 d
C:\Documents and Settings\Simone Loong\.housecall6.6<HOUSEC~1.6>
2007-02-28 00:22:06 180224 --a
C:\WINDOWS\system32\eswia52.dll
2007-02-28 00:22:06 282624 --a
C:\WINDOWS\system32\esint52.dll
-- Find3M Report
2007-03-28 07:13:42 0 d
C:\Documents and Settings\Simone Loong\Application Data\PC Suite<PCSUIT~1>
2007-03-28 07:13:41 0 d---s---- C:\Documents and Settings\Simone Loong\Application Data\Microsoft<MICROS~1>
2007-03-28 07:13:38 0 d
C:\Documents and Settings\Simone Loong\Application Data\Adobe
2007-03-28 07:13:32 0 d--h
C:\Program Files\GLF2E.tmp
2007-03-28 07:13:21 0 d
C:\Documents and Settings\Simone Loong\Application Data\SlipStream<SLIPST~1>
2007-03-28 07:11:04 0 d
C:\Documents and Settings\Simone Loong\Application Data\Skype
2007-03-27 10:37:29 0 d
C:\Program Files\iPod
2007-03-26 17:30:12 0 d
C:\Program Files\OptusNet Dial-up Internet<OPTUSN~1>
2007-03-26 16:01:27 0 d
C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-25 19:00:42 0 d
C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-25 18:59:20 0 d
C:\Program Files\Messenger<MESSEN~1>
2007-03-25 18:55:53 0 d
C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-25 15:02:31 0 d
C:\Program Files\Java
2007-03-25 14:33:33 0 d
C:\Program Files\Symantec
2007-03-25 07:42:20 0 d
C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-24 23:10:12 22 --a
C:\Program Files\c.zip
2007-03-24 23:10:12 22 --a
C:\Program Files\b.zip
2007-03-24 23:09:45 22 --a
C:\Program Files\a.zip
2007-03-24 18:23:57 25214 --a
C:\Program Files\A.ico
2007-03-24 18:23:55 25214 --a
C:\Program Files\B.ico
2007-02-26 12:55:21 147456 --a
C:\WINDOWS\system32\vbzip10.dll
2007-02-18 11:45:51 560 --a
C:\Documents and Settings\Simone Loong\Application Data\ViewerApp.dat<VIEWER~1.DAT>
2007-02-12 22:23:44 153088 ---hs---- C:\Program Files\Common Files\Yazzle1670OinAdmin.exe<YAZZLE~1.EXE>
2007-02-12 13:02:53 0 d
C:\Documents and Settings\Simone Loong\Application Data\Snapfish
2007-02-07 12:39:08 517840 --a
C:\WINDOWS\system32\SymNeti.dll
2007-02-07 12:39:04 132816 --a
C:\WINDOWS\system32\SymRedir.dll
2007-02-05 10:40:01 0 d
C:\Program Files\del.icio.us<DELICI~1.US>
2007-02-05 10:39:00 0 d
C:\Program Files\Skype
2007-02-05 10:39:00 0 d
C:\Program Files\Common Files\Skype
2007-02-04 17:21:06 0 d
C:\Program Files\EPSON
2007-02-03 18:19:00 0 dr-h
C:\Documents and Settings\Simone Loong\Application Data\yahoo!
2007-01-30 11:03:22 2951 --a
C:\WINDOWS\mozver.dat
2007-01-29 12:23:19 0 d
C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-01-29 12:20:09 0 d
C:\Program Files\Windows Media Connect<WINDOW~4>
2007-01-29 09:58:06 60416
n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 14:53:39 0 d
C:\Documents and Settings\Simone Loong\Application Data\AdobeUM
2007-01-12 10:27:42 232960 --a
C:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712
n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752
n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400
n--- C:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54 105984 --a
C:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 --a
C:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 --a
C:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 --a
C:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 --a
C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488
n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 --a
C:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 --a
C:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 --a
C:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14 17408 --a
C:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48 124928 --a
C:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 --a
C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 --a
C:\WINDOWS\system32\ieudinit.exe
-- Registry Dump
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"CognizanceTS"="rundll32.exe C:\\PROGRA~1\\HPQ\\IAM\\Bin\\AsTsVcc.dll,RegisterModule"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"GLF2E.tmp"="cmd /c \"rmdir /s /q \"C:\\Program Files\\GLF2E.tmp\"\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Cognizance REG_MULTI_SZ ASChannel\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of ComboScan: finished at 2007-03-28 at 07:24:47
Lets get after this. This scan will take a while to run,
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Once the scan is complete do the following:
Just for something to do, I ran kaspersky before. Results below.
Now will do the AVG thing.
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 28, 2007 3:05:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/03/2007
Kaspersky Anti-Virus database records: 287431
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 66370
Number of viruses found: 2
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:18:21
Infected Object Name / Virus Name / Last Action
C:\!KillBox\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\!KillBox\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\!KillBox\OiUninstaller.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\call256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chat512.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\index2.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\user1024.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\user16384.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\user256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\user4096.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Application Data\Skype\narcheskatheelf\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Simone Loong\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\History\History.IE5\MSHist012007032820070329\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\flaD.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\~DF1C22.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temp\~DFEC4C.tmp Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Simone Loong\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Simone Loong\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SIMONELAPTOP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{918C3E24-1E7F-47DB-B35A-4B845E582DE3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT01b4a.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0408c.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Rebooted... all okay now.
I ran the AVG scan, then fell asleep. When I woke up, all fuzzy headed, I saved the report, shut down and rebooted in normal mode. Then I went to post the results only to realise I hadn't taken any action with the previous scan. D'oh!!
I didn't have the patience to run the entire scan again, so I did a
Fast System Scan, then checked that report against the first report, then ran a Custom Scan on C:\Program Files\Common Files and C:\Documents and Settings\Simone Loong to pick up the remaining files.
It seems that everything that was mentioned in the first report has been picked up by the 2 separate scans. Plz correct me if I'm wrong.
So I've attached the
- first complete system scan (Report-Scan-20070328-185612.txt)
- the fast scan which says I haven't taken any action but I promise I did! I just forgot to save the report after I took action (Report-Scan-fast scan.txt)
- the custom scan (Report-Scan-2nd scan.txt)
Sorry to be painful. I'm useless when I just wake up !!
how is the machine running now ?
Lets see a fresh comboscan log please
So no need rush in getting back to me.
Oh BTW, everything is running super-dooper quickly
... oh, you're back. okay, comboscan here we come.
ComboScan v20070306.20 run by Simone Loong on 2007-03-28 at 23:07:32
Computer is in Normal Mode.
-- HijackThis (run as Simone Loong.exe)
Logfile of HijackThis v1.99.1
Scan saved at 11:07:41 PM, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Simone Loong\Desktop\comboscan.exe
C:\PROGRA~1\HIJACK~1\SIMONE~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.short-media.com/forum/showthread.php?t=55343&page=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135569143640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135569061500
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC823201-EA27-428D-9F8D-4D8C38032E8F}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- Files created between 2007-02-28 and 2007-03-28
2007-03-28 15:09:55 3968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-28 15:09:51 0 d
C:\Program Files\Grisoft
2007-03-28 07:15:14 0 d
C:\!KillBox
2007-03-28 06:45:20 0 d
C:\Program Files\Outerinfo<OUTERI~1>
2007-03-28 06:44:51 40183 ---hs---- C:\Program Files\Common Files\Yazzle1670OinUninstaller.exe<YAZZLE~2.EXE>
2007-03-27 10:57:44 0 d
C:\Documents and Settings\Simone Loong\Application Data\MailFrontier<MAILFR~1>
2007-03-27 10:37:20 0 d
C:\Program Files\iTunes
2007-03-27 10:29:47 0 d
C:\Program Files\QuickTime<QUICKT~1>
2007-03-26 23:12:36 0 d
C:\Program Files\MSBuild
2007-03-26 23:08:31 0 d
C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-03-26 23:07:35 0 d
C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-26 23:06:13 14048
n--- C:\WINDOWS\system32\spmsg2.dll
2007-03-26 23:05:59 0 d
C:\0dcadcd3c1ba5bbe58f15ad6520c<0DCADC~1>
2007-03-26 22:56:58 36352
n--- C:\WINDOWS\system32\tsgqec.dll
2007-03-26 22:56:58 288768
n--- C:\WINDOWS\system32\rhttpaa.dll
2007-03-26 22:56:57 116736
n--- C:\WINDOWS\system32\aaclient.dll
2007-03-26 20:55:42 0 d
C:\WINDOWS\BDOSCAN8
2007-03-26 16:30:41 0 d
C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-25 15:02:38 0 d
C:\WINDOWS\system32\appmgmt
2007-03-25 14:53:55 4212 ---h
C:\WINDOWS\system32\zllictbl.dat
2007-03-25 14:53:40 75512 --a
C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
2007-03-25 14:53:10 1087216 --a
C:\WINDOWS\system32\zpeng24.dll
2007-03-25 14:53:10 0 d
C:\WINDOWS\system32\ZoneLabs
2007-03-25 14:52:36 0 d
C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-25 10:34:37 0 d
C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-03-25 10:18:33 0 d
C:\bintheredunthat<BINTHE~1>
2007-03-25 08:06:25 552 --a
C:\WINDOWS\system32\d3d8caps.dat
2007-03-24 20:15:21 0 d
C:\BFU
2007-03-24 18:33:08 0 d
C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-03-24 10:21:05 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-23 23:27:36 0 d
C:\93a6babd4615075e475704b1<93A6BA~1>
2007-03-23 11:07:36 0 d
C:\Documents and Settings\Simone Loong\Application Data\Lavasoft
2007-03-23 11:05:24 0 d
C:\Program Files\Lavasoft
2007-03-23 11:01:51 0 d
C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-22 22:47:49 8464 --a
C:\WINDOWS\system32\sporder.dll
2007-03-12 01:01:08 76560 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-11 18:42:11 0 d
C:\Documents and Settings\Simone Loong\.housecall6.6<HOUSEC~1.6>
2007-02-28 00:22:06 180224 --a
C:\WINDOWS\system32\eswia52.dll
2007-02-28 00:22:06 282624 --a
C:\WINDOWS\system32\esint52.dll
-- Find3M Report
2007-03-28 23:06:19 0 d
C:\Documents and Settings\Simone Loong\Application Data\Skype
2007-03-28 09:01:06 0 d
C:\Documents and Settings\Simone Loong\Application Data\PC Suite<PCSUIT~1>
2007-03-28 07:13:41 0 d---s---- C:\Documents and Settings\Simone Loong\Application Data\Microsoft<MICROS~1>
2007-03-28 07:13:38 0 d
C:\Documents and Settings\Simone Loong\Application Data\Adobe
2007-03-28 07:13:21 0 d
C:\Documents and Settings\Simone Loong\Application Data\SlipStream<SLIPST~1>
2007-03-27 10:37:29 0 d
C:\Program Files\iPod
2007-03-26 17:30:12 0 d
C:\Program Files\OptusNet Dial-up Internet<OPTUSN~1>
2007-03-26 16:01:27 0 d
C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-25 19:00:42 0 d
C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-25 18:59:20 0 d
C:\Program Files\Messenger<MESSEN~1>
2007-03-25 18:55:53 0 d
C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-25 15:02:31 0 d
C:\Program Files\Java
2007-03-25 14:33:33 0 d
C:\Program Files\Symantec
2007-03-25 07:42:20 0 d
C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-24 23:10:12 22 --a
C:\Program Files\c.zip
2007-03-24 23:10:12 22 --a
C:\Program Files\b.zip
2007-03-24 23:09:45 22 --a
C:\Program Files\a.zip
2007-03-24 18:23:57 25214 --a
C:\Program Files\A.ico
2007-03-24 18:23:55 25214 --a
C:\Program Files\B.ico
2007-02-26 12:55:21 147456 --a
C:\WINDOWS\system32\vbzip10.dll
2007-02-18 11:45:51 560 --a
C:\Documents and Settings\Simone Loong\Application Data\ViewerApp.dat<VIEWER~1.DAT>
2007-02-12 13:02:53 0 d
C:\Documents and Settings\Simone Loong\Application Data\Snapfish
2007-02-07 12:39:08 517840 --a
C:\WINDOWS\system32\SymNeti.dll
2007-02-07 12:39:04 132816 --a
C:\WINDOWS\system32\SymRedir.dll
2007-02-05 10:40:01 0 d
C:\Program Files\del.icio.us<DELICI~1.US>
2007-02-05 10:39:00 0 d
C:\Program Files\Skype
2007-02-05 10:39:00 0 d
C:\Program Files\Common Files\Skype
2007-02-04 17:21:06 0 d
C:\Program Files\EPSON
2007-02-03 18:19:00 0 dr-h
C:\Documents and Settings\Simone Loong\Application Data\yahoo!
2007-01-30 11:03:22 2951 --a
C:\WINDOWS\mozver.dat
2007-01-29 12:23:19 0 d
C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-01-29 12:20:09 0 d
C:\Program Files\Windows Media Connect<WINDOW~4>
2007-01-29 09:58:06 60416
n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 14:53:39 0 d
C:\Documents and Settings\Simone Loong\Application Data\AdobeUM
2007-01-12 10:27:42 232960 --a
C:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712
n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752
n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400
n--- C:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54 105984 --a
C:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 --a
C:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 --a
C:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 --a
C:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 --a
C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488
n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 --a
C:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 --a
C:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 --a
C:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14 17408 --a
C:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48 124928 --a
C:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 --a
C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 --a
C:\WINDOWS\system32\ieudinit.exe
-- Registry Dump
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"CognizanceTS"="rundll32.exe C:\\PROGRA~1\\HPQ\\IAM\\Bin\\AsTsVcc.dll,RegisterModule"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{67321FD1-063C-1033-0701-05050322003d}"="\"C:\\Program Files\\Common Files\\{67321FD1-063C-1033-0701-05050322003d}\\Update.exe\" mc-110-12-0000137"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Cognizance REG_MULTI_SZ ASChannel\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of ComboScan: finished at 2007-03-28 at 23:08:06
now lets killbox these the same way you did before
No worries about getting it done tonight we can wrap it up tomorrow
Killbox makes a folder for backups for anything it removes in the event we need to get something back that shouldn't have
you can go ahead and delete the C:\!KillBox <-- folder
once we are all done
that should be the last of them
Let me know how everything is running
Still getting the Windows Security message that Norton is out of date and when I open Norton is just says 'refreshing'.
What will happen with AVG when the 30 days runs out?
The gaurd will no longer be available to you and you will not get automatic updates, but you can still use the program for scanning your lap top but you will have to manually update it
Bah I hate Nortons !!!! did you try manually updating it ?
In the meantime, Norton has picked up at least two malicious scripts one called parasite.js and the other called defrag.js
The file path for both of them is:
c:\docume~1\simone~1\locals~1\temp\hpispz