1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Lost Admin Rights

Discussion in 'Malware and Virus Removal Archive' started by yalam2000, 2007/08/28.

Page 2 of 2
  1. 2007/09/01
    yalam2000

    yalam2000 Inactive Thread Starter

    Joined:
    2007/08/28
    Messages:
    17
    Likes Received:
    0
    Good Afternoon Dave


    Deleting below is successful

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

    {a52c2363-1706-11db-803e-001302a950db}

    and not able to find the same after reboot

    But came back after inserting Flash drive.

    Thanks,
    Yalam2000
     
    yalam2000,
    #21
  2. 2007/09/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I suspected it might. There's an autorun.inf file on that flash drive, whether you can see it or not. Recommend you format the flash drive and delete that registry entry again.
     
    noahdfear,
    #22


  3. to hide this advert.

  4. 2007/09/02
    yalam2000

    yalam2000 Inactive Thread Starter

    Joined:
    2007/08/28
    Messages:
    17
    Likes Received:
    0
    Formatting Flash Drive is successful.

    {a52c2363-1706-11db-803e-001302a950db} delted manually

    Entry is coming back after inserting Flash Drive.

    But contents

    Auto\command- MicrosoftPowerPoint.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    vanished.

    and able to open Flash drive just by double clicking

    Main.txt

    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 02:14 PM]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 02:11 PM]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 02:15 PM]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 02:30 AM]
    "MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 02:30 AM]
    "PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 02:30 AM]
    "PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 02:30 AM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 03:18 PM]
    "SigmatelSysTrayApp "= "stsystra.exe" [03/24/2006 02:00 PM C:\WINDOWS\stsystra.exe]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 12:28 PM]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 09:18 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 05:59 PM]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/26/2005 10:32 PM]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 02:20 PM]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 02:20 PM]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 03:59 PM]
    "MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 09:35 AM]
    "MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 02:30 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/19/2006 02:42 PM]
    "IntelZeroConfig "= "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/01/2006 06:58 AM]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [05/01/2006 06:58 AM]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 06:51 AM]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 04:57 PM]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [08/12/2005 01:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 03:03 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/16/2005 08:43 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [01/26/2007 03:57 PM]
    "DownloadAccelerator "= "C:\Program Files\DAP\DAP.exe" [06/19/2007 10:16 PM]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
    "PCSuiteTrayApplication "= "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [06/15/2006 12:36 PM]
    "SpeedTouch USB Diagnostics "= "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [01/26/2004 11:38 AM]
    "KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold "= "C:\Program Files\NetWaiting\netWaiting.exe" [09/09/2003 11:54 PM]
    "DellSupport "= "C:\Program Files\Dell Support\DSAgnt.exe" [05/14/2005 11:34 PM]
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 07:19 PM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:54 PM]
    "VoipCheapCom "= "C:\program files\voipcheapcom\voipcheapcom.exe" [04/05/2007 10:17 AM]
    "BitTorrent "= "C:\Program Files\BitTorrent\bittorrent.exe" []
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/20/2007 05:09 PM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:30 AM]
    "SifyBB "= "C:\Program Files\Sify Broadband\BBImpSec.exe" [04/21/2006 08:04 PM]
    "Crammer "= "C:\dictionary\Dictionary\Dictionary\Crammer.exe" []
    "PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/27/2006 04:21 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [7/14/2006 6:36:14 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/14/2006 6:30:18 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/12/2001 10:31:04 PM]
    VPN Client.lnk - C:\WINDOWS\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [6/15/2007 8:29:16 PM]




    -- End of Deckard's System Scanner: finished at 2007-09-02 12:16:12 ------------
     
    yalam2000,
    #23
  5. 2007/09/02
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. :)

    Delete the tools we used and the files\folders they created.

    dss.exe and the shortcut
    SmitfraudFix and the SmitfraudFix folder
    check.bat and check.text
    fix.reg
    Flashdrive_Disinfector
    C:\Deckard
    C:\rapport.txt

    Keep the HostsExpert and ATF Cleaner

    Run ATF Cleaner again, using the Select All option.

    Recommend you do an online scan to be sure we haven't missed something.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC now button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Select the appropriate Yes or No to receiving marketing information
    • Click the Free Online Scan button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report along with a fresh HJT log.


    [SIZE= "3"]Or[/SIZE]


    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Post the Kaspersky log and one more fresh HijackThis log.
     
    noahdfear,
    #24
  6. 2007/09/02
    yalam2000

    yalam2000 Inactive Thread Starter

    Joined:
    2007/08/28
    Messages:
    17
    Likes Received:
    0
    Good Evening Dave

    Kaspersky Log


    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Monday, September 03, 2007 7:07:21 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 2/09/2007
    Kaspersky Anti-Virus database records: 402588
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 71375
    Number of viruses found: 5
    Number of infected objects: 29
    Number of suspicious objects: 0
    Duration of the scan process: 02:14:50

    Infected Object Name / Virus Name / Last Action
    C:\Deckard\System Scanner\20070829181550\backup\DOCUME~1\APPAYA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\YJAB2NUZ\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
    C:\Deckard\System Scanner\20070829181550\backup\DOCUME~1\APPAYA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\YJAB2NUZ\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
    C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Logs\hnm_svc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40000\4EFE82BE.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40001\4EFE82EB.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40002\4EFE85F8.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40003\4EFE896B.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40004\4EFE89B0.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40005\4EFE89CC.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40006\4EFE89E7.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40007\4EFE8A03.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40008\4EFE8B26.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40009\4EFE8DB0.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B4000A\4EFE8DE9.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B4000B\4EFE8E05.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B4000C\4EFE8E20.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B4000D\4EFE8E3D.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B4000E\4EFE8E58.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B4000F\4EFE8E73.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40010\4EFE8E8F.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40011\4EFE8EAA.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40012\4EFE8EC6.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08B40013\4EFE8EE1.VBN Infected: Worm.Win32.Passma skipped
    C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst1.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst10.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst11.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst12.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst13.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst14.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst15.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst2.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst3.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst4.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst5.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst6.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst7.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst8.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst9.wpl Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sedona2_0008.jpg Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
    C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\History\History.IE5\MSHist012007090220070903\index.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Temp\Perflib_Perfdata_da8.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Temp\Perflib_Perfdata_fd8.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Temp\~DF126A.tmp Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Temp\~DF7623.tmp Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Temp\~DFF016.tmp Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Temp\~DFF023.tmp Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Appa Yalam\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Appa Yalam\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
    C:\Program Files\DAP\History\Appa Yalam\_lasthist.dat Object is locked skipped
    C:\Program Files\DAP\History\Malleswari\_lasthist.dat Object is locked skipped
    C:\Program Files\DAP\Log\DAP_REPORT.LOG Object is locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0180NAV~.TMP Object is locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0915NAV~.TMP Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0055658.rbf Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP286\A0058063.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP286\A0058072.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP286\A0058072.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP286\A0058072.exe RarSFX: infected - 2 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP286\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\etc\2.hosts Infected: Trojan.Win32.Qhost.my skipped
    C:\WINDOWS\system32\drivers\etc\3.hosts Infected: Trojan.Win32.Qhost.my skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.


    Hijack This Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:14:30 AM, on 9/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\program files\voipcheapcom\voipcheapcom.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\DAP\DAP.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scdl.net/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VoipCheapCom] "C:\program files\voipcheapcom\voipcheapcom.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
    O4 - HKCU\..\Run: [Crammer] C:\dictionary\Dictionary\Dictionary\Crammer.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Dell Network Assistant.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188217067843
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sap.webex.com/client/v_mywebex-sap/webex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{013CE9B2-B917-4B73-B6C4-616E5B5F4FD6}: NameServer = 218.248.240.23 218.248.240.135
    O17 - HKLM\System\CCS\Services\Tcpip\..\{880219E6-7F2A-4A80-97EA-3CDF0FD9247F}: NameServer = 202.144.105.4,202.144.10.50
    O17 - HKLM\System\CS3\Services\Tcpip\..\{013CE9B2-B917-4B73-B6C4-616E5B5F4FD6}: NameServer = 218.248.240.23 218.248.240.135
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 13812 bytes
     
    yalam2000,
    #25
  7. 2007/09/02
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Delete the following.

    C:\Deckard << folder
    C:\WINDOWS\system32\drivers\etc\2.hosts << file
    C:\WINDOWS\system32\drivers\etc\3.hosts << file

    Open the Norton Antivirus interface and delete all of the quarantined files.

    Open Add/Remove programs and uninstall all Java (JRE) installations, then delete everything inside of the C:\Program Files\Java folder. Yours is outdated, and old versions can be exploited if left on the system.

    Empty the recycle bin.

    Reboot.

    Go here and download/install the latest version of Java.

    Once the above is done, your system is clean, with the exception of some infected System Restore points. If you feel the system is working as it should, proceed with the following instructions to clear those restore points and create a new one.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

    Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showpost.php?p=356653&postcount=49

    Surf safe!
     
    noahdfear,
    #26
  8. 2007/09/03
    yalam2000

    yalam2000 Inactive Thread Starter

    Joined:
    2007/08/28
    Messages:
    17
    Likes Received:
    0
    Thank you very much Mr.Dave

    Created new restore point.

    McAfee firewall plus licence was expired. So uninstalled the program.

    Can you please suggest one good free personal firewall product.

    Yalam2000
     
    yalam2000,
    #27
  9. 2007/09/03
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    My preference is Zone Alarm. Others here are leaning towards Comodo.

    I know, I know ....... that's two :p

    You're most welcome, Yalam2000. Glad I could help. :)
     
    noahdfear,
    #28
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...