ali.exe? trojan?
There is a file ali.exe that is supposed to be some kind of installation file for a trojan on my computer and I cannot get rid of it and it is causing me all sorts of problems. When I start up the computer I get a little windows box on the top left corner saying "Windows is initializing the following: "C:Windows\System32\ali.exe" " and then it would disappear. I tried deleting this file on its own but it would re-produce itself again and again. Also when I'm shutting down or restarting, I always get an error saying "ali.exe could not initalize because the windows station is shutting down" and that windows error window reproduces itself every time it gets closed until windows forces the process to end.
I think this might be connected to the ali.exe problem but after finally closing all the processes, but just before going into the Windows Logging off/saving user settings screen, I hear the standard Windows Error Message ding and this is really starting to get annoying.
hijackthis:
online scan(panda):
I think this might be connected to the ali.exe problem but after finally closing all the processes, but just before going into the Windows Logging off/saving user settings screen, I hear the standard Windows Error Message ding and this is really starting to get annoying.
hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 6:15:47 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\computer\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174972460374
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
the scan picks up a program cmdow.exe that program is fine.online scan(panda):
Incident Status Location Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\252f2bgo.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\252f2bgo.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.com.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.azjmp.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.zedo.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.burstnet.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.atwola.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.gostats.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[adserver.filefront.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.statcounter.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.revenue.net/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.bravenet.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.xiti.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.go.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\computer\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_02_08_2007_12_00_13.asq18467 Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\computer\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_05_08_2007_10_15_27.asq26500 Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\computer\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_05_08_2007_10_15_27.asq6334 Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\computer\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_06_08_2007_12_23_22.asq18467 Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\computer\Cookies\computer@atwola[1].txt Potentially unwanted tool:Application/HideWindow.S Not disinfected C:\Documents and Settings\computer\Desktop\DESKTOP\RemotejoySDLGUI\PC\cmdow.exe
0
This discussion has been closed.
Comments
Let's run combofix:
(and in next post we gonna delete that ali.exe
Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
ComboFix 07-08-09.3 - "computer" 2007-08-12 19:10:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.154 [GMT -7:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\computer\APPLIC~1.\macromedia\Flash Player\#SharedObjects\JCWM8EX8\www.broadcaster.com C:\DOCUME~1\computer\APPLIC~1.\macromedia\Flash Player\#SharedObjects\JCWM8EX8\www.broadcaster.com\played_list.sol C:\DOCUME~1\computer\APPLIC~1.\macromedia\Flash Player\#SharedObjects\JCWM8EX8\www.broadcaster.com\video_queue.sol C:\DOCUME~1\computer\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\DOCUME~1\computer\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\WINDOWS\system32\_000009_.tmp.dll ((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 ))))))))))))))))))))))))))))))) 2007-08-12 19:04 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 11:53 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Datel 2007-08-10 11:52 <DIR> d-------- C:\Program Files\Datel 2007-08-09 09:27 333,824 --a------ C:\WINDOWS\vdbn.exe 2007-08-09 09:27 3,807 --a------ C:\WINDOWS\bmpl.dll 2007-08-08 20:39 <DIR> d-------- C:\Program Files\PBP Unpacker 2007-08-08 18:30 <DIR> d-------- C:\Program Files\MagicISO 2007-08-08 16:02 <DIR> d-------- C:\Program Files\COMPACT 2007-08-08 15:53 <DIR> d-------- C:\WINDOWS\File Extension Manager 2007-08-02 09:52 <DIR> d-------- C:\Program Files\Uniblue 2007-08-02 09:52 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Uniblue 2007-08-01 16:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-01 16:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-01 15:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-01 14:59 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-01 14:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-01 13:25 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Lavasoft 2007-08-01 13:24 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-01 11:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-01 11:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-01 11:50 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\SUPERAntiSpyware.com 2007-08-01 11:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-01 10:38 16,660 --a------ C:\WINDOWS\bhookpl.dll 2007-07-31 20:57 98,304 --a------ C:\WINDOWS\system32\ali.exe 2007-07-31 20:57 98,304 --a------ C:\WINDOWS\bandook.exe 2007-07-29 21:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan 2007-07-28 20:03 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-07-28 16:23 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Symantec 2007-07-28 15:46 <DIR> d-------- C:\Program Files\Norton 360 2007-07-28 15:44 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-07-28 15:44 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-07-24 18:44 181 --a------ C:\WINDOWS\regssvr32.bat 2007-07-20 15:27 0 --a------ C:\WINDOWS\system32\dummy.dat 2007-07-20 15:26 <DIR> d-------- C:\Program Files\AGLOCO Viewbar 2007-07-19 14:01 <DIR> d--h----- C:\DOCUME~1\computer\APPLIC~1\ijjigame 2007-07-17 13:29 52,224 --a------ C:\WINDOWS\system32\jpg.dll 2007-07-16 16:53 53,760 --a------ C:\WINDOWS\system32\zlib.dll 2007-07-12 20:18 79,280 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-07-12 16:43 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Real (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2027-03-30 12:39 --------- d-------- C:\Program Files\Common Files\Macrovision Shared 2007-08-10 21:10 --------- d-------- C:\Program Files\Dl_cats 2007-08-10 11:55 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-10 10:39 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\LimeWire 2007-08-06 17:15 --------- d-------- C:\Program Files\MSN Messenger 2007-08-06 17:10 --------- d-------- C:\Program Files\Messenger 2007-08-06 17:10 --------- d-------- C:\Program Files\LimeWire 2007-08-06 17:05 --------- d-------- C:\Program Files\iTunes 2007-08-06 17:04 --------- d-------- C:\Program Files\Dell Photo AIO Printer 924 2007-08-06 16:58 --------- d-------- C:\Program Files\AIM6 2007-08-02 10:57 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-08-01 17:20 --------- d-------- C:\Program Files\QuickTime 2007-07-28 15:48 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-07-28 15:48 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-07-28 15:48 --------- d-------- C:\Program Files\Symantec 2007-07-28 15:36 --------- d-------- C:\Program Files\Yahoo! 2007-07-28 15:35 --------- d-------- C:\Program Files\Common Files\Scanner 2007-07-28 12:40 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-28 12:40 --------- d-------- C:\Program Files\Game Cam 2007-07-17 12:21 186256 --a------ C:\WINDOWS\system32\SymNPPWA.dll 2007-07-16 11:06 1909 --a------ C:\WINDOWS\mozver.dat 2007-07-11 16:53 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\U3 2007-07-08 11:55 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\Thinstall 2007-07-07 14:50 --------- d-------- C:\Program Files\iPod 2007-07-07 14:43 --------- d-------- C:\Program Files\Common Files\Apple 2007-07-07 14:26 --------- d-------- C:\Program Files\MSXML 6.0 2007-07-02 20:41 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\Opera 2007-06-30 11:55 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\Ahead 2007-06-23 15:04 --------- d-------- C:\Program Files\Common Files\Ahead 2007-06-23 15:01 --------- d-------- C:\Program Files\Nero 2007-06-23 13:46 --------- d-------- C:\Program Files\Ahead 2007-06-21 13:10 --------- d-------- C:\Program Files\ArtMoney 2007-06-19 16:08 --------- d-------- C:\Program Files\Google 2007-06-19 08:56 --------- d-------- C:\Program Files\HyCam2 2007-06-18 18:33 356352 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-06-16 14:55 --------- d-------- C:\Program Files\hax 2007-06-16 14:55 --------- d-------- C:\Program Files\DirectX 9.0c Redistr 2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe 2007-05-16 08:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 08:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 08:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 08:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 08:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 10:35] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 10:32] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 10:36] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 11:38] "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 12:03] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "Bandook"="C:\WINDOWS\system32\ali.exe" [2007-07-31 21:17] "Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-07-24 13:21] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "*Bandook"=C:\WINDOWS\system32\ali.exe C:\Documents and Settings\computer\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandook] C:\WINDOWS\system32\ali.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\WINDOWS\system32\rmctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys R2 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys R3 PID_08A0;Labtec WebCam Pro(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys S3 Revolution1;Revolution1;\??\C:\DOCUME~1\computer\LOCALS~1\Temp\Rar$EX08.562\SHAK3.sys S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94413fe2-dee0-11db-936e-0013209a1700}] AutoRun\command- E:\LaunchU3.exe -a *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AA70FA06-BD60-D3FF-B070-A8DE5A4D850D}] C:\WINDOWS\system32\WinShield.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}] C:\WINDOWS\system32\ali.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAE17520-FA0B-B4D0-A200-C020EB1F500B}] C:\WINDOWS\system32\win32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5F0B0F3-FE04-CACE-EAB9-D90950434AEA}] C:\WINDOWS\system32\WinShield.exe Contents of the 'Scheduled Tasks' folder 2007-08-04 21:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-08-12 17:43:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job 2007-08-02 17:15:33 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe 2007-08-02 18:22:43 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 19:19:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-08-12 19:27:19 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-12 19:26 --- E O F ---hijackthis:
Logfile of HijackThis v1.99.1 Scan saved at 7:34:20 PM, on 8/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\computer\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174972460374 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exePlease visit Virustotal
* Click the Browse... button
* Navigate to the file C:\WINDOWS\system32\jpg.dll
* Click the Open button
* Click the Send button
* Copy and paste the results back here
Please, do the same scan to this file:
C:\WINDOWS\system32\WinShield.exe
Please, post virustotal's results back here
but i could not find the file "WinShield.exe". i even searched it with the searh function windows has and did not find it.
(the results are in the pic)
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
_________________
Open notepad and copy/paste the text in the quotebox below into it:
File:: C:\WINDOWS\vdbn.exe C:\WINDOWS\bmpl.dll C:\WINDOWS\bhookpl.dll C:\WINDOWS\system32\ali.exe C:\WINDOWS\bandook.exe C:\WINDOWS\system32\jpg.dll C:\WINDOWS\system32\WinShield.exe Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "*Bandook"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandook] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AA70FA06-BD60-D3FF-B070-A8DE5A4D850D}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAE17520-FA0B-B4D0-A200-C020EB1F500B}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5F0B0F3-FE04-CACE-EAB9-D90950434AEA}]Save this as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
____________________
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Extended (if available otherwise Standard)
Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
Select
My Computer[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.[*]Copy and paste that information in your next post.
___________________
Please, post a fresh hijackthis log, combofix report and Online scanner's results
here is the hijack this:
Logfile of HijackThis v1.99.1 Scan saved at 12:24:52 PM, on 8/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\computer\Desktop\CodeConverter.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\computer\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://att.yahoo.com/"]http://att.yahoo.com[/URL] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://att.yahoo.com/"]http://att.yahoo.com[/URL] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [URL]http://go.microsoft.com/fwlink/?LinkId=74005[/URL] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [URL]http://support.dell.com/systemprofiler/SysPro.CAB[/URL] O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [URL]http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[/URL] O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - [URL]http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab[/URL] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [URL]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174972460374[/URL] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [URL]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/URL] O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - [URL]http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[/URL] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exehere is the combofix log:ComboFix 07-08-09.3 - "computer" 2007-08-15 8:44:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.124 [GMT -7:00] Command switches used :: C:\Documents and Settings\computer\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\vdbn.exe C:\WINDOWS\bmpl.dll C:\WINDOWS\bhookpl.dll C:\WINDOWS\system32\ali.exe C:\WINDOWS\bandook.exe C:\WINDOWS\system32\jpg.dll C:\WINDOWS\system32\WinShield.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\bandook.exe C:\WINDOWS\bhookpl.dll C:\WINDOWS\bmpl.dll C:\WINDOWS\system32\ali.exe C:\WINDOWS\system32\jpg.dll C:\WINDOWS\vdbn.exe ((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 ))))))))))))))))))))))))))))))) 2007-08-15 08:37 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-14 15:44 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-14 15:44 <DIR> d-------- C:\Program Files\Dell 2007-08-12 19:04 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 11:53 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Datel 2007-08-10 11:52 <DIR> d-------- C:\Program Files\Datel 2007-08-08 20:39 <DIR> d-------- C:\Program Files\PBP Unpacker 2007-08-08 18:30 <DIR> d-------- C:\Program Files\MagicISO 2007-08-08 16:02 <DIR> d-------- C:\Program Files\COMPACT 2007-08-08 15:53 <DIR> d-------- C:\WINDOWS\File Extension Manager 2007-08-02 09:52 <DIR> d-------- C:\Program Files\Uniblue 2007-08-02 09:52 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Uniblue 2007-08-01 16:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-01 16:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-01 15:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-01 14:59 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-01 14:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-01 13:25 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Lavasoft 2007-08-01 13:24 <DIR> d-------- C:\Program Files\Lavasoft 2007-08-01 11:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-01 11:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-01 11:50 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\SUPERAntiSpyware.com 2007-08-01 11:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-29 21:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan 2007-07-28 20:03 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-07-28 16:23 <DIR> d-------- C:\DOCUME~1\computer\APPLIC~1\Symantec 2007-07-28 15:46 <DIR> d-------- C:\Program Files\Norton 360 2007-07-28 15:44 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-07-28 15:44 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-07-24 18:44 181 --a------ C:\WINDOWS\regssvr32.bat 2007-07-20 15:27 0 --a------ C:\WINDOWS\system32\dummy.dat 2007-07-20 15:26 <DIR> d-------- C:\Program Files\AGLOCO Viewbar 2007-07-19 14:01 <DIR> d--h----- C:\DOCUME~1\computer\APPLIC~1\ijjigame 2007-07-16 16:53 53,760 --a------ C:\WINDOWS\system32\zlib.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2027-03-30 12:39 --------- d-------- C:\Program Files\Common Files\Macrovision Shared 2007-08-14 15:45 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-10 21:10 --------- d-------- C:\Program Files\Dl_cats 2007-08-10 10:39 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\LimeWire 2007-08-06 17:15 --------- d-------- C:\Program Files\MSN Messenger 2007-08-06 17:10 --------- d-------- C:\Program Files\Messenger 2007-08-06 17:10 --------- d-------- C:\Program Files\LimeWire 2007-08-06 17:05 --------- d-------- C:\Program Files\iTunes 2007-08-06 17:04 --------- d-------- C:\Program Files\Dell Photo AIO Printer 924 2007-08-06 16:58 --------- d-------- C:\Program Files\AIM6 2007-08-02 10:57 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-08-01 17:20 --------- d-------- C:\Program Files\QuickTime 2007-07-28 15:48 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-07-28 15:48 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-07-28 15:48 --------- d-------- C:\Program Files\Symantec 2007-07-28 15:36 --------- d-------- C:\Program Files\Yahoo! 2007-07-28 15:35 --------- d-------- C:\Program Files\Common Files\Scanner 2007-07-28 12:40 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-28 12:40 --------- d-------- C:\Program Files\Game Cam 2007-07-18 23:59 3583488 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-17 12:21 186256 --a------ C:\WINDOWS\system32\SymNPPWA.dll 2007-07-16 11:06 1909 --a------ C:\WINDOWS\mozver.dat 2007-07-12 20:19 79280 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-07-12 16:43 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\Real 2007-07-12 16:31 765952 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-11 16:53 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\U3 2007-07-08 11:55 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\Thinstall 2007-07-07 14:50 --------- d-------- C:\Program Files\iPod 2007-07-07 14:43 --------- d-------- C:\Program Files\Common Files\Apple 2007-07-07 14:26 --------- d-------- C:\Program Files\MSXML 6.0 2007-07-02 20:41 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\Opera 2007-06-30 11:55 --------- d-------- C:\DOCUME~1\computer\APPLIC~1\Ahead 2007-06-27 07:34 823808 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 07:34 671232 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 07:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 07:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 07:34 477696 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 07:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 07:34 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 07:34 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 07:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 07:34 27648 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 07:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 07:34 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 07:34 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 07:34 193024 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 07:34 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 07:34 132608 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 07:34 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 07:34 1152000 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 07:34 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 07:34 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 01:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 01:27 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 01:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 00:00 161792 -----c--- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-25 23:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-23 15:04 --------- d-------- C:\Program Files\Common Files\Ahead 2007-06-23 15:01 --------- d-------- C:\Program Files\Nero 2007-06-23 13:46 --------- d-------- C:\Program Files\Ahead 2007-06-21 13:10 --------- d-------- C:\Program Files\ArtMoney 2007-06-19 16:08 --------- d-------- C:\Program Files\Google 2007-06-19 08:56 --------- d-------- C:\Program Files\HyCam2 2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 06:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-18 18:33 356352 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-06-16 14:55 --------- d-------- C:\Program Files\hax 2007-06-16 14:55 --------- d-------- C:\Program Files\DirectX 9.0c Redistr 2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 03:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe 2007-05-17 04:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll 2007-05-17 04:28 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe 2007-05-16 08:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 08:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 08:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 08:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 08:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-15 15:43 1320800 --a------ C:\WINDOWS\system32\msxml6.dll 2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 10:35] "igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 10:32] "igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 10:36] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 11:38] "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 12:03] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-07-24 13:21] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] "Bandook"="C:\WINDOWS\system32\ali.exe" [] C:\Documents and Settings\computer\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [COLOR=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/COLOR] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\WINDOWS\system32\rmctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys R2 spydetector;spydetector;\??\C:\Program Files\Spyware Process Detector\spydetector.sys R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys R3 PID_08A0;Labtec WebCam Pro(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys S3 Revolution1;Revolution1;\??\C:\DOCUME~1\computer\LOCALS~1\Temp\Rar$EX08.562\SHAK3.sys S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94413fe2-dee0-11db-936e-0013209a1700}] AutoRun\command- E:\LaunchU3.exe -a *Newly Created Service* - COMHOST Contents of the 'Scheduled Tasks' folder 2007-08-04 21:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-08-12 17:43:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job 2007-08-02 17:15:33 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe 2007-08-02 18:22:43 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL="http://www.gmer.net/"]http://www.gmer.net[/URL] Rootkit scan 2007-08-15 09:07:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-08-15 9:14:13 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-15 09:13 C:\ComboFix2.txt ... 2007-08-12 19:27 --- E O F ---here is the online scan:------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, August 15, 2007 12:17:03 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 15/08/2007 Kaspersky Anti-Virus database records: 381532 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 70859 Number of viruses found: 7 Number of infected objects: 11 Number of suspicious objects: 1 Duration of the scan process: 02:30:38 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\F195AF39.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cert8.db Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\history.dat Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\key3.db Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\parent.lock Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\search.sqlite Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\computer\Cookies\index.dat Object is locked skipped C:\Documents and Settings\computer\Desktop\DESKTOP\RemotejoySDLGUI\PC\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\Documents and Settings\computer\Desktop\spyaway.exe/EXE-file Infected: Backdoor.Win32.VB.bco skipped C:\Documents and Settings\computer\Desktop\spyaway.exe Embedded EXE: infected - 1 skipped C:\Documents and Settings\computer\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\AOL OCP\AIM\Storage\data\x510carlosx\localStorage\common.cls Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Identities\{69E94587-A8C6-4E19-938F-3AD964123DC7}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Identities\{69E94587-A8C6-4E19-938F-3AD964123DC7}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\computer\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\computer\Local Settings\History\History.IE5\MSHist012007081520070816\index.dat Object is locked skipped C:\Documents and Settings\computer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\computer\ntuser.dat Object is locked skipped C:\Documents and Settings\computer\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\bandook.exe.vir Infected: Backdoor.Win32.Bandok.av skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ali.exe.vir Infected: Backdoor.Win32.Bandok.av skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP13\A0017879.exe Infected: Backdoor.Win32.Bandok.av skipped C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP13\A0017880.exe Infected: Backdoor.Win32.Bandok.av skipped C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP13\change.log Object is locked skipped C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP3\A0000097.exe/EXE-file Infected: Virus.Win32.Parite.b skipped C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP3\A0000097.exe Embedded EXE: infected - 1 skipped C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP4\A0000420.exe Infected: Backdoor.Win32.Prorat.19.am skipped C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP4\A0000421.exe Infected: Backdoor.Win32.Prorat.19.h skipped C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP6\A0002550.exe Suspicious: Backdoor.Win32.VB.gen skipped C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{48E16067-7A25-4F6E-8689-8039B417D1BA}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd7437.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\temp\JETAD83.tmp Object is locked skipped C:\WINDOWS\temp\JETAF38.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.I'm not the right guy to say you "how you do it", 'cause i have never format my computer
You didn't give kaspersky's report, you gave two combofix reports
Please, post that kaspersky's report
i have another question. what is the best anti virus that does
not take up a lot of memory. right now i have Norton 360 but its talking a lot of memory
and making my PC slow. What do you suggest? it does not matter if i have to pay.
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, August 15, 2007 12:17:03 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 15/08/2007 Kaspersky Anti-Virus database records: 381532 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 70859 Number of viruses found: 7 Number of infected objects: 11 Number of suspicious objects: 1 Duration of the scan process: 02:30:38 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\F195AF39.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\cert8.db Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\history.dat Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\key3.db Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\parent.lock Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\search.sqlite Object is locked skipped C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\computer\Cookies\index.dat Object is locked skipped C:\Documents and Settings\computer\Desktop\DESKTOP\RemotejoySDLGUI\PC\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped [B]C:\Documents and Settings\computer\Desktop\spyaway.exe/EXE-file Infected: Backdoor.Win32.VB.bco skipped[/B] [B]C:\Documents and Settings\computer\Desktop\spyaway.exe Embedded EXE: infected - 1 skipped[/B] C:\Documents and Settings\computer\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\AOL OCP\AIM\Storage\data\x510carlosx\localStorage\common.cls Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Identities\{69E94587-A8C6-4E19-938F-3AD964123DC7}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Identities\{69E94587-A8C6-4E19-938F-3AD964123DC7}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pgc3nv1.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\computer\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\computer\Local Settings\History\History.IE5\MSHist012007081520070816\index.dat Object is locked skipped C:\Documents and Settings\computer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\computer\ntuser.dat Object is locked skipped C:\Documents and Settings\computer\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped [B]C:\QooBox\Quarantine\C\WINDOWS\bandook.exe.vir Infected: Backdoor.Win32.Bandok.av skipped[/B] [B]C:\QooBox\Quarantine\C\WINDOWS\system32\ali.exe.vir Infected: Backdoor.Win32.Bandok.av skipped[/B] C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped [B]C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP13\A0017879.exe Infected: Backdoor.Win32.Bandok.av skipped[/B] [B]C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP13\A0017880.exe Infected: Backdoor.Win32.Bandok.av skipped[/B] C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP13\change.log Object is locked skipped [B]C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP3\A0000097.exe/EXE-file Infected: Virus.Win32.Parite.b skipped[/B] [B]C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP3\A0000097.exe Embedded EXE: infected - 1 skipped[/B] [B]C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP4\A0000420.exe Infected: Backdoor.Win32.Prorat.19.am skipped[/B] [B]C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP4\A0000421.exe Infected: Backdoor.Win32.Prorat.19.h skipped[/B] C:\System Volume Information\_restore{99B23F2E-F65C-4B8D-8023-B6691ADEDE5F}\RP6\A0002550.exe Suspicious: Backdoor.Win32.VB.gen skipped C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{48E16067-7A25-4F6E-8689-8039B417D1BA}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd7437.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\temp\JETAD83.tmp Object is locked skipped C:\WINDOWS\temp\JETAF38.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.Yes, symantec takes lot of memory.
Kaspersky Internet security 6 or 7 is much more better
KIS 6 or 7 works great in old computer
___________
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.
___________
We need to backup the registry before we continue.
Registry edits can be potentially dangerous; we can revert to the backup if needed.
Go to Start » Run » type: regedit » OK.
- On the leftside, click to highlight My Computer at the top.
- Go up to File » Export
[*]Choose to save it to C:\Make sure in that window there is a tick next to "All" under Export Branch. Leave the "Save As Type" as "Registration Files". Under "Filename" put
RegBackup.[*]Click save and then go to File » Exit.
Please run Notepad and paste the following text into a new file:
Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.
______________
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
_____________
Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.
_____________
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
C:\Documents and Settings\computer\Desktop\spyaway.exe
Delete this folder:
C:\QooBox\Quarantine
_____________
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
_____________
When you are finished, please reboot the computer normally, and post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.
_____________
Please, post a fresh hijackthis log.
Do you have problems?
oh and what would be the best internet security to have but for a computer of 512 mb of ram?
is it just having the Kasoery antivirus? no firewalls? or anything?
Logfile of HijackThis v1.99.1 Scan saved at 8:38:05 AM, on 8/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\dlcccoms.exe C:\Documents and Settings\computer\Desktop\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174972460374 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeIf you don't like it, here is some good free firewalls:
1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo
1 firewall and 1 antivirus is recommended
And here is two good antivirus:
Avast!
Antivir
Ok. Your log is fine now
Log looks clean...great job!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
Renable system restore with instructions from tutorial above
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Glad I was able to help.