1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Virus/Spyware infection.

Discussion in 'Malware and Virus Removal Archive' started by Shorerider, 2007/09/27.

  1. 2007/09/27
    Shorerider

    Shorerider Inactive Thread Starter

    Joined:
    2006/09/30
    Messages:
    93
    Likes Received:
    0
    [Resolved] Virus/Spyware infection.

    My machine is infected with a virus and/or Spyware.

    I keep getting warnings about the infection which suggest I click ok to "download spyware remover for total protection ".

    I also have multiple atempts to change my home page as warned by Norton.

    I also get new windows opening automatically to virus/spyware removing websites. securepccleaner and winsecurecentre to name a couple.

    Could someone please go over my HijackThis log and recommend me a course of action?



    Thanks, Shorerider:( .

    New HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:44:47 AM, on 9/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
    C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-au\msntb.dll
    O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-au\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe "
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180506225375
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O21 - SSODL: mssql - {4069FF2C-A4A4-4513-8715-C4A9B605847B} - C:\WINDOWS\mssql.dll
    O21 - SSODL: syscore - {8595EA74-80DB-4B70-A0D3-E8C4F2EE0403} - C:\WINDOWS\syscore.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 10619 bytes



    Deckard's main.txt


    Deckard's System Scanner v20070905.67
    Run by The Cauchi's on 2007-09-28 11:11:53
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    28: 2007-09-28 01:13:37 UTC - RP1049 - Deckard's System Scanner Restore Point
    27: 2007-09-27 02:48:23 UTC - RP1048 - System Checkpoint
    26: 2007-09-26 00:49:52 UTC - RP1047 - System Checkpoint
    25: 2007-09-25 00:33:37 UTC - RP1046 - System Checkpoint
    24: 2007-09-23 15:11:57 UTC - RP1045 - System Checkpoint


    -- First Restore Point --
    1: 2007-08-29 04:42:42 UTC - RP1022 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 224 MiB (512 MiB recommended).
    System Drive C: has 1.17 GiB (less than 15%) free.


    -- HijackThis (run as The Cauchi's.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:25:34 AM, on 9/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
    C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\The Cauchi's\Local Settings\Temporary Internet Files\Content.IE5\4DUFC9EB\dss[1].exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\The Cauchi's.exe
    C:\WINDOWS\system32\dumprep.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-au\msntb.dll
    O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-au\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe "
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180506225375
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O21 - SSODL: mssql - {4069FF2C-A4A4-4513-8715-C4A9B605847B} - C:\WINDOWS\mssql.dll
    O21 - SSODL: syscore - {8595EA74-80DB-4B70-A0D3-E8C4F2EE0403} - C:\WINDOWS\syscore.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 10708 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 SiSEsc (SISLIB_ESC) - c:\windows\system32\sisesc.sys
    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-09-22 08:21:16 562 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - The Cauchi's.job


    -- Files created between 2007-08-28 and 2007-09-28 -----------------------------

    2007-09-28 10:31:11 0 d-------- C:\Program Files\Trend Micro
    2007-09-28 00:40:09 225280 --a------ C:\WINDOWS\syscore.dll
    2007-09-28 00:40:09 32256 --a------ C:\WINDOWS\main_uninstaller.exe
    2007-09-28 00:40:08 217088 --a------ C:\WINDOWS\mssql.dll <Not Verified; ; mssql>
    2007-09-28 00:40:07 75264 --a------ C:\WINDOWS\advpn.dll <Not Verified; ; advpn Module>


    -- Find3M Report ---------------------------------------------------------------

    2007-08-19 08:45:40 1224748 --a------ C:\Documents and Settings\The Cauchi's\Application Data\NMM-MetaData.db


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG "= "C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 PM]
    "SiS Tray "= "C:\WINDOWS\System32\sistray.EXE" [08/19/2003 02:12 PM]
    "SiS Windows KeyHook "= "C:\WINDOWS\System32\keyhook.exe" [08/19/2003 02:11 PM]
    "NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [10/06/2003 02:16 PM]
    "nwiz "= "nwiz.exe" [10/06/2003 02:16 PM C:\WINDOWS\system32\nwiz.exe]
    "CTHelper "= "CTHELPER.EXE" [06/20/2003 02:55 PM C:\WINDOWS\system32\CTHELPER.EXE]
    "AsioReg "= "REGSVR32.exe" [08/04/2004 05:56 PM C:\WINDOWS\system32\regsvr32.exe]
    "SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [12/03/2002 06:06 PM]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
    "SoundMan "= "SOUNDMAN.EXE" [08/14/2003 11:34 PM C:\WINDOWS\soundman.exe]
    "Lexmark X5100 Series "= "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [03/04/2003 10:49 PM]
    "msnappau "= "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe" []
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
    "WinPatrol "= "C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [07/20/2006 09:38 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/07/2005 10:05 PM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    "Symantec NetDriver Warning "=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)
    "DisableTaskMgr "=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "mssql "= {4069FF2C-A4A4-4513-8715-C4A9B605847B} - C:\WINDOWS\mssql.dll [09/27/2007 10:34 PM 217088]
    "syscore "= {8595EA74-80DB-4B70-A0D3-E8C4F2EE0403} - C:\WINDOWS\syscore.dll [09/27/2007 10:34 PM 225280]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
    C:\WINDOWS\system32\sumsw32.exe



    -- End of Deckard's System Scanner: finished at 2007-09-28 11:33:33 ------------
     
    Last edited: 2007/09/27
    Shorerider,
    #1
  2. 2007/09/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/09/27
    Shorerider

    Shorerider Inactive Thread Starter

    Joined:
    2006/09/30
    Messages:
    93
    Likes Received:
    0
    Original has been edited with new logs.



    Thanks for the quick reply, Shorerider.
     
    Shorerider,
    #3
  5. 2007/09/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Thanks! :)

    SmitfraudFix will deal with most of this.

    Download SmitfraudFix by S!Ri, saving it to the desktop.

    • Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.
    • Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.
    • You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.
    • If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.
    • Reboot to normal mode when the tool completes.

    Post the contents of C:\rapport.txt and a fresh dss log in a new reply.
     
    noahdfear,
    #4
  6. 2007/09/27
    Shorerider

    Shorerider Inactive Thread Starter

    Joined:
    2006/09/30
    Messages:
    93
    Likes Received:
    0
    I will be unable to reply for another 9-10 hours as I'm off to work :( . However I will respond to any replys once I return.

    Thanks, Shorerider.

    Rapport:


    SmitFraudFix v2.231

    Scan done at 13:47:10.18, Fri 09/28/2007
    Run from C:\HJT\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\main_uninstaller.exe Deleted
    C:\WINDOWS\mssql.dll Deleted
    Deleting [HKEY_CLASSES_ROOT\CLSID\{4069FF2C-A4A4-4513-8715-C4A9B605847B}]
    C:\WINDOWS\syscore.dll Deleted
    Deleting [HKEY_CLASSES_ROOT\CLSID\{8595EA74-80DB-4B70-A0D3-E8C4F2EE0403}]
    C:\DOCUME~1\THECAU~1\FAVORI~1\Error Cleaner.url Deleted
    C:\DOCUME~1\THECAU~1\FAVORI~1\Privacy Protector.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7D5DD02D-9DCE-469E-BF2A-81F9BE3E95C7}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7D5DD02D-9DCE-469E-BF2A-81F9BE3E95C7}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{7D5DD02D-9DCE-469E-BF2A-81F9BE3E95C7}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "system "=" "


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End





    Dss log:



    Deckard's System Scanner v20070905.67
    Run by The Cauchi's on 2007-09-28 14:14:11
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 224 MiB (512 MiB recommended).
    System Drive C: has 1.79 GiB (less than 15%) free.


    -- HijackThis (run as The Cauchi's.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:14:41 PM, on 9/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
    C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\HJT\Deckard's.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\THECAU~1.EXE

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-au\msntb.dll
    O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-au\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe "
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180506225375
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 10398 bytes

    -- Files created between 2007-08-28 and 2007-09-28 -----------------------------

    2007-09-28 13:47:23 3292 --a------ C:\WINDOWS\system32\tmp.reg
    2007-09-28 13:35:27 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-09-28 13:35:27 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-09-28 13:35:26 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-09-28 13:35:25 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-09-28 10:31:11 0 d-------- C:\Program Files\Trend Micro
    2007-09-28 00:40:07 75264 --a------ C:\WINDOWS\advpn.dll <Not Verified; ; advpn Module>


    -- Find3M Report ---------------------------------------------------------------

    2007-08-19 08:45:40 1224748 --a------ C:\Documents and Settings\The Cauchi's\Application Data\NMM-MetaData.db


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG "= "C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 PM]
    "SiS Tray "= "C:\WINDOWS\System32\sistray.EXE" [08/19/2003 02:12 PM]
    "SiS Windows KeyHook "= "C:\WINDOWS\System32\keyhook.exe" [08/19/2003 02:11 PM]
    "NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [10/06/2003 02:16 PM]
    "nwiz "= "nwiz.exe" [10/06/2003 02:16 PM C:\WINDOWS\system32\nwiz.exe]
    "CTHelper "= "CTHELPER.EXE" [06/20/2003 02:55 PM C:\WINDOWS\system32\CTHELPER.EXE]
    "AsioReg "= "REGSVR32.exe" [08/04/2004 05:56 PM C:\WINDOWS\system32\regsvr32.exe]
    "SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [12/03/2002 06:06 PM]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
    "SoundMan "= "SOUNDMAN.EXE" [08/14/2003 11:34 PM C:\WINDOWS\soundman.exe]
    "Lexmark X5100 Series "= "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [03/04/2003 10:49 PM]
    "msnappau "= "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe" []
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
    "WinPatrol "= "C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [07/20/2006 09:38 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/07/2005 10:05 PM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    "Symantec NetDriver Warning "=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
    C:\WINDOWS\system32\sumsw32.exe



    -- End of Deckard's System Scanner: finished at 2007-09-28 14:15:37 ------------
     
    Shorerider,
    #5
  7. 2007/09/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Delete the following files/folders

    SmitfraudFix.exe and the SmitfraudFix folder
    dss.exe
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\VCCLSID.exe
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\system32\SrchSTS.exe
    C:\WINDOWS\system32\Process.exe
    C:\WINDOWS\advpn.dll
    C:\Deckard
    C:\rapport.txt


    Copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

    Filename: fix.reg
    Save as type: All Files (*.*)

    Double click fix.reg and allow it to merge with the registry.

    Now delete fix.reg

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
    Reboot

    Now, lets make sure we haven't overlooked anything. Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and one more fresh HijackThis log.
     
    noahdfear,
    #6
  8. 2007/09/29
    Shorerider

    Shorerider Inactive Thread Starter

    Joined:
    2006/09/30
    Messages:
    93
    Likes Received:
    0
    I hope this is ok. The HijackThis Log made the post too long to include together with the Kapersky scan (ie:word limit)

    You'll find the new HijackThis log under this post.

    Thanks, Shorerider.


    Kaspersky Scan Report:


    KASPERSKY ONLINE SCANNER REPORT
    Saturday, September 29, 2007 6:15:00 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.1
    Kaspersky Anti-Virus database last update: 29/09/2007
    Kaspersky Anti-Virus database records: 424831


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\

    Scan Statistics
    Total number of scanned objects 51029
    Number of viruses found 36
    Number of infected objects 94
    Number of suspicious objects 6
    Duration of the scan process 01:16:46

    Infected Object Name Virus Name Last Action
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\bvzhcsil.exe Infected: Packed.Win32.Tibs.a skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\xftqotry.exe Infected: Packed.Win32.Tibs.a skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{A3730132-18EA-4082-B4EF-8CE66F018ED7}.bin Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCC7D73.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCC7D73.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCC7D73.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCC7D73.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCC7D73.zip CryptFF: infected - 3 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCC7D73.class Infected: Trojan.Java.ClassLoader.b skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B671B02.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\443E7313.class Infected: Trojan.Java.ClassLoader.u skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41E943C1.class Infected: Exploit.Java.ByteVerify skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\377B46CC.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\377B46CC.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\377B46CC.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\377B46CC.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\377B46CC.zip CryptFF: infected - 3 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\377B46CC.class Infected: Trojan.Java.ClassLoader.b skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378C18BA.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\379C6AA8.class Infected: Trojan.Java.ClassLoader.u skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26C753BD.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26C753BD.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26C753BD.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26C753BD.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26C753BD.zip CryptFF: infected - 3 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26C753BD.class Infected: Trojan.Java.ClassLoader.b skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CAC085D.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30017E5F.class Infected: Trojan.Java.ClassLoader.u skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\211D1764.anr Infected: Trojan-Downloader.Win32.Ani.c skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21204160.anr Infected: Trojan-Downloader.Win32.Ani.c skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21204160.class Infected: Trojan.Java.ClassLoader.h skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A496643.class Infected: Trojan.Java.ClassLoader.d skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5354040F.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5354040F.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5354040F.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5354040F.zip ZIP: infected - 3 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5354040F.zip CryptFF: infected - 3 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53572E0C.class Infected: Trojan.Java.ClassLoader.b skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ACF3F94.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B0B4A82.class Infected: Trojan.Java.ClassLoader.u skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D1B1E35/ddhgw.exe Suspicious: Password-protected-EXE skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D1B1E35 ZIP: suspicious - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D1B1E35 CryptFF: suspicious - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72807E45/ddhgw.exe Suspicious: Password-protected-EXE skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72807E45 ZIP: suspicious - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72807E45 CryptFF: suspicious - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CE51FE0.anr Infected: Trojan-Downloader.Win32.Ani.c skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CEB73D9.anr Infected: Trojan-Downloader.Win32.Ani.c skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D0543BC.class Infected: Trojan.Java.ClassLoader.h skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDF2E13.class Infected: Trojan.Java.ClassLoader.d skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ED926BE Infected: Virus.Win32.Implinker.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\702108DE Infected: Virus.Win32.Implinker.a skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26E81D6F.tmp Infected: Trojan-Downloader.Java.OpenStream.c skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4945739D.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49521B8F.exe Infected: Trojan-Downloader.Win32.Agent.akj skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49F54EDB.swi Infected: Trojan-Clicker.Win32.Small.js skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49FC22D4.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49FF4CD1.exe Infected: Packed.Win32.Tibs skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A0376CD.exe Infected: Trojan-Downloader.Win32.Small.cjk skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20B32A22.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A0620C9.exe Infected: Trojan-Downloader.Win32.Small.dbx skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A1348BB.exe Infected: Trojan-Downloader.Win32.Small.dbx skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D9C001E.exe Infected: Packed.Win32.Tibs skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A1672B7.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43645E1E.exe Infected: Packed.Win32.Tibs skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A191CB4.exe Infected: Trojan-Downloader.Win32.VB.aan skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A191CB4.dll Infected: not-virus:Hoax.Win32.VB.l skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A1D46B0.exe Infected: Trojan-Downloader.Win32.Adload.aq skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EF41A1C.exe Infected: not-virus:Hoax.Win32.VB.l skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A2070AD.exe Infected: not-a-virus:AdWare.Win32.BHO.ah skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A231AA9.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A85561B.exe Infected: Packed.Win32.Tibs skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\038E6582.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A2644A5.exe Infected: Trojan-Downloader.Win32.VB.aeq skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\204D341A.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A30429B.exe Infected: not-a-virus:AdWare.Win32.BHO.ah skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A336C97.exe Infected: Trojan-Downloader.Win32.Agent.akj skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A371693.exe Infected: Trojan-Downloader.Win32.Delf.ang skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\248F2727.exe Infected: Trojan-Downloader.Win32.Small.dkt skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\260D5782.exe Infected: Trojan-Downloader.Win32.Small.dkt skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B0F177E.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B8F7CF1.tmp Infected: Email-Worm.Win32.Warezov.ev skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5184286D.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1955710C.htm Infected: Exploit.HTML.IframeBof skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77D13786.exe Infected: P2P-Worm.Win32.VB.dw skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\The Cauchi's\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\The Cauchi's\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\The Cauchi's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\The Cauchi's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\The Cauchi's\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\The Cauchi's\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\The Cauchi's\Local Settings\History\History.IE5\MSHist012007092920070930\index.dat Object is locked skipped

    C:\Documents and Settings\The Cauchi's\My Documents\LimeWire\06 Track 6 (slaveunit).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped

    C:\Documents and Settings\The Cauchi's\My Documents\LimeWire\03 Track 3 (slaveunit).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped

    C:\Documents and Settings\The Cauchi's\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\The Cauchi's\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped

    C:\Documents and Settings\The Cauchi's\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped

    C:\Documents and Settings\The Cauchi's\Cookies\index.dat Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0152NAV~.TMP Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0794NAV~.TMP Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

    C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP1048\A0072905.dll Infected: not-a-virus:AdWare.Win32.Agent.ku skipped

    C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP1048\A0072906.ocx Infected: Trojan.Win32.Agent.bsv skipped

    C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP1049\A0072939.exe Infected: not-a-virus:AdWare.Win32.Agent.ks skipped

    C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP1049\A0072940.dll Infected: not-a-virus:AdWare.Win32.Agent.kv skipped

    C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP1049\A0072941.dll Infected: not-a-virus:AdWare.Win32.Agent.kw skipped

    C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP1049\A0072969.dll Infected: not-a-virus:AdWare.Win32.Agent.ks skipped

    C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP1049\change.log Object is locked skipped

    C:\HJT\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\HJT\SmitfraudFix.zip ZIP: infected - 1 skipped

    C:\HJT\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\HJT\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\HJT\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\HJT\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\HJT\SmitfraudFix.exe RarSFX: infected - 2 skipped

    Scan process completed.
     
    Last edited: 2007/09/29
    Shorerider,
    #7
  9. 2007/09/29
    Shorerider

    Shorerider Inactive Thread Starter

    Joined:
    2006/09/30
    Messages:
    93
    Likes Received:
    0
    HijackThis Log:



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:30:38 PM, on 9/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\keyhook.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-au\msntb.dll
    O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-au\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe "
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180506225375
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 10593 bytes
     
    Shorerider,
    #8
  10. 2007/09/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Not too bad. :)

    Delete the following infected files.

    C:\WINDOWS\system32\bvzhcsil.exe
    C:\WINDOWS\system32\xftqotry.exe
    C:\Documents and Settings\The Cauchi's\My Documents\LimeWire\06 Track 6 (slaveunit).wma
    C:\Documents and Settings\The Cauchi's\My Documents\LimeWire\03 Track 3 (slaveunit).wma

    Delete these as they are no longer needed.

    C:\HJT\SmitfraudFix.zip
    C:\HJT\SmitfraudFix << folder

    Open Norton Antivirus and delete all of the files in Quarantine.

    Empty the recycle bin.

    If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


    Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showpost.php?p=356653&postcount=49

    Surf safe!

    Does your computer seem to be performing normally again?
     
    noahdfear,
    #9
  11. 2007/09/29
    Shorerider

    Shorerider Inactive Thread Starter

    Joined:
    2006/09/30
    Messages:
    93
    Likes Received:
    0
    Yes, my computer seems to be back to normal now.

    Just to let you know, all this started when I was on a website similar YouTube. It asked for me to install the latest version of ActiveX to be able to view the site's video content. Once I did, all hell broke loose.

    I do have some of the apps that Geri has suggested, but will install some of the others that could fill in some of my security holes.



    Once again, thank you. For your time and patience.

    If ever you're in need of a favor from "Down under" I'm your man!


    Cheers, Paul. (Shorerider)
     
    Shorerider,
    #10
  12. 2007/09/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're most welcome Paul. Glad I could help. :)

    I'd appreciate it if you sent me a PM with that site's address. I'd like to see if it's a site already know to contain infections and make it known if it's not.

    Thanks!
     
    noahdfear,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...