1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

HTTP Tojan Vundo Activity

Discussion in 'Malware and Virus Removal Archive' started by merlinone, 2008/03/15.

  1. 2008/03/15
    merlinone

    merlinone Inactive Thread Starter

    Joined:
    2004/01/17
    Messages:
    103
    Likes Received:
    0
    Once in a while i get a message from Norton Antivirus that it blocked a virus called HTTP Tojan Vundo Activity. Why does it keep attacking my computer and how can i make it stop? could it be something that i need to remove from the computer in order to make it stop?

    Heres my HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:31:18 PM, on 3/15/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\OEM03Mon.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Windows\System32\Ctxfihlp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\SecurityHistory\mcui32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtuvus.dll,#1
    O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KOSMOS~1\AppData\Local\Temp\gebxv.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KOSMOS~1\AppData\Local\Temp\gebcy.dll,c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 9315 bytes
     
    merlinone,
    #1
  2. 2008/03/15
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi merlinone

    We need to disable Windows Defender and SpyBots TeaTimer.
    Check this link for any applicable programs you may have.

    Please remember to reinable them after you're clean.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.


    Now Download ComboFix from [color= "Red"]Here[/color] to your Desktop. Make sure you use the Vista instructions.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.


    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Please post the Combofix log.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/03/16
    merlinone

    merlinone Inactive Thread Starter

    Joined:
    2004/01/17
    Messages:
    103
    Likes Received:
    0
    ComboFix 08-03-14.4 - kosmos_corn88 2008-03-16 1:30:44.1 - NTFSx86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.970 [GMT -5:00]
    Running from: C:\Users\kosmos_corn88\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
    C:\Windows\180ax.exe
    C:\Windows\2020search.dll
    C:\Windows\bjam.dll
    C:\Windows\bokja.exe
    C:\Windows\cdsm32.dll
    C:\Windows\mspphe.dll
    C:\Windows\saiemod.dll
    C:\Windows\swin32.dll
    C:\Windows\system32\awtuvus.dll
    C:\Windows\system32\msixu.dll
    C:\Windows\voiceip.dll

    ----- BITS: Possible infected sites -----

    hxxp://theinstalls.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\NPF


    ((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-16 06:30 6,736 ----a-w C:\Windows\system32\drivers\PROCEXP90.SYS
    2008-03-15 23:31 --------- d-----w C:\Program Files\Trend Micro
    2008-03-15 22:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-03-15 22:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-03-15 22:41 --------- d---a-w C:\ProgramData\TEMP
    2008-03-15 06:10 --------- d-----w C:\Program Files\stc
    2008-03-15 05:35 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\uTorrent
    2008-03-15 02:30 --------- d-----w C:\ProgramData\RFA_Backups
    2008-03-12 22:02 --------- d-----w C:\Program Files\Windows Mail
    2008-03-11 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-11 20:15 --------- d-----w C:\Program Files\Logitech
    2008-03-11 20:15 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-03-11 04:28 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\Creative
    2008-03-11 04:05 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\Smart Recorder
    2008-03-11 04:05 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\DivX
    2008-03-09 04:37 --------- d-----w C:\Program Files\DivX
    2008-03-09 04:37 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-03-03 05:08 --------- d-----w C:\ProgramData\NVIDIA
    2008-03-01 15:03 --------- d-----w C:\ProgramData\Roxio
    2008-02-29 08:04 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application
    2008-02-29 08:04 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-02-29 08:04 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-02-29 04:17 3,699,424 ----atw C:\Windows\DXM2AB7.tmp
    2008-02-28 20:30 --------- d-----w C:\Program Files\Pcsx2_0.9.4
    2008-02-28 03:47 --------- d-----w C:\Program Files\Common Files\AnimeVamp
    2008-02-26 05:38 --------- d-----w C:\Program Files\Square Soft, Inc
    2008-02-26 05:33 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\ImgBurn
    2008-02-26 05:29 --------- d-----w C:\Program Files\ImgBurn
    2008-02-25 03:59 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-23 05:34 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-02-23 05:31 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-02-23 05:30 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\DAEMON Tools
    2008-02-23 03:10 --------- d-----w C:\Program Files\Smart Projects
    2008-02-22 16:26 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\Roxio
    2008-02-20 02:47 --------- d-----w C:\Program Files\Google
    2008-02-19 06:42 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\Yahoo!
    2008-02-19 06:42 --------- d-----w C:\ProgramData\Yahoo! Companion
    2008-02-19 06:38 --------- d-----w C:\Program Files\Yahoo!
    2008-02-14 23:05 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\EPSON
    2008-02-14 05:13 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\ArcSoft
    2008-02-13 07:02 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-13 07:01 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
    2008-02-13 07:01 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
    2008-02-13 07:01 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
    2008-02-13 07:01 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
    2008-02-13 07:01 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
    2008-02-13 07:01 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
    2008-02-13 07:01 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
    2008-02-13 07:01 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
    2008-02-13 06:59 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 06:59 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 06:59 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 06:59 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 06:59 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 06:59 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 06:59 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 06:59 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 06:59 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 06:59 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-13 06:59 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 06:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-12 00:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-10 04:43 --------- d-----w C:\ProgramData\Creative
    2008-02-06 05:45 --------- d--h--w C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
    2008-02-04 03:42 --------- d-----w C:\Program Files\RFA
    2008-02-02 00:05 --------- d-----w C:\ProgramData\Symantec
    2008-01-28 16:19 --------- d-----w C:\Program Files\Micro
    2008-01-24 06:18 --------- d-----w C:\Program Files\Zune
    2008-01-24 05:55 --------- d-----w C:\Program Files\WM Converter
    2008-01-23 08:16 12,088,071 ----a-w C:\Users\kosmos_corn88\wmconverter_2_0.exe
    2008-01-23 07:59 --------- d-----w C:\Program Files\Dell
    2008-01-23 05:46 --------- d-----w C:\Program Files\Creative Live! Cam
    2008-01-23 05:35 --------- d-----w C:\Program Files\Creative
    2008-01-23 05:35 --------- d-----w C:\Program Files\Common Files\Reallusion
    2008-01-23 05:34 --------- d-----w C:\Program Files\Common Files\Creative
    2008-01-21 19:59 118,657,928 ----a-w C:\Users\kosmos_corn88\TheWitcherPatch.1.2.0.1160(314).exe
    2008-01-21 04:32 255,000 ----a-w C:\Users\kosmos_corn88\ZuneDevices.exe
    2008-01-21 04:16 35,344,304 ----a-w C:\Users\kosmos_corn88\zunesetuppkg-x86.exe
    2008-01-21 03:28 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-20 20:53 174,882,824 ----a-w C:\Users\kosmos_corn88\ZunePackage.exe
    2008-01-20 20:30 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
    2008-01-20 20:30 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
    2008-01-20 18:49 --------- d-----w C:\Users\kosmos_corn88\AppData\Roaming\Move Networks
    2008-01-20 04:00 --------- d-----w C:\Program Files\uTorrent
    2008-01-20 03:35 --------- d-----w C:\ProgramData\Microsoft Help
    2008-01-20 03:34 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-20 03:33 --------- d-----w C:\Program Files\MSBuild
    2008-01-20 03:31 --------- d-----w C:\Program Files\Microsoft.NET
    2008-01-20 03:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-01-20 03:23 --------- d-----w C:\Program Files\Roxio
    2008-01-20 03:22 --------- d-----w C:\ProgramData\Sonic
    2008-01-20 03:21 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2008-01-20 03:19 --------- d-----w C:\Program Files\Common Files\SureThing Shared
    2008-01-20 03:17 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2008-01-20 03:15 --------- d-----w C:\ProgramData\InstallShield
    2008-01-20 03:13 --------- d--h--w C:\Program Files\Creative Installation Information
    2008-01-20 03:09 --------- d-----w C:\Program Files\OpenAL
    2008-01-20 02:56 --------- d-----w C:\Program Files\Norton AntiVirus
    2008-01-20 02:21 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-01-20 02:21 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2008-01-31 01:17 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DELL Webcam Manager "= "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 12:14 118784]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
    "DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-13 18:09 486856]
    "NVIDIA nTune "= "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 19:04 1006264]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
    "VolPanel "= "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 16:22 184320]
    "UpdReg "= "C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
    "RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
    "OEM03Mon.exe "= "C:\Windows\OEM03Mon.exe" [2007-05-18 12:00 36864]
    "Zune Launcher "= "c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "CTxfiHlp "= "CTXFIHLP.EXE" [2008-01-15 05:55 23552 C:\Windows\System32\Ctxfihlp.exe]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - C:\Windows\Installer\{163D89DD-7386-412D-837F-D2B3131780D3}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-01-23 02:59:55 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify "=dword:00000001
    "InternetSettingsDisableNotify "=dword:00000001
    "AutoUpdateDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{508614A6-F703-4680-BF7E-9CABE52CAC5F} "= UDP:D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
    "{6C17E28F-6922-4887-9AA7-A1E52B18207A} "= TCP:D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall "= 0 (0x0)

    R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 21:05]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080314.001\IDSvix86.sys [2008-02-13 11:18]
    R2 LiveUpdate Notice;LiveUpdate Notice; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-01-15 08:12]
    R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\Windows\system32\Drivers\OEM03Afx.sys [2007-06-07 12:00]
    R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys [2007-03-05 05:45]
    R3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys [2007-04-24 12:00]
    R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys [2007-01-15 18:57]
    R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 15:50]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 02:30]
    S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
    S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-26 02:50:21 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - kosmos_corn88.job "
    - C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-16 01:35:47
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
    -> C:\Windows\system32\DLAAPI_W.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-03-16 1:37:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-16 06:37:31
    .
    2008-03-13 20:10:34 --- E O F ---




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:39:07 AM, on 3/16/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\OEM03Mon.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Windows\System32\Ctxfihlp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\Explorer.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Windows\system32\notepad.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 7527 bytes
     
    merlinone,
    #3
  5. 2008/03/16
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi merlinone

    Do you have a web cam installed? There are some drivers I can't get much info on.


    I see you have P2P software ([color= "Red"] Limewire, BitTorrent uTorrent etc… [/color]) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here,
    here and here.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


    Lets get a on-line scan.

    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

    You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/03/16
    merlinone

    merlinone Inactive Thread Starter

    Joined:
    2004/01/17
    Messages:
    103
    Likes Received:
    0
    there is a webcam that is integrated with the monitor.
    Here is the report:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, March 16, 2008 1:39:46 PM
    Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 16/03/2008
    Kaspersky Anti-Virus database records: 633666
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 95114
    Number of viruses found: 2
    Number of infected objects: 5
    Number of suspicious objects: 0
    Duration of the scan process: 01:00:28

    Infected Object Name / Virus Name / Last Action
    C:\Boot\BCD Object is locked skipped
    C:\Boot\BCD.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\67a669b5e393d7590d0e3309d0ac77db_acddd649-6c29-4fc1-a67d-912e0f12f546 Object is locked skipped
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_acddd649-6c29-4fc1-a67d-912e0f12f546 Object is locked skipped
    C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
    C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
    C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
    C:\ProgramData\Symantec\Common Client\settings.BAK Object is locked skipped
    C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped
    C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped
    C:\ProgramData\Symantec\Common Client\{A8BDF965-D684-4C9C-BCD1-8D77D4782B10}.BAK Object is locked skipped
    C:\ProgramData\Symantec\Common Client\{A8BDF965-D684-4C9C-BCD1-8D77D4782B10}.DAT Object is locked skipped
    C:\ProgramData\Symantec\LiveUpdate\2008-03-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\Shl_{164FC592-4670-4342-97BC-191D3AB8A1CC}.ldb Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\Shl_{164FC592-4670-4342-97BC-191D3AB8A1CC}.sds Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
    C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
    C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
    C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir Object is locked skipped
    C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir Object is locked skipped
    C:\QooBox\Quarantine\C\Windows\System32\awtuvus.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UOL7RQDL\68_180_219_139[2] Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\UsrClass.dat{19f434e6-c6e1-11dc-9a07-001e4f9712b3}.TM.blf Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\UsrClass.dat{19f434e6-c6e1-11dc-9a07-001e4f9712b3}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows\UsrClass.dat{19f434e6-c6e1-11dc-9a07-001e4f9712b3}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Microsoft\Windows Defender\FileTracker\{9503E986-F0C5-4782-AAD3-9E5363D85FF0} Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Temp\Low\~DF9493.tmp Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Local\Temp\Low\~DF98A6.tmp Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
    C:\Users\kosmos_corn88\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
    C:\Users\kosmos_corn88\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Users\kosmos_corn88\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Users\kosmos_corn88\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Users\kosmos_corn88\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
    C:\Users\kosmos_corn88\NTUSER.DAT Object is locked skipped
    C:\Users\kosmos_corn88\ntuser.dat.LOG1 Object is locked skipped
    C:\Users\kosmos_corn88\ntuser.dat.LOG2 Object is locked skipped
    C:\Users\kosmos_corn88\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Users\kosmos_corn88\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\kosmos_corn88\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\Debug\PASSWD.LOG Object is locked skipped
    C:\Windows\Debug\sam.log Object is locked skipped
    C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
    C:\Windows\Logs\CBS\CBS.log Object is locked skipped
    C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
    C:\Windows\Logs\DPX\setupact.log Object is locked skipped
    C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
    C:\Windows\MEMORY.DMP Object is locked skipped
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
    C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
    C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
    C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
    C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
    C:\Windows\security\database\secedit.sdb Object is locked skipped
    C:\Windows\SoftwareDistribution\EventCache\{E8DB6E37-5384-4158-8D37-B0483EFAFF72}.bin Object is locked skipped
    C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\catroot2\edb.log Object is locked skipped
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\config\COMPONENTS Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
    C:\Windows\System32\config\DEFAULT Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
    C:\Windows\System32\config\SAM Object is locked skipped
    C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
    C:\Windows\System32\config\SECURITY Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
    C:\Windows\System32\config\SYSTEM Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
    C:\Windows\System32\drivers\sptd.sys Object is locked skipped
    C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
    C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
    C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
    C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
    C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
    C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
    C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
    C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
    C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
    C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
    C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
    C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
    C:\Windows\WindowsUpdate.log Object is locked skipped
    C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
    E:\Windows\security\database\secedit.sdb Object is locked skipped

    Scan process completed.
     
    merlinone,
    #5
  7. 2008/03/16
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi merlinone

    OK that looks good, please do this to clean things up.

    Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

    Then delete these.

    This tool.
    Smitfraudfix.exe

    These files.
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\SYSTEM32\Process.exe
    C:\WINDOWS\SYSTEM32\SrchSTS.exe
    C:\WINDOWS\system32\VCCLSID.exe
    C:\WINDOWS\system32\WS2Fix.exe
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\IEDFix.exe
    C:\WINDOWS\system32\VACFix.exe

    Then please run Kaspersky again and make sure you get this...
    Scan Statistics:
    Total number of scanned objects: 95114 <<OK if This changes
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0

    If it show anything other then 0 post the log.
    Let me know.

    Thanks
    Geri
     
    Geri,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...