Sign in to follow this  
yourgo

Pop-ups never stop

Recommended Posts

Help

Having a problem with pop-ups and been high jacket

 

In Internet properties I have turn up the security, blocked pop-ups and when pop-ups show up I add them to the security-restricted sites. The pop-ups still get through.

I am running Ad-Aware SE Built 1.06r1 with Norton’s 2005 anti-virus on Windows XP Home Edition, Pentium ® 4 CPU 3.2 and 1.5 GB Ram.

Any help would be appreciated

yourgo

Share this post


Link to post
Share on other sites

I would recommend that you do the following:

 

1. Run an Online Scan (do a full system scan). As some infections will disable the AntiVirus installed on your PC, to hide it's presence.

 

Go here and run at least one of the online scans, allow them to delete whatever they find:

 

Panda ActiveScan

eTrust AntiVirus Web Scanner

Note any thing that can't be fixed

Reboot when done.

 

2. Run a AAW full system scan with the latest version of Ad-Aware (build 1.06r1), and ensure that you have the latest definition file by performing a webupdate once Ad-Aware is loaded.

 

3. Post a HiJack This log, for the Malware Removal Experts to help you with.

 

Post all of your logs, here > HiJack This forum section.

Start your own thread, stating what problem you are having in the subject line, if you know the name of what you are infected with.

 

Please be patient, as there are alot of hjt logs that need to be read, and not all of the ppl here who try to help, such as myself are trained in reading hjt logs. And you need someone trained in this, who is a malware removal expert to help you. They will get to your log as soon as they get a chance.

 

Here are some instructions on how to post your HiJack This log, and the download link.

 

Download HijackThis.exe To your desk top.

hjt.gif

 

Now Click start then my computer, then local disk Which is usually c:/

Now click file > new folder > name it hijackthis or hjt anything you like;)

You should get this.

chjt.GIF

 

Now right click on HijackThis.exe which you just downloaded.

It will look like this hjt.gifchose cut

Open the folder right click and chose paste.

 

After which you should get some thing like this.

 

hjtfolder.GIF

 

Now start hijackthis. Do a system scan and save logfile, the saved the log file

will be in the folder you just created. Open the file click edit then select all click edit again then copy.

Return to the forum and start a new topic here then click edit then paste.

 

Now the fun begins. :D

Tutorial written by Little Eagle of Security Central and Revised by SkittlesPC

 

If you need instructions on posting your Ad-Aware scan log, here they are.

 

Please can you make sure that you are using

Ad-aware SE Build 106r1

Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

 

[if not Uninstall your old Ad-aware first then install SE]

 

Then use the WebUpDate

to get the latest Definition file

SE1R117 03.08.2006

 

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

 

Now scan doing a "Full Scan"

 

Click the "Show Log" button, copy and paste it to your thread.

(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

Share this post


Link to post
Share on other sites

Part 1

 

eTrust Antivirus Web Scanner

Scan Results: 134249 files scanned. 7 viruses were detected.

File Infection Status Path

ssqbn[1].exe Win32/SillyDl.ATE deleted C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GHERGPM7\

VSL.dl_ Win32/Zquest.D deleted C:\

UWA6P_0001_N68M2301NetInstaller.exe Win32/SillyDl.AFX deleted C:\WINDOWS\Downloaded Program Files\

kiuj0v.exe Win32/SillyDl.AHE deleted C:\WINDOWS\

lt.exe Win32/SillyDl.ATE cannot delete C:\WINDOWS\

apcvj.dat Win32/Qoologic.AB deleted C:\WINDOWS\system32\

ssqbn.exe Win32/SillyDl.ATE cannot delete C:\WINDOWS\system32\

 

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, August 04, 2006 3:43:56 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R117 03.08.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Suggestor(TAC index:10):1 total references

DSSAgent(TAC index:8):1 total references

MRU List(TAC index:0):28 total references

Prutect(TAC index:8):19 total references

Spyware.E2Give(TAC index:10):6 total references

Tracking Cookie(TAC index:3):1 total references

Win32.Generic.PWS(TAC index:10):22 total references

Win32.TrojanClicker(TAC index:10):4 total references

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

8-4-2006 3:43:56 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru

Description : list of recent documents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\nico mak computing\winzip\filemenu

Description : winzip recently used archives

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 1088

ThreadCreationTime : 8-4-2006 10:38:07 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1156

ThreadCreationTime : 8-4-2006 10:38:10 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1184

ThreadCreationTime : 8-4-2006 10:38:15 PM

BasePriority : High

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1236

ThreadCreationTime : 8-4-2006 10:38:15 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1248

ThreadCreationTime : 8-4-2006 10:38:15 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1428

ThreadCreationTime : 8-4-2006 10:38:17 PM

BasePriority : Normal

FileVersion : 6.14.10.4116

ProductVersion : 6.14.10.4116

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1452

ThreadCreationTime : 8-4-2006 10:38:17 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1536

ThreadCreationTime : 8-4-2006 10:38:17 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1628

ThreadCreationTime : 8-4-2006 10:38:17 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\System32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\System32\inicfg32.dll)

 

 

#:10 [incdsrv.exe]

FilePath : C:\Program Files\Ahead\InCD\

ProcessID : 1660

ThreadCreationTime : 8-4-2006 10:38:18 PM

BasePriority : Normal

FileVersion : 4, 3, 20, 1

ProductVersion : 4, 3, 20, 1

ProductName : Nero AG incdsrv

CompanyName : Nero AG

FileDescription : incdsrv

InternalName : incdsrv

LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Nero AG

OriginalFilename : incdsrv.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1784

ThreadCreationTime : 8-4-2006 10:38:19 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1904

ThreadCreationTime : 8-4-2006 10:38:19 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:13 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1968

ThreadCreationTime : 8-4-2006 10:38:20 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:14 [sndsrvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 2016

ThreadCreationTime : 8-4-2006 10:38:20 PM

BasePriority : Normal

FileVersion : 5.5.1.6

ProductVersion : 5.5

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation

OriginalFilename : SndSrvc.exe

 

#:15 [spbbcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\

ProcessID : 152

ThreadCreationTime : 8-4-2006 10:38:21 PM

BasePriority : Normal

FileVersion : 1,0,1,47

ProductVersion : 1,0,1,47

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:16 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 180

ThreadCreationTime : 8-4-2006 10:38:21 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:17 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 448

ThreadCreationTime : 8-4-2006 10:38:22 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:18 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ProcessID : 620

ThreadCreationTime : 8-4-2006 10:38:28 PM

BasePriority : Normal

FileVersion : 11.0.16.2

ProductVersion : 11.0.16

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:19 [npfmntor.exe]

FilePath : C:\Program Files\Norton AntiVirus\IWP\

ProcessID : 652

ThreadCreationTime : 8-4-2006 10:38:28 PM

BasePriority : Normal

FileVersion : 11.0.16.2

ProductVersion : 11.0.16

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Firewall Install Monitor

InternalName : NPFMonitor

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NPFMonitor.EXE

 

#:20 [starwindservice.exe]

FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\

ProcessID : 820

ThreadCreationTime : 8-4-2006 10:38:32 PM

BasePriority : Normal

FileVersion : 2.6.1 Build 0x20050401

ProductVersion : 2.6.1 Build 0x20050401

ProductName : StarWind

CompanyName : Rocket Division Software

FileDescription : StarWind iSCSI Target (Alcohol Edition)

InternalName : StarWind

LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved.

OriginalFilename : StarWind

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"Process terminated successfully

 

#:21 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 868

ThreadCreationTime : 8-4-2006 10:38:32 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:22 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 984

ThreadCreationTime : 8-4-2006 10:38:32 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\system32\wdfmgr.exe"Process terminated successfully

 

#:23 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 528

ThreadCreationTime : 8-4-2006 10:38:59 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:24 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 552

ThreadCreationTime : 8-4-2006 10:38:59 PM

BasePriority : Normal

FileVersion : 6.14.10.4116

ProductVersion : 6.14.10.4116

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:25 [wmiprvse.exe]

FilePath : C:\WINDOWS\system32\wbem\

ProcessID : 2096

ThreadCreationTime : 8-4-2006 10:39:04 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:26 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 2240

ThreadCreationTime : 8-4-2006 10:39:06 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:27 [soundman.exe]

FilePath : C:\WINDOWS\

ProcessID : 2628

ThreadCreationTime : 8-4-2006 10:39:21 PM

BasePriority : Normal

FileVersion : 5.1.0.30

ProductVersion : 5.1.0.29

ProductName : Realtek Sound Manager

CompanyName : Realtek Semiconductor Corp.

FileDescription : Realtek Sound Manager

InternalName : ALSMTray

LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.

OriginalFilename : ALSMTray.exe

Comments : Realtek AC97 Audio Sound Manager

 

#:28 [atiptaxx.exe]

FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\

ProcessID : 2872

ThreadCreationTime : 8-4-2006 10:39:23 PM

BasePriority : Normal

FileVersion : 6.14.10.5155

ProductVersion : 6.14.10.5155

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:29 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 2892

ThreadCreationTime : 8-4-2006 10:39:24 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:30 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2904

ThreadCreationTime : 8-4-2006 10:39:24 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:31 [ltmsg.exe]

FilePath : C:\WINDOWS\

ProcessID : 2972

ThreadCreationTime : 8-4-2006 10:39:26 PM

BasePriority : Normal

FileVersion : 3, 0, 0, 4

ProductVersion : 3, 0, 0, 4

ProductName : Agere Systems ltmsg

CompanyName : Agere Systems

FileDescription : ltmsg

InternalName : ltmsg

LegalCopyright : Copyright © 2003

OriginalFilename : ltmsg.exe

Comments : Messaging application for Agere Win Modem

 

#:32 [shwicon2k.exe]

FilePath : C:\Program Files\Multimedia Card Reader\

ProcessID : 3000

ThreadCreationTime : 8-4-2006 10:39:27 PM

BasePriority : Idle

FileVersion : 1, 4, 0, 8

ProductVersion : 1, 4, 0, 8

ProductName : Multimedia Card Reader

CompanyName : Alcor Micro, Corp.

FileDescription : Sunkist

InternalName : Sunkist

LegalCopyright : Copyright c 2002

OriginalFilename : Sunkist.exe

Comments : 6362 4.5 Slot 2000/XP

 

#:33 [vbptask.exe]

FilePath : C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\

ProcessID : 3032

ThreadCreationTime : 8-4-2006 10:39:28 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : VBPTask Application

CompanyName : FarStone Tech. Inc.

FileDescription : VBPTask MFC Application

InternalName : VBPTask

LegalCopyright : Copyright © 2000-2002 FarStone Tech. Inc.

OriginalFilename : VBPTask.EXE

 

#:34 [powers.exe]

FilePath : C:\WINDOWS\

ProcessID : 3088

ThreadCreationTime : 8-4-2006 10:39:30 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : prolink test

CompanyName : prolink

FileDescription : test

InternalName : test

LegalCopyright : Copyright c 2001

OriginalFilename : test.exe

 

#:35 [onetou~2.exe]

FilePath : C:\PROGRA~1\VISION~1\

ProcessID : 3180

ThreadCreationTime : 8-4-2006 10:39:33 PM

BasePriority : Normal

FileVersion : 3, 1, 3, 2

ProductVersion : 3, 1, 3, 2

ProductName : OneTouch Module

CompanyName : Visioneer Inc

FileDescription : OneTouch Module

InternalName : OneTouch Module

LegalCopyright : Copyright 1997 - 2002

LegalTrademarks : Visioneer owns all rights to this Module

OriginalFilename : OneTouch Module

Comments : Part of the OneTouch package

 

#:36 [tgcmd.exe]

FilePath : C:\Program Files\support.com\bin\

ProcessID : 3264

ThreadCreationTime : 8-4-2006 10:39:36 PM

BasePriority : Normal

FileVersion : 5,5,402,0

ProductVersion : 5,5,402,0

ProductName : Support.com Scheduler and Command Dispatcher

CompanyName : Support.com, Inc.

FileDescription : Support.com Scheduler and Command Dispatcher

InternalName : TGCMD

LegalCopyright : Copyright 1997-2069 Support.com

OriginalFilename : TGCMD.EXE

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:37 [e_fati9ha.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 3552

ThreadCreationTime : 8-4-2006 10:39:43 PM

BasePriority : Normal

FileVersion : 3.00

ProductVersion : 3.00

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S5I2H1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2004

OriginalFilename : E_S5I2H1.EXE

 

#:38 [em_exec.exe]

FilePath : C:\Program Files\Logitech\MouseWare\system\

ProcessID : 3580

ThreadCreationTime : 8-4-2006 10:39:43 PM

BasePriority : Normal

FileVersion : 9.79.025

ProductVersion : 9.79.025

ProductName : MouseWare

CompanyName : Logitech Inc.

FileDescription : Logitech Events Handler Application

InternalName : Em_Exec

LegalCopyright : © 1987-2003 Logitech. All rights reserved.

LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.

OriginalFilename : Em_Exec.exe

Comments : Created by the MouseWare team

 

#:39 [incd.exe]

FilePath : C:\Program Files\Ahead\InCD\

ProcessID : 3600

ThreadCreationTime : 8-4-2006 10:39:44 PM

BasePriority : Normal

FileVersion : 4, 3, 20, 1

ProductVersion : 4, 3, 20, 1

ProductName : Nero AG InCD

CompanyName : Nero AG

FileDescription : InCD

InternalName : InCD

LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Nero AG

OriginalFilename : InCD.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Ahead\InCD\InCD.exe"Process terminated successfully

 

#:40 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_07\bin\

ProcessID : 3656

ThreadCreationTime : 8-4-2006 10:39:44 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"Process terminated successfully

 

#:41 [fhsxc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3672

ThreadCreationTime : 8-4-2006 10:39:45 PM

BasePriority : Normal

 

 

#:42 [issch.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 3736

ThreadCreationTime : 8-4-2006 10:39:46 PM

BasePriority : Normal

FileVersion : 3, 10, 100, 1155

ProductVersion : 3, 10

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : issch.exe

 

#:43 [liveupdate.exe]

FilePath : C:\Program Files\LiveUpdate\

ProcessID : 3764

ThreadCreationTime : 8-4-2006 10:39:47 PM

BasePriority : Normal

FileVersion : 1.0.0.0

ProductVersion : 1.0.0.0

ProductName : LiveUpdate

FileDescription : LiveUpdate

InternalName : LiveUpdate.exe

LegalCopyright : © 2003-2004. All rights reserved.

OriginalFilename : LiveUpdate.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:44 [ahnciup.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3808

ThreadCreationTime : 8-4-2006 10:39:48 PM

BasePriority : Normal

 

 

#:45 [ssqbn.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3940

ThreadCreationTime : 8-4-2006 10:39:51 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\system32\ssqbn.exe"Process terminated successfully

 

#:46 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3980

ThreadCreationTime : 8-4-2006 10:39:51 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:47 [lt.exe]

FilePath : C:\WINDOWS\

ProcessID : 3988

ThreadCreationTime : 8-4-2006 10:39:51 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\lt.exe"Process terminated successfully

 

#:48 [wkcalrem.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\

ProcessID : 812

ThreadCreationTime : 8-4-2006 10:39:55 PM

BasePriority : Normal

FileVersion : 5.00.1928.1

ProductVersion : 5.00.1928.1

ProductName : Microsoft® Works 2000

CompanyName : Microsoft® Corporation

FileDescription : Microsoft® Works Calendar Reminder Service

InternalName : WkCalRem

LegalCopyright : © 1999 Microsoft Corp. All rights reserved.

OriginalFilename : WKCALREM.EXE

 

#:49 [usbshare.exe]

FilePath : C:\Program Files\USB Sharing\

ProcessID : 764

ThreadCreationTime : 8-4-2006 10:39:58 PM

BasePriority : Normal

 

 

#:50 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3240

ThreadCreationTime : 8-4-2006 10:41:10 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:51 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 2884

ThreadCreationTime : 8-4-2006 10:42:09 PM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 50

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value :

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value : AppID

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value : AppID3

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\iebhos.dll

 

Adware.Suggestor Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Adware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e2a3e7-00fe-4d31-a030-a10799ddca66}

 

DSSAgent Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\broderbund software\dss

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe, c:\windows\system32\lcewx.exe

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe, c:\windows\system32\lcewx.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 13

Objects found so far: 63

Share this post


Link to post
Share on other sites

Part 2

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 63

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:[email protected]/

Expires : 8-4-2007 2:35:18 PM

LastSync : Hits:10

UseCount : 0

Hits : 10

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 64

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.TrojanClicker Object Recognized!

Type : File

Data : wallpap[1].exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3QWF7149\

 

 

 

Spyware.E2Give Object Recognized!

Type : File

Data : A0000104.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{42C664FB-3BA3-4664-97AF-71030578B749}\RP2\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Spyware.E2Give Object Recognized!

Type : File

Data : A0000108.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{42C664FB-3BA3-4664-97AF-71030578B749}\RP2\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Spyware.E2Give Object Recognized!

Type : File

Data : A0000115.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{42C664FB-3BA3-4664-97AF-71030578B749}\RP2\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 68

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 68

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : iebhos.control.1

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : iebhos.control

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\downloadmanager

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : checkStarted

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : id

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : lastBuild

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : lastCheck

 

Prutect Object Recognized!

Type : Folder

TAC Rating : 8

Category : Malware

Comment : Prutect

Object : C:\Program Files\E2G

 

Prutect Object Recognized!

Type : File

Data : data19

TAC Rating : 8

Category : Malware

Comment :

Object : C:\Program Files\e2g\

 

 

 

Prutect Object Recognized!

Type : File

Data : IeBHOs.dll

TAC Rating : 8

Category : Malware

Comment :

Object : C:\Program Files\e2g\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\appid\iebhos.dll

 

Win32.TrojanClicker Object Recognized!

Type : RegData

Data : userinit.exe,vwlbilx.exe

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Userinit

Data : userinit.exe,vwlbilx.exe

 

Win32.TrojanClicker Object Recognized!

Type : File

Data : html1.htm

TAC Rating : 10

Category : Malware

Comment :

Object : C:\Program Files\

 

 

 

Win32.TrojanClicker Object Recognized!

Type : File

Data : html2.htm

TAC Rating : 10

Category : Malware

Comment :

Object : C:\Program Files\

 

 

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 15

Objects found so far: 83

 

4:03:18 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:19:21.516

Objects scanned:230061

Objects identified:33

Objects ignored:0

New critical objects:33

Logfile of HijackThis v1.99.1

Scan saved at 4:23:48 PM, on 8/4/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\PowerS.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\support.com\bin\tgcmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\fhsxc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\LiveUpdate\LiveUpdate.exe

C:\WINDOWS\system32\ahnciup.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\USB Sharing\usbshare.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\ViaVoice\Bin\engine.exe

C:\Program Files\Microsoft Works\MSWorks.exe

C:\Documents and Settings\Owner\My Documents\Reg files backup\Unzipped\hijackthis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\lcewx.exe

F2 - REG:system.ini: UserInit=userinit.exe,vwlbilx.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {157C2528-2438-471F-98D0-78FA7B4B3164} - \

O2 - BHO: (no name) - {15916AE8-F06D-4B44-BABA-9E2AB84D62A4} - \

O2 - BHO: (no name) - {1D7FE75A-4D03-46EF-B3C8-7777C79CF2C5} - \

O2 - BHO: (no name) - {1FA4997A-3465-40F5-BC93-7352A3F5EF44} - \

O2 - BHO: (no name) - {22F9438A-2108-4523-9E31-5291E9E61152} - \

O2 - BHO: (no name) - {239CEDDB-9880-4FC9-A4EF-3B4D0F2DFE5A} - \

O2 - BHO: (no name) - {2502D022-A346-4EA0-AC15-9AE074C719DF} - \

O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing)

O2 - BHO: (no name) - {31B96F13-F1B0-4770-A549-4DC3366AB652} - \

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll

O2 - BHO: (no name) - {36B4A6CA-3E99-4DC8-94BD-BBA10781800A} - \

O2 - BHO: (no name) - {4C03EAED-0878-4431-B04E-ED51A5C4931F} - \

O2 - BHO: (no name) - {59ECEFE8-529D-4F37-A875-1C839A7AD588} - \

O2 - BHO: (no name) - {5CF4399C-E4C4-4145-8FD4-CCB056C4146F} - \

O2 - BHO: (no name) - {5D99EB38-8A66-4E9F-9C5A-88F019DC67C3} - \

O2 - BHO: (no name) - {61343D0C-96D3-4751-A3DB-8AC55AEF2514} - \

O2 - BHO: (no name) - {6809F49C-91FF-4C6A-930C-4133C0560C9B} - \

O2 - BHO: (no name) - {6CF15DC6-D2FB-4C11-86ED-92695DB0869D} - \

O2 - BHO: (no name) - {6D20B913-1015-404F-AFB5-CC6C269D8DB9} - \

O2 - BHO: (no name) - {710A3317-8AE9-4C41-BEC1-8FFEA685E0E5} - \

O2 - BHO: (no name) - {73929110-C28E-45FA-A186-1AD803C3AB88} - \

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {77645659-E995-476F-9EEA-EF66CB337923} - \

O2 - BHO: (no name) - {7D0E6F57-D1EC-4302-8151-96D7984064F9} - \

O2 - BHO: (no name) - {7D319439-0652-4DC9-B9D9-A93E03FC378E} - \

O2 - BHO: (no name) - {7EAB2908-05B0-4632-B4C4-E055BAEB2B70} - \

O2 - BHO: (no name) - {88B29F86-B123-4A1D-AC8A-BC5E476B4ED5} - \

O2 - BHO: (no name) - {900F4D3A-8E01-4DE0-95C0-8D62CA674AC5} - \

O2 - BHO: (no name) - {965ED5FB-46D5-4040-9286-E9079FF45D79} - \

O2 - BHO: (no name) - {A1907A48-6908-4A3A-A7DA-DA8CA18F9308} - \

O2 - BHO: (no name) - {A546E737-26BE-4FD6-9021-229339B57221} - \

O2 - BHO: (no name) - {A71302EB-A07D-4AF4-9329-15F86DACE3C5} - \

O2 - BHO: (no name) - {A84E4EC5-4B1F-48A2-AA22-46FDFECD20E4} - \

O2 - BHO: (no name) - {AA1C28F3-B027-4F61-9EC4-F71CACB15D04} - \

O2 - BHO: (no name) - {ACB2584E-54B2-4D80-B5C3-521F3F1A934B} - \

O2 - BHO: (no name) - {AE2CE19E-D46C-4D9C-ADCE-40D6CB60F634} - \

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BE9846B8-DE47-4D96-B318-EF475188E45C} - \

O2 - BHO: (no name) - {C8D4DE31-C023-4ECB-85C6-7667DCDEA6A9} - \

O2 - BHO: (no name) - {C9AEF489-05DF-48F8-A8CF-3C7E7A86BFFF} - \

O2 - BHO: (no name) - {D134F6EA-8DD0-4FB8-9BA7-31344FF85DAC} - \

O2 - BHO: (no name) - {D2E5F30C-6ABB-452D-ABCE-1CFBD3985AB6} - \

O2 - BHO: Kweaj Class - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINDOWS\system32\ubbv.dll

O2 - BHO: (no name) - {E0AB8770-43C1-4001-89CB-748438B04E10} - \

O2 - BHO: (no name) - {E2410C85-300C-46DC-AD65-BD2DA8D89D67} - C:\Program Files\Online Services\megobapu.dll (file missing)

O2 - BHO: (no name) - {E4B4C422-3BBA-4FAF-9B90-C2FA078B7E93} - \

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O2 - BHO: (no name) - {E8EF7E19-39DA-4EE2-8491-02981A8F8D1E} - \

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {F12A651C-6F37-4496-BF20-8769BBDF5711} - \

O2 - BHO: (no name) - {F9213D09-4560-4564-BE2D-D7E8784C1AB8} - \

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\system32\fhsxc.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe

O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe

O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe

O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: USB Sharing.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07b430cd786595...tzip/RdxIE6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B604433A-5764-450A-BF5D-71FE9DDB8657}: NameServer = 192.168.0.1

O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\system32\ubbv.dll

O20 - AppInit_DLLs: inicfg32.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Share this post


Link to post
Share on other sites

Part 1

eTrust Antivirus Web Scanner

Scan Results: 134249 files scanned. 7 viruses were detected.

File Infection Status Path

ssqbn[1].exe Win32/SillyDl.ATE deleted C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GHERGPM7\

VSL.dl_ Win32/Zquest.D deleted C:\

UWA6P_0001_N68M2301NetInstaller.exe Win32/SillyDl.AFX deleted C:\WINDOWS\Downloaded Program Files\

kiuj0v.exe Win32/SillyDl.AHE deleted C:\WINDOWS\

lt.exe Win32/SillyDl.ATE cannot delete C:\WINDOWS\

apcvj.dat Win32/Qoologic.AB deleted C:\WINDOWS\system32\

ssqbn.exe Win32/SillyDl.ATE cannot delete C:\WINDOWS\system32\

 

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, August 04, 2006 3:43:56 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R117 03.08.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Suggestor(TAC index:10):1 total references

DSSAgent(TAC index:8):1 total references

MRU List(TAC index:0):28 total references

Prutect(TAC index:8):19 total references

Spyware.E2Give(TAC index:10):6 total references

Tracking Cookie(TAC index:3):1 total references

Win32.Generic.PWS(TAC index:10):22 total references

Win32.TrojanClicker(TAC index:10):4 total references

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

8-4-2006 3:43:56 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru

Description : list of recent documents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\nico mak computing\winzip\filemenu

Description : winzip recently used archives

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 1088

ThreadCreationTime : 8-4-2006 10:38:07 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1156

ThreadCreationTime : 8-4-2006 10:38:10 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1184

ThreadCreationTime : 8-4-2006 10:38:15 PM

BasePriority : High

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1236

ThreadCreationTime : 8-4-2006 10:38:15 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1248

ThreadCreationTime : 8-4-2006 10:38:15 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1428

ThreadCreationTime : 8-4-2006 10:38:17 PM

BasePriority : Normal

FileVersion : 6.14.10.4116

ProductVersion : 6.14.10.4116

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1452

ThreadCreationTime : 8-4-2006 10:38:17 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1536

ThreadCreationTime : 8-4-2006 10:38:17 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1628

ThreadCreationTime : 8-4-2006 10:38:17 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\System32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\System32\inicfg32.dll)

 

 

#:10 [incdsrv.exe]

FilePath : C:\Program Files\Ahead\InCD\

ProcessID : 1660

ThreadCreationTime : 8-4-2006 10:38:18 PM

BasePriority : Normal

FileVersion : 4, 3, 20, 1

ProductVersion : 4, 3, 20, 1

ProductName : Nero AG incdsrv

CompanyName : Nero AG

FileDescription : incdsrv

InternalName : incdsrv

LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Nero AG

OriginalFilename : incdsrv.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1784

ThreadCreationTime : 8-4-2006 10:38:19 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1904

ThreadCreationTime : 8-4-2006 10:38:19 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:13 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1968

ThreadCreationTime : 8-4-2006 10:38:20 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:14 [sndsrvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 2016

ThreadCreationTime : 8-4-2006 10:38:20 PM

BasePriority : Normal

FileVersion : 5.5.1.6

ProductVersion : 5.5

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation

OriginalFilename : SndSrvc.exe

 

#:15 [spbbcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\

ProcessID : 152

ThreadCreationTime : 8-4-2006 10:38:21 PM

BasePriority : Normal

FileVersion : 1,0,1,47

ProductVersion : 1,0,1,47

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:16 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 180

ThreadCreationTime : 8-4-2006 10:38:21 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:17 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 448

ThreadCreationTime : 8-4-2006 10:38:22 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:18 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ProcessID : 620

ThreadCreationTime : 8-4-2006 10:38:28 PM

BasePriority : Normal

FileVersion : 11.0.16.2

ProductVersion : 11.0.16

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:19 [npfmntor.exe]

FilePath : C:\Program Files\Norton AntiVirus\IWP\

ProcessID : 652

ThreadCreationTime : 8-4-2006 10:38:28 PM

BasePriority : Normal

FileVersion : 11.0.16.2

ProductVersion : 11.0.16

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Firewall Install Monitor

InternalName : NPFMonitor

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NPFMonitor.EXE

 

#:20 [starwindservice.exe]

FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\

ProcessID : 820

ThreadCreationTime : 8-4-2006 10:38:32 PM

BasePriority : Normal

FileVersion : 2.6.1 Build 0x20050401

ProductVersion : 2.6.1 Build 0x20050401

ProductName : StarWind

CompanyName : Rocket Division Software

FileDescription : StarWind iSCSI Target (Alcohol Edition)

InternalName : StarWind

LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved.

OriginalFilename : StarWind

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"Process terminated successfully

 

#:21 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 868

ThreadCreationTime : 8-4-2006 10:38:32 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:22 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 984

ThreadCreationTime : 8-4-2006 10:38:32 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\system32\wdfmgr.exe"Process terminated successfully

 

#:23 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 528

ThreadCreationTime : 8-4-2006 10:38:59 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:24 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 552

ThreadCreationTime : 8-4-2006 10:38:59 PM

BasePriority : Normal

FileVersion : 6.14.10.4116

ProductVersion : 6.14.10.4116

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:25 [wmiprvse.exe]

FilePath : C:\WINDOWS\system32\wbem\

ProcessID : 2096

ThreadCreationTime : 8-4-2006 10:39:04 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:26 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 2240

ThreadCreationTime : 8-4-2006 10:39:06 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:27 [soundman.exe]

FilePath : C:\WINDOWS\

ProcessID : 2628

ThreadCreationTime : 8-4-2006 10:39:21 PM

BasePriority : Normal

FileVersion : 5.1.0.30

ProductVersion : 5.1.0.29

ProductName : Realtek Sound Manager

CompanyName : Realtek Semiconductor Corp.

FileDescription : Realtek Sound Manager

InternalName : ALSMTray

LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.

OriginalFilename : ALSMTray.exe

Comments : Realtek AC97 Audio Sound Manager

 

#:28 [atiptaxx.exe]

FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\

ProcessID : 2872

ThreadCreationTime : 8-4-2006 10:39:23 PM

BasePriority : Normal

FileVersion : 6.14.10.5155

ProductVersion : 6.14.10.5155

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:29 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 2892

ThreadCreationTime : 8-4-2006 10:39:24 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:30 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2904

ThreadCreationTime : 8-4-2006 10:39:24 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:31 [ltmsg.exe]

FilePath : C:\WINDOWS\

ProcessID : 2972

ThreadCreationTime : 8-4-2006 10:39:26 PM

BasePriority : Normal

FileVersion : 3, 0, 0, 4

ProductVersion : 3, 0, 0, 4

ProductName : Agere Systems ltmsg

CompanyName : Agere Systems

FileDescription : ltmsg

InternalName : ltmsg

LegalCopyright : Copyright © 2003

OriginalFilename : ltmsg.exe

Comments : Messaging application for Agere Win Modem

 

#:32 [shwicon2k.exe]

FilePath : C:\Program Files\Multimedia Card Reader\

ProcessID : 3000

ThreadCreationTime : 8-4-2006 10:39:27 PM

BasePriority : Idle

FileVersion : 1, 4, 0, 8

ProductVersion : 1, 4, 0, 8

ProductName : Multimedia Card Reader

CompanyName : Alcor Micro, Corp.

FileDescription : Sunkist

InternalName : Sunkist

LegalCopyright : Copyright c 2002

OriginalFilename : Sunkist.exe

Comments : 6362 4.5 Slot 2000/XP

 

#:33 [vbptask.exe]

FilePath : C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\

ProcessID : 3032

ThreadCreationTime : 8-4-2006 10:39:28 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : VBPTask Application

CompanyName : FarStone Tech. Inc.

FileDescription : VBPTask MFC Application

InternalName : VBPTask

LegalCopyright : Copyright © 2000-2002 FarStone Tech. Inc.

OriginalFilename : VBPTask.EXE

 

#:34 [powers.exe]

FilePath : C:\WINDOWS\

ProcessID : 3088

ThreadCreationTime : 8-4-2006 10:39:30 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : prolink test

CompanyName : prolink

FileDescription : test

InternalName : test

LegalCopyright : Copyright c 2001

OriginalFilename : test.exe

 

#:35 [onetou~2.exe]

FilePath : C:\PROGRA~1\VISION~1\

ProcessID : 3180

ThreadCreationTime : 8-4-2006 10:39:33 PM

BasePriority : Normal

FileVersion : 3, 1, 3, 2

ProductVersion : 3, 1, 3, 2

ProductName : OneTouch Module

CompanyName : Visioneer Inc

FileDescription : OneTouch Module

InternalName : OneTouch Module

LegalCopyright : Copyright 1997 - 2002

LegalTrademarks : Visioneer owns all rights to this Module

OriginalFilename : OneTouch Module

Comments : Part of the OneTouch package

 

#:36 [tgcmd.exe]

FilePath : C:\Program Files\support.com\bin\

ProcessID : 3264

ThreadCreationTime : 8-4-2006 10:39:36 PM

BasePriority : Normal

FileVersion : 5,5,402,0

ProductVersion : 5,5,402,0

ProductName : Support.com Scheduler and Command Dispatcher

CompanyName : Support.com, Inc.

FileDescription : Support.com Scheduler and Command Dispatcher

InternalName : TGCMD

LegalCopyright : Copyright 1997-2069 Support.com

OriginalFilename : TGCMD.EXE

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:37 [e_fati9ha.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 3552

ThreadCreationTime : 8-4-2006 10:39:43 PM

BasePriority : Normal

FileVersion : 3.00

ProductVersion : 3.00

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S5I2H1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2004

OriginalFilename : E_S5I2H1.EXE

 

#:38 [em_exec.exe]

FilePath : C:\Program Files\Logitech\MouseWare\system\

ProcessID : 3580

ThreadCreationTime : 8-4-2006 10:39:43 PM

BasePriority : Normal

FileVersion : 9.79.025

ProductVersion : 9.79.025

ProductName : MouseWare

CompanyName : Logitech Inc.

FileDescription : Logitech Events Handler Application

InternalName : Em_Exec

LegalCopyright : © 1987-2003 Logitech. All rights reserved.

LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.

OriginalFilename : Em_Exec.exe

Comments : Created by the MouseWare team

 

#:39 [incd.exe]

FilePath : C:\Program Files\Ahead\InCD\

ProcessID : 3600

ThreadCreationTime : 8-4-2006 10:39:44 PM

BasePriority : Normal

FileVersion : 4, 3, 20, 1

ProductVersion : 4, 3, 20, 1

ProductName : Nero AG InCD

CompanyName : Nero AG

FileDescription : InCD

InternalName : InCD

LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Nero AG

OriginalFilename : InCD.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Ahead\InCD\InCD.exe"Process terminated successfully

 

#:40 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_07\bin\

ProcessID : 3656

ThreadCreationTime : 8-4-2006 10:39:44 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"Process terminated successfully

 

#:41 [fhsxc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3672

ThreadCreationTime : 8-4-2006 10:39:45 PM

BasePriority : Normal

 

 

#:42 [issch.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 3736

ThreadCreationTime : 8-4-2006 10:39:46 PM

BasePriority : Normal

FileVersion : 3, 10, 100, 1155

ProductVersion : 3, 10

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : issch.exe

 

#:43 [liveupdate.exe]

FilePath : C:\Program Files\LiveUpdate\

ProcessID : 3764

ThreadCreationTime : 8-4-2006 10:39:47 PM

BasePriority : Normal

FileVersion : 1.0.0.0

ProductVersion : 1.0.0.0

ProductName : LiveUpdate

FileDescription : LiveUpdate

InternalName : LiveUpdate.exe

LegalCopyright : © 2003-2004. All rights reserved.

OriginalFilename : LiveUpdate.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:44 [ahnciup.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3808

ThreadCreationTime : 8-4-2006 10:39:48 PM

BasePriority : Normal

 

 

#:45 [ssqbn.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3940

ThreadCreationTime : 8-4-2006 10:39:51 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\system32\ssqbn.exe"Process terminated successfully

 

#:46 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3980

ThreadCreationTime : 8-4-2006 10:39:51 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:47 [lt.exe]

FilePath : C:\WINDOWS\

ProcessID : 3988

ThreadCreationTime : 8-4-2006 10:39:51 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\lt.exe"Process terminated successfully

 

#:48 [wkcalrem.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\

ProcessID : 812

ThreadCreationTime : 8-4-2006 10:39:55 PM

BasePriority : Normal

FileVersion : 5.00.1928.1

ProductVersion : 5.00.1928.1

ProductName : Microsoft® Works 2000

CompanyName : Microsoft® Corporation

FileDescription : Microsoft® Works Calendar Reminder Service

InternalName : WkCalRem

LegalCopyright : © 1999 Microsoft Corp. All rights reserved.

OriginalFilename : WKCALREM.EXE

 

#:49 [usbshare.exe]

FilePath : C:\Program Files\USB Sharing\

ProcessID : 764

ThreadCreationTime : 8-4-2006 10:39:58 PM

BasePriority : Normal

 

 

#:50 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3240

ThreadCreationTime : 8-4-2006 10:41:10 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:51 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 2884

ThreadCreationTime : 8-4-2006 10:42:09 PM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 50

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value :

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value : AppID

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value : AppID3

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\iebhos.dll

 

Adware.Suggestor Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Adware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e2a3e7-00fe-4d31-a030-a10799ddca66}

 

DSSAgent Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\broderbund software\dss

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe, c:\windows\system32\lcewx.exe

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe, c:\windows\system32\lcewx.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 13

Objects found so far: 63

Share this post


Link to post
Share on other sites

Part 2

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 63

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:[email protected]/

Expires : 8-4-2007 2:35:18 PM

LastSync : Hits:10

UseCount : 0

Hits : 10

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 64

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.TrojanClicker Object Recognized!

Type : File

Data : wallpap[1].exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3QWF7149\

 

 

 

Spyware.E2Give Object Recognized!

Type : File

Data : A0000104.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{42C664FB-3BA3-4664-97AF-71030578B749}\RP2\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Spyware.E2Give Object Recognized!

Type : File

Data : A0000108.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{42C664FB-3BA3-4664-97AF-71030578B749}\RP2\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Spyware.E2Give Object Recognized!

Type : File

Data : A0000115.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{42C664FB-3BA3-4664-97AF-71030578B749}\RP2\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 68

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 68

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : iebhos.control.1

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : iebhos.control

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\downloadmanager

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : checkStarted

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : id

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : lastBuild

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : lastCheck

 

Prutect Object Recognized!

Type : Folder

TAC Rating : 8

Category : Malware

Comment : Prutect

Object : C:\Program Files\E2G

 

Prutect Object Recognized!

Type : File

Data : data19

TAC Rating : 8

Category : Malware

Comment :

Object : C:\Program Files\e2g\

 

 

 

Prutect Object Recognized!

Type : File

Data : IeBHOs.dll

TAC Rating : 8

Category : Malware

Comment :

Object : C:\Program Files\e2g\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\appid\iebhos.dll

 

Win32.TrojanClicker Object Recognized!

Type : RegData

Data : userinit.exe,vwlbilx.exe

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Userinit

Data : userinit.exe,vwlbilx.exe

 

Win32.TrojanClicker Object Recognized!

Type : File

Data : html1.htm

TAC Rating : 10

Category : Malware

Comment :

Object : C:\Program Files\

 

 

 

Win32.TrojanClicker Object Recognized!

Type : File

Data : html2.htm

TAC Rating : 10

Category : Malware

Comment :

Object : C:\Program Files\

 

 

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 15

Objects found so far: 83

 

4:03:18 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:19:21.516

Objects scanned:230061

Objects identified:33

Objects ignored:0

New critical objects:33

Logfile of HijackThis v1.99.1

Scan saved at 4:23:48 PM, on 8/4/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\PowerS.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\support.com\bin\tgcmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\fhsxc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\LiveUpdate\LiveUpdate.exe

C:\WINDOWS\system32\ahnciup.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\USB Sharing\usbshare.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\ViaVoice\Bin\engine.exe

C:\Program Files\Microsoft Works\MSWorks.exe

C:\Documents and Settings\Owner\My Documents\Reg files backup\Unzipped\hijackthis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\lcewx.exe

F2 - REG:system.ini: UserInit=userinit.exe,vwlbilx.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {157C2528-2438-471F-98D0-78FA7B4B3164} - \

O2 - BHO: (no name) - {15916AE8-F06D-4B44-BABA-9E2AB84D62A4} - \

O2 - BHO: (no name) - {1D7FE75A-4D03-46EF-B3C8-7777C79CF2C5} - \

O2 - BHO: (no name) - {1FA4997A-3465-40F5-BC93-7352A3F5EF44} - \

O2 - BHO: (no name) - {22F9438A-2108-4523-9E31-5291E9E61152} - \

O2 - BHO: (no name) - {239CEDDB-9880-4FC9-A4EF-3B4D0F2DFE5A} - \

O2 - BHO: (no name) - {2502D022-A346-4EA0-AC15-9AE074C719DF} - \

O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing)

O2 - BHO: (no name) - {31B96F13-F1B0-4770-A549-4DC3366AB652} - \

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll

O2 - BHO: (no name) - {36B4A6CA-3E99-4DC8-94BD-BBA10781800A} - \

O2 - BHO: (no name) - {4C03EAED-0878-4431-B04E-ED51A5C4931F} - \

O2 - BHO: (no name) - {59ECEFE8-529D-4F37-A875-1C839A7AD588} - \

O2 - BHO: (no name) - {5CF4399C-E4C4-4145-8FD4-CCB056C4146F} - \

O2 - BHO: (no name) - {5D99EB38-8A66-4E9F-9C5A-88F019DC67C3} - \

O2 - BHO: (no name) - {61343D0C-96D3-4751-A3DB-8AC55AEF2514} - \

O2 - BHO: (no name) - {6809F49C-91FF-4C6A-930C-4133C0560C9B} - \

O2 - BHO: (no name) - {6CF15DC6-D2FB-4C11-86ED-92695DB0869D} - \

O2 - BHO: (no name) - {6D20B913-1015-404F-AFB5-CC6C269D8DB9} - \

O2 - BHO: (no name) - {710A3317-8AE9-4C41-BEC1-8FFEA685E0E5} - \

O2 - BHO: (no name) - {73929110-C28E-45FA-A186-1AD803C3AB88} - \

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {77645659-E995-476F-9EEA-EF66CB337923} - \

O2 - BHO: (no name) - {7D0E6F57-D1EC-4302-8151-96D7984064F9} - \

O2 - BHO: (no name) - {7D319439-0652-4DC9-B9D9-A93E03FC378E} - \

O2 - BHO: (no name) - {7EAB2908-05B0-4632-B4C4-E055BAEB2B70} - \

O2 - BHO: (no name) - {88B29F86-B123-4A1D-AC8A-BC5E476B4ED5} - \

O2 - BHO: (no name) - {900F4D3A-8E01-4DE0-95C0-8D62CA674AC5} - \

O2 - BHO: (no name) - {965ED5FB-46D5-4040-9286-E9079FF45D79} - \

O2 - BHO: (no name) - {A1907A48-6908-4A3A-A7DA-DA8CA18F9308} - \

O2 - BHO: (no name) - {A546E737-26BE-4FD6-9021-229339B57221} - \

O2 - BHO: (no name) - {A71302EB-A07D-4AF4-9329-15F86DACE3C5} - \

O2 - BHO: (no name) - {A84E4EC5-4B1F-48A2-AA22-46FDFECD20E4} - \

O2 - BHO: (no name) - {AA1C28F3-B027-4F61-9EC4-F71CACB15D04} - \

O2 - BHO: (no name) - {ACB2584E-54B2-4D80-B5C3-521F3F1A934B} - \

O2 - BHO: (no name) - {AE2CE19E-D46C-4D9C-ADCE-40D6CB60F634} - \

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BE9846B8-DE47-4D96-B318-EF475188E45C} - \

O2 - BHO: (no name) - {C8D4DE31-C023-4ECB-85C6-7667DCDEA6A9} - \

O2 - BHO: (no name) - {C9AEF489-05DF-48F8-A8CF-3C7E7A86BFFF} - \

O2 - BHO: (no name) - {D134F6EA-8DD0-4FB8-9BA7-31344FF85DAC} - \

O2 - BHO: (no name) - {D2E5F30C-6ABB-452D-ABCE-1CFBD3985AB6} - \

O2 - BHO: Kweaj Class - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINDOWS\system32\ubbv.dll

O2 - BHO: (no name) - {E0AB8770-43C1-4001-89CB-748438B04E10} - \

O2 - BHO: (no name) - {E2410C85-300C-46DC-AD65-BD2DA8D89D67} - C:\Program Files\Online Services\megobapu.dll (file missing)

O2 - BHO: (no name) - {E4B4C422-3BBA-4FAF-9B90-C2FA078B7E93} - \

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O2 - BHO: (no name) - {E8EF7E19-39DA-4EE2-8491-02981A8F8D1E} - \

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {F12A651C-6F37-4496-BF20-8769BBDF5711} - \

O2 - BHO: (no name) - {F9213D09-4560-4564-BE2D-D7E8784C1AB8} - \

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\system32\fhsxc.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe

O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe

O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe

O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: USB Sharing.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07b430cd786595...tzip/RdxIE6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B604433A-5764-450A-BF5D-71FE9DDB8657}: NameServer = 192.168.0.1

O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\system32\ubbv.dll

O20 - AppInit_DLLs: inicfg32.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Share this post


Link to post
Share on other sites

Have had No reply in 8 days.

Here is a updated log files

Help

Having a problem with pop-ups and been high jacket

 

In Internet properties I have turn up the security, blocked pop-ups and when pop-ups show up I add them to the security-restricted sites. The pop-ups still get through.

I am running Ad-Aware SE Built 1.06r1 with Norton’s 2005 anti-virus on Windows XP Home Edition, Pentium ® 4 CPU 3.2 and 1.5 GB Ram.

Any help would be appreciated

Yourgo

 

 

Logfile of HijackThis v1.99.1

Scan saved at 2:42:56 PM, on 8/13/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\PowerS.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\support.com\bin\tgcmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\WINDOWS\system32\fhsxc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ahnciup.exe

C:\Program Files\LiveUpdate\LiveUpdate.exe

C:\WINDOWS\system32\ssqbn.exe

C:\WINDOWS\lt.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\USB Sharing\usbshare.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Program Files\Windows NT\Accessories\wordpad.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Owner\My Documents\Unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\lcewx.exe

F2 - REG:system.ini: UserInit=userinit.exe,vwlbilx.exe

O2 - BHO: (no name) - {06834924-FCC6-4EE4-AA16-8341C4155CDF} - \

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {136CA9A3-DDA5-4339-91C1-BE219B65DC10} - \

O2 - BHO: (no name) - {157C2528-2438-471F-98D0-78FA7B4B3164} - \

O2 - BHO: (no name) - {15916AE8-F06D-4B44-BABA-9E2AB84D62A4} - \

O2 - BHO: (no name) - {1D7FE75A-4D03-46EF-B3C8-7777C79CF2C5} - \

O2 - BHO: (no name) - {1FA4997A-3465-40F5-BC93-7352A3F5EF44} - \

O2 - BHO: (no name) - {22F9438A-2108-4523-9E31-5291E9E61152} - \

O2 - BHO: (no name) - {239CEDDB-9880-4FC9-A4EF-3B4D0F2DFE5A} - \

O2 - BHO: (no name) - {2502D022-A346-4EA0-AC15-9AE074C719DF} - \

O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing)

O2 - BHO: (no name) - {31B96F13-F1B0-4770-A549-4DC3366AB652} - \

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll

O2 - BHO: (no name) - {36B4A6CA-3E99-4DC8-94BD-BBA10781800A} - \

O2 - BHO: (no name) - {4C03EAED-0878-4431-B04E-ED51A5C4931F} - \

O2 - BHO: (no name) - {50023994-0052-488C-97E5-EEBCBCBBB890} - \

O2 - BHO: (no name) - {55E84824-1536-4166-AF04-F4F8CF5A5A32} - \

O2 - BHO: (no name) - {59ECEFE8-529D-4F37-A875-1C839A7AD588} - \

O2 - BHO: (no name) - {5B460B70-F18A-4FCA-A3B4-4E8526A2C677} - \

O2 - BHO: (no name) - {5CF4399C-E4C4-4145-8FD4-CCB056C4146F} - \

O2 - BHO: (no name) - {5D99EB38-8A66-4E9F-9C5A-88F019DC67C3} - \

O2 - BHO: (no name) - {5E06417A-6D9A-4175-A396-31C1A62595C5} - \

O2 - BHO: (no name) - {61343D0C-96D3-4751-A3DB-8AC55AEF2514} - \

O2 - BHO: (no name) - {6809F49C-91FF-4C6A-930C-4133C0560C9B} - \

O2 - BHO: (no name) - {6CF15DC6-D2FB-4C11-86ED-92695DB0869D} - \

O2 - BHO: (no name) - {6D20B913-1015-404F-AFB5-CC6C269D8DB9} - \

O2 - BHO: (no name) - {70D5F022-D06E-4391-A7A5-28038CA4278B} - \

O2 - BHO: (no name) - {710A3317-8AE9-4C41-BEC1-8FFEA685E0E5} - \

O2 - BHO: (no name) - {73929110-C28E-45FA-A186-1AD803C3AB88} - \

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {77645659-E995-476F-9EEA-EF66CB337923} - \

O2 - BHO: (no name) - {79AF64F9-C068-4C57-BEDF-B42AB1010DAB} - \

O2 - BHO: (no name) - {7D0E6F57-D1EC-4302-8151-96D7984064F9} - \

O2 - BHO: (no name) - {7D319439-0652-4DC9-B9D9-A93E03FC378E} - \

O2 - BHO: (no name) - {7EAB2908-05B0-4632-B4C4-E055BAEB2B70} - \

O2 - BHO: (no name) - {81DE53D2-9326-4232-9B61-8ACAC983687F} - \

O2 - BHO: (no name) - {88B29F86-B123-4A1D-AC8A-BC5E476B4ED5} - \

O2 - BHO: (no name) - {89182C57-0972-4BFD-8381-AE60A527759A} - \

O2 - BHO: (no name) - {900F4D3A-8E01-4DE0-95C0-8D62CA674AC5} - \

O2 - BHO: (no name) - {965ED5FB-46D5-4040-9286-E9079FF45D79} - \

O2 - BHO: (no name) - {96EE8C64-4CBD-4848-ADC6-4560B7BAE07C} - \

O2 - BHO: (no name) - {9EB4825F-198F-4822-911B-2C2A8E433EB2} - \

O2 - BHO: (no name) - {A1907A48-6908-4A3A-A7DA-DA8CA18F9308} - \

O2 - BHO: (no name) - {A546E737-26BE-4FD6-9021-229339B57221} - \

O2 - BHO: (no name) - {A71302EB-A07D-4AF4-9329-15F86DACE3C5} - \

O2 - BHO: (no name) - {A84E4EC5-4B1F-48A2-AA22-46FDFECD20E4} - \

O2 - BHO: (no name) - {AA1C28F3-B027-4F61-9EC4-F71CACB15D04} - \

O2 - BHO: (no name) - {ACB2584E-54B2-4D80-B5C3-521F3F1A934B} - \

O2 - BHO: (no name) - {AE2CE19E-D46C-4D9C-ADCE-40D6CB60F634} - \

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BE9846B8-DE47-4D96-B318-EF475188E45C} - \

O2 - BHO: (no name) - {C8D4DE31-C023-4ECB-85C6-7667DCDEA6A9} - \

O2 - BHO: (no name) - {C9AEF489-05DF-48F8-A8CF-3C7E7A86BFFF} - \

O2 - BHO: (no name) - {D134F6EA-8DD0-4FB8-9BA7-31344FF85DAC} - \

O2 - BHO: (no name) - {D2E5F30C-6ABB-452D-ABCE-1CFBD3985AB6} - \

O2 - BHO: (no name) - {D4D34DC9-3736-41CC-92EE-802FD14755F7} - \

O2 - BHO: Kweaj Class - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINDOWS\system32\ubbv.dll

O2 - BHO: (no name) - {E0AB8770-43C1-4001-89CB-748438B04E10} - \

O2 - BHO: (no name) - {E2410C85-300C-46DC-AD65-BD2DA8D89D67} - C:\Program Files\Online Services\megobapu.dll (file missing)

O2 - BHO: (no name) - {E4B4C422-3BBA-4FAF-9B90-C2FA078B7E93} - \

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O2 - BHO: (no name) - {E8EF7E19-39DA-4EE2-8491-02981A8F8D1E} - \

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {ED15F27D-203E-4FE5-BDEC-82218C8596D6} - \

O2 - BHO: (no name) - {F12A651C-6F37-4496-BF20-8769BBDF5711} - \

O2 - BHO: (no name) - {F5316453-7044-4DD9-94AA-3D366F4A9C6B} - \

O2 - BHO: (no name) - {F9213D09-4560-4564-BE2D-D7E8784C1AB8} - \

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\system32\fhsxc.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe

O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe

O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe

O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: USB Sharing.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07b430cd786595...tzip/RdxIE6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B604433A-5764-450A-BF5D-71FE9DDB8657}: NameServer = 192.168.0.1

O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\system32\ubbv.dll

O20 - AppInit_DLLs: inicfg32.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Share this post


Link to post
Share on other sites

Page 2 of 3 new logs

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Sunday, August 13, 2006 2:54:56 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R117 03.08.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Suggestor(TAC index:10):1 total references

DSSAgent(TAC index:8):1 total references

MRU List(TAC index:0):30 total references

Prutect(TAC index:8):11 total references

Spyware.E2Give(TAC index:10):14 total references

Tracking Cookie(TAC index:3):2 total references

Win32.Generic.PWS(TAC index:10):22 total references

Windows(TAC index:3):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

8-13-2006 2:54:56 PM - Scan started. (Smart mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 1088

ThreadCreationTime : 8-13-2006 9:21:31 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1156

ThreadCreationTime : 8-13-2006 9:21:34 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1184

ThreadCreationTime : 8-13-2006 9:21:39 PM

BasePriority : High

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1240

ThreadCreationTime : 8-13-2006 9:21:42 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1252

ThreadCreationTime : 8-13-2006 9:21:42 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1436

ThreadCreationTime : 8-13-2006 9:21:46 PM

BasePriority : Normal

FileVersion : 6.14.10.4116

ProductVersion : 6.14.10.4116

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1464

ThreadCreationTime : 8-13-2006 9:21:46 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1556

ThreadCreationTime : 8-13-2006 9:21:47 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1656

ThreadCreationTime : 8-13-2006 9:21:47 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\System32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\System32\inicfg32.dll)

 

 

#:10 [incdsrv.exe]

FilePath : C:\Program Files\Ahead\InCD\

ProcessID : 1688

ThreadCreationTime : 8-13-2006 9:21:48 PM

BasePriority : Normal

FileVersion : 4, 3, 20, 1

ProductVersion : 4, 3, 20, 1

ProductName : Nero AG incdsrv

CompanyName : Nero AG

FileDescription : incdsrv

InternalName : incdsrv

LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Nero AG

OriginalFilename : incdsrv.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1844

ThreadCreationTime : 8-13-2006 9:21:50 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:12 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1924

ThreadCreationTime : 8-13-2006 9:21:51 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:13 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1988

ThreadCreationTime : 8-13-2006 9:21:51 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:14 [sndsrvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 2036

ThreadCreationTime : 8-13-2006 9:21:52 PM

BasePriority : Normal

FileVersion : 5.5.1.6

ProductVersion : 5.5

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation

OriginalFilename : SndSrvc.exe

 

#:15 [spbbcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\

ProcessID : 160

ThreadCreationTime : 8-13-2006 9:21:52 PM

BasePriority : Normal

FileVersion : 1,0,1,47

ProductVersion : 1,0,1,47

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:16 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 196

ThreadCreationTime : 8-13-2006 9:21:52 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:17 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 472

ThreadCreationTime : 8-13-2006 9:21:53 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:18 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 604

ThreadCreationTime : 8-13-2006 9:21:59 PM

BasePriority : Normal

FileVersion : 3.0.0.171

ProductVersion : 3.0.0.171

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2005 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

Warning! "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"Process could not be terminated!

 

#:19 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

ProcessID : 660

ThreadCreationTime : 8-13-2006 9:22:00 PM

BasePriority : Normal

FileVersion : 11.0.16.2

ProductVersion : 11.0.16

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:20 [npfmntor.exe]

FilePath : C:\Program Files\Norton AntiVirus\IWP\

ProcessID : 728

ThreadCreationTime : 8-13-2006 9:22:03 PM

BasePriority : Normal

FileVersion : 11.0.16.2

ProductVersion : 11.0.16

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Firewall Install Monitor

InternalName : NPFMonitor

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NPFMonitor.EXE

 

#:21 [starwindservice.exe]

FilePath : C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\

ProcessID : 820

ThreadCreationTime : 8-13-2006 9:22:03 PM

BasePriority : Normal

FileVersion : 2.6.1 Build 0x20050401

ProductVersion : 2.6.1 Build 0x20050401

ProductName : StarWind

CompanyName : Rocket Division Software

FileDescription : StarWind iSCSI Target (Alcohol Edition)

InternalName : StarWind

LegalCopyright : Copyright © Rocket Division Software 2003-2005. All rights reserved.

OriginalFilename : StarWind

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"Process terminated successfully

 

#:22 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 900

ThreadCreationTime : 8-13-2006 9:22:03 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:23 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 924

ThreadCreationTime : 8-13-2006 9:22:03 PM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\system32\wdfmgr.exe"Process terminated successfully

 

#:24 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1872

ThreadCreationTime : 8-13-2006 9:22:16 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:25 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2904

ThreadCreationTime : 8-13-2006 9:24:33 PM

BasePriority : Normal

FileVersion : 6.14.10.4116

ProductVersion : 6.14.10.4116

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:26 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 3188

ThreadCreationTime : 8-13-2006 9:24:37 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

Spyware.E2Give Object Recognized!

Type : Process

Data : IeBHOs.dll

TAC Rating : 10

Category : Malware

Comment : (CSI MATCH)

Object : C:\Program Files\E2G\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

Warning! Spyware.E2Give Object found in memory(C:\Program Files\E2G\IeBHOs.dll)

 

 

#:27 [soundman.exe]

FilePath : C:\WINDOWS\

ProcessID : 3652

ThreadCreationTime : 8-13-2006 9:24:47 PM

BasePriority : Normal

FileVersion : 5.1.0.30

ProductVersion : 5.1.0.29

ProductName : Realtek Sound Manager

CompanyName : Realtek Semiconductor Corp.

FileDescription : Realtek Sound Manager

InternalName : ALSMTray

LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.

OriginalFilename : ALSMTray.exe

Comments : Realtek AC97 Audio Sound Manager

 

#:28 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3660

ThreadCreationTime : 8-13-2006 9:24:49 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:29 [atiptaxx.exe]

FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\

ProcessID : 3672

ThreadCreationTime : 8-13-2006 9:24:51 PM

BasePriority : Normal

FileVersion : 6.14.10.5155

ProductVersion : 6.14.10.5155

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:30 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 3688

ThreadCreationTime : 8-13-2006 9:24:54 PM

BasePriority : Normal

FileVersion : 103.0.7.2

ProductVersion : 103.0.7.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:31 [ltmsg.exe]

FilePath : C:\WINDOWS\

ProcessID : 3720

ThreadCreationTime : 8-13-2006 9:24:56 PM

BasePriority : Normal

FileVersion : 3, 0, 0, 4

ProductVersion : 3, 0, 0, 4

ProductName : Agere Systems ltmsg

CompanyName : Agere Systems

FileDescription : ltmsg

InternalName : ltmsg

LegalCopyright : Copyright © 2003

OriginalFilename : ltmsg.exe

Comments : Messaging application for Agere Win Modem

 

#:32 [shwicon2k.exe]

FilePath : C:\Program Files\Multimedia Card Reader\

ProcessID : 3828

ThreadCreationTime : 8-13-2006 9:24:57 PM

BasePriority : Idle

FileVersion : 1, 4, 0, 8

ProductVersion : 1, 4, 0, 8

ProductName : Multimedia Card Reader

CompanyName : Alcor Micro, Corp.

FileDescription : Sunkist

InternalName : Sunkist

LegalCopyright : Copyright c 2002

OriginalFilename : Sunkist.exe

Comments : 6362 4.5 Slot 2000/XP

 

#:33 [vbptask.exe]

FilePath : C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\

ProcessID : 3900

ThreadCreationTime : 8-13-2006 9:24:59 PM

BasePriority : Normal

FileVersion : 2, 0, 0, 0

ProductVersion : 2, 0, 0, 0

ProductName : VBPTask Application

CompanyName : FarStone Tech. Inc.

FileDescription : VBPTask MFC Application

InternalName : VBPTask

LegalCopyright : Copyright © 2000-2002 FarStone Tech. Inc.

OriginalFilename : VBPTask.EXE

 

#:34 [powers.exe]

FilePath : C:\WINDOWS\

ProcessID : 4092

ThreadCreationTime : 8-13-2006 9:25:01 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : prolink test

CompanyName : prolink

FileDescription : test

InternalName : test

LegalCopyright : Copyright c 2001

OriginalFilename : test.exe

 

#:35 [onetou~2.exe]

FilePath : C:\PROGRA~1\VISION~1\

ProcessID : 408

ThreadCreationTime : 8-13-2006 9:25:02 PM

BasePriority : Normal

FileVersion : 3, 1, 3, 2

ProductVersion : 3, 1, 3, 2

ProductName : OneTouch Module

CompanyName : Visioneer Inc

FileDescription : OneTouch Module

InternalName : OneTouch Module

LegalCopyright : Copyright 1997 - 2002

LegalTrademarks : Visioneer owns all rights to this Module

OriginalFilename : OneTouch Module

Comments : Part of the OneTouch package

 

#:36 [tgcmd.exe]

FilePath : C:\Program Files\support.com\bin\

ProcessID : 520

ThreadCreationTime : 8-13-2006 9:25:03 PM

BasePriority : Normal

FileVersion : 5,5,402,0

ProductVersion : 5,5,402,0

ProductName : Support.com Scheduler and Command Dispatcher

CompanyName : Support.com, Inc.

FileDescription : Support.com Scheduler and Command Dispatcher

InternalName : TGCMD

LegalCopyright : Copyright 1997-2069 Support.com

OriginalFilename : TGCMD.EXE

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:37 [e_fati9ha.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 596

ThreadCreationTime : 8-13-2006 9:25:09 PM

BasePriority : Normal

FileVersion : 3.00

ProductVersion : 3.00

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S5I2H1

LegalCopyright : Copyright © SEIKO EPSON CORP. 2004

OriginalFilename : E_S5I2H1.EXE

 

#:38 [em_exec.exe]

FilePath : C:\Program Files\Logitech\MouseWare\system\

ProcessID : 1444

ThreadCreationTime : 8-13-2006 9:25:09 PM

BasePriority : Normal

FileVersion : 9.79.025

ProductVersion : 9.79.025

ProductName : MouseWare

CompanyName : Logitech Inc.

FileDescription : Logitech Events Handler Application

InternalName : Em_Exec

LegalCopyright : © 1987-2003 Logitech. All rights reserved.

LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.

OriginalFilename : Em_Exec.exe

Comments : Created by the MouseWare team

 

#:39 [incd.exe]

FilePath : C:\Program Files\Ahead\InCD\

ProcessID : 988

ThreadCreationTime : 8-13-2006 9:25:12 PM

BasePriority : Normal

FileVersion : 4, 3, 20, 1

ProductVersion : 4, 3, 20, 1

ProductName : Nero AG InCD

CompanyName : Nero AG

FileDescription : InCD

InternalName : InCD

LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.

LegalTrademarks : InCD is a trademark of Nero AG

OriginalFilename : InCD.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Ahead\InCD\InCD.exe"Process terminated successfully

 

#:40 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_07\bin\

ProcessID : 2072

ThreadCreationTime : 8-13-2006 9:25:17 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"Process terminated successfully

 

#:41 [fhsxc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 704

ThreadCreationTime : 8-13-2006 9:25:20 PM

BasePriority : Normal

 

 

#:42 [issch.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 1596

ThreadCreationTime : 8-13-2006 9:25:23 PM

BasePriority : Normal

FileVersion : 3, 10, 100, 1155

ProductVersion : 3, 10

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : issch.exe

 

#:43 [ahnciup.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2328

ThreadCreationTime : 8-13-2006 9:25:23 PM

BasePriority : Normal

 

 

#:44 [liveupdate.exe]

FilePath : C:\Program Files\LiveUpdate\

ProcessID : 2176

ThreadCreationTime : 8-13-2006 9:25:26 PM

BasePriority : Normal

FileVersion : 1.0.0.0

ProductVersion : 1.0.0.0

ProductName : LiveUpdate

FileDescription : LiveUpdate

InternalName : LiveUpdate.exe

LegalCopyright : © 2003-2004. All rights reserved.

OriginalFilename : LiveUpdate.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

 

#:45 [ssqbn.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2684

ThreadCreationTime : 8-13-2006 9:25:29 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\system32\ssqbn.exe"Process terminated successfully

 

#:46 [lt.exe]

FilePath : C:\WINDOWS\

ProcessID : 2716

ThreadCreationTime : 8-13-2006 9:25:29 PM

BasePriority : Normal

 

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

 

"C:\WINDOWS\lt.exe"Process terminated successfully

 

#:47 [wkcalrem.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\

ProcessID : 2812

ThreadCreationTime : 8-13-2006 9:25:32 PM

BasePriority : Normal

FileVersion : 5.00.1928.1

ProductVersion : 5.00.1928.1

ProductName : Microsoft® Works 2000

CompanyName : Microsoft® Corporation

FileDescription : Microsoft® Works Calendar Reminder Service

InternalName : WkCalRem

LegalCopyright : © 1999 Microsoft Corp. All rights reserved.

OriginalFilename : WKCALREM.EXE

 

#:48 [usbshare.exe]

FilePath : C:\Program Files\USB Sharing\

ProcessID : 2824

ThreadCreationTime : 8-13-2006 9:25:32 PM

BasePriority : Normal

 

 

#:49 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3448

ThreadCreationTime : 8-13-2006 9:52:09 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:50 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 4008

ThreadCreationTime : 8-13-2006 9:54:22 PM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

Win32.Generic.PWS Object Recognized!

Type : Process

Data : inicfg32.dll

TAC Rating : 10

Category : Monitoring Tool

Comment : iniwin32.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Win32.Generic.PWS Object found in memory(C:\WINDOWS\system32\inicfg32.dll)

Share this post


Link to post
Share on other sites

Page 3 of 3 updated logs

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 23

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value :

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value : AppID

 

Prutect Object Recognized!

Type : RegValue

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

Value : AppID3

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : appid\iebhos.dll

 

Adware.Suggestor Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Adware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e2a3e7-00fe-4d31-a030-a10799ddca66}

 

DSSAgent Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\broderbund software\dss

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{3643abc2-21bf-46b9-b230-f247db0c6fd6}

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe, c:\windows\system32\lcewx.exe

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe, c:\windows\system32\lcewx.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 13

Objects found so far: 36

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 36

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:[email protected]/

Expires : 8-13-2007 2:27:06 PM

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:[email protected]/

Expires : 8-13-2006 2:42:14 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 38

 

 

 

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38

 

Disk Scan Result for C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38

 

Disk Scan Result for C:\DOCUME~1\Owner\LOCALS~1\Temp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 38

 

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Owner\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\mediaplayer\medialibraryui

Description : last selected node in the microsoft windows media player media library

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru

Description : list of recent documents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\nico mak computing\winzip\filemenu

Description : winzip recently used archives

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-85444812-973321435-2542772299-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : iebhos.control

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : iebhos.control.1

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\classes\appid\iebhos.dll

 

Spyware.E2Give Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

 

Spyware.E2Give Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : checkStarted

 

Spyware.E2Give Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : id

 

Spyware.E2Give Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : lastBuild

 

Spyware.E2Give Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : lastCheck

 

Spyware.E2Give Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : lastMerchant

 

Spyware.E2Give Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\e2g

Value : lastReplacement

 

Spyware.E2Give Object Recognized!

Type : Folder

TAC Rating : 10

Category : Malware

Comment : Spyware.E2Give

Object : C:\Program Files\E2G

 

Prutect Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\downloadmanager

 

Prutect Object Recognized!

Type : File

Data : data19

TAC Rating : 8

Category : Malware

Comment :

Object : C:\Program Files\e2g\

 

 

 

Prutect Object Recognized!

Type : File

Data : IeBHOs.dll

TAC Rating : 8

Category : Malware

Comment :

Object : C:\Program Files\e2g\

FileVersion : 1.0.0.1

ProductVersion : 1.0.0.1

ProductName : e2g plugin

CompanyName : e2give, LLC

FileDescription : http://e2give.com/license.html

InternalName : IeBHOs.dll

LegalCopyright : Copyright © 2003 e2give, LLC

OriginalFilename : IeBHOs.dll

Comments : e2g plugin

 

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 14

Objects found so far: 82

 

2:57:00 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:02:04.31

Objects scanned:89317

Objects identified:29

Objects ignored:0

New critical objects:29

Share this post


Link to post
Share on other sites

Was there ever a response to this posting? I've got the same exact problem on one of my PC's. I can usually resolve most of them myself using the info I find in these postings, but this one is kicking me hard. This is the only posting I've found that describes my problem. It usually starts out with pop-ups resembling system notifications for WinAntiVirus and then others appear.

Any help?

Please?

Share this post


Link to post
Share on other sites
Was there ever a response to this posting? I've got the same exact problem on one of my PC's. I can usually resolve most of them myself using the info I find in these postings, but this one is kicking me hard. This is the only posting I've found that describes my problem. It usually starts out with pop-ups resembling system notifications for WinAntiVirus and then others appear.

Any help?

Please?

NOT YET ??

Share this post


Link to post
Share on other sites

Started this post on August 3 2006, reposted HiJack and Ad Aware Log files on August 13, 2006 with 271 Views with no responce for help-- what is wrong.

 

Help

Having a problem with pop-ups and been high jacket

 

In Internet properties I have turn up the security, blocked pop-ups and when pop-ups show up I add them to the security-restricted sites. The pop-ups still get through.

I am running Ad-Aware SE Built 1.06r1 with Norton’s 2005 anti-virus on Windows XP Home Edition, Pentium ® 4 CPU 3.2 and 1.5 GB Ram.

Any help would be appreciated

yourgo

 

Here is the last HiJack file

 

Logfile of HijackThis v1.99.1

Scan saved at 10:11:39 AM, on 8/16/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\PowerS.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\support.com\bin\tgcmd.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\WINDOWS\system32\fhsxc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ahnciup.exe

C:\Program Files\LiveUpdate\LiveUpdate.exe

C:\WINDOWS\system32\ssqbn.exe

C:\WINDOWS\lt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\USB Sharing\usbshare.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows NT\Accessories\wordpad.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Owner\My Documents\Reg files backup\Unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\lcewx.exe

F2 - REG:system.ini: UserInit=userinit.exe,vwlbilx.exe

O2 - BHO: (no name) - {05C71219-7DFB-40ED-B08C-6B77106CE094} - \

O2 - BHO: (no name) - {06834924-FCC6-4EE4-AA16-8341C4155CDF} - \

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1037EBFD-6512-4D0C-8C94-9315CA0ADFA0} - \

O2 - BHO: (no name) - {136CA9A3-DDA5-4339-91C1-BE219B65DC10} - \

O2 - BHO: (no name) - {157C2528-2438-471F-98D0-78FA7B4B3164} - \

O2 - BHO: (no name) - {15916AE8-F06D-4B44-BABA-9E2AB84D62A4} - \

O2 - BHO: (no name) - {1D7FE75A-4D03-46EF-B3C8-7777C79CF2C5} - \

O2 - BHO: (no name) - {1FA4997A-3465-40F5-BC93-7352A3F5EF44} - \

O2 - BHO: (no name) - {22F9438A-2108-4523-9E31-5291E9E61152} - \

O2 - BHO: (no name) - {239CEDDB-9880-4FC9-A4EF-3B4D0F2DFE5A} - \

O2 - BHO: (no name) - {2502D022-A346-4EA0-AC15-9AE074C719DF} - \

O2 - BHO: (no name) - {2AB59C0D-1C2B-4EB3-96AA-D8B6AB06D605} - \

O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing)

O2 - BHO: (no name) - {31B96F13-F1B0-4770-A549-4DC3366AB652} - \

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)

O2 - BHO: (no name) - {36B4A6CA-3E99-4DC8-94BD-BBA10781800A} - \

O2 - BHO: (no name) - {39E8F359-6AC8-4355-8CA5-5FA7F7DB7082} - \

O2 - BHO: (no name) - {4C03EAED-0878-4431-B04E-ED51A5C4931F} - \

O2 - BHO: (no name) - {50023994-0052-488C-97E5-EEBCBCBBB890} - \

O2 - BHO: (no name) - {55E84824-1536-4166-AF04-F4F8CF5A5A32} - \

O2 - BHO: (no name) - {59ECEFE8-529D-4F37-A875-1C839A7AD588} - \

O2 - BHO: (no name) - {5B460B70-F18A-4FCA-A3B4-4E8526A2C677} - \

O2 - BHO: (no name) - {5CF4399C-E4C4-4145-8FD4-CCB056C4146F} - \

O2 - BHO: (no name) - {5D99EB38-8A66-4E9F-9C5A-88F019DC67C3} - \

O2 - BHO: (no name) - {5E06417A-6D9A-4175-A396-31C1A62595C5} - \

O2 - BHO: (no name) - {61343D0C-96D3-4751-A3DB-8AC55AEF2514} - \

O2 - BHO: (no name) - {6809F49C-91FF-4C6A-930C-4133C0560C9B} - \

O2 - BHO: (no name) - {6CF15DC6-D2FB-4C11-86ED-92695DB0869D} - \

O2 - BHO: (no name) - {6D20B913-1015-404F-AFB5-CC6C269D8DB9} - \

O2 - BHO: (no name) - {70D5F022-D06E-4391-A7A5-28038CA4278B} - \

O2 - BHO: (no name) - {710A3317-8AE9-4C41-BEC1-8FFEA685E0E5} - \

O2 - BHO: (no name) - {73929110-C28E-45FA-A186-1AD803C3AB88} - \

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {77645659-E995-476F-9EEA-EF66CB337923} - \

O2 - BHO: (no name) - {79AF64F9-C068-4C57-BEDF-B42AB1010DAB} - \

O2 - BHO: (no name) - {7D0E6F57-D1EC-4302-8151-96D7984064F9} - \

O2 - BHO: (no name) - {7D319439-0652-4DC9-B9D9-A93E03FC378E} - \

O2 - BHO: (no name) - {7EAB2908-05B0-4632-B4C4-E055BAEB2B70} - \

O2 - BHO: (no name) - {81DE53D2-9326-4232-9B61-8ACAC983687F} - \

O2 - BHO: (no name) - {88B29F86-B123-4A1D-AC8A-BC5E476B4ED5} - \

O2 - BHO: (no name) - {89182C57-0972-4BFD-8381-AE60A527759A} - \

O2 - BHO: (no name) - {900F4D3A-8E01-4DE0-95C0-8D62CA674AC5} - \

O2 - BHO: (no name) - {965ED5FB-46D5-4040-9286-E9079FF45D79} - \

O2 - BHO: (no name) - {96EE8C64-4CBD-4848-ADC6-4560B7BAE07C} - \

O2 - BHO: (no name) - {9EB4825F-198F-4822-911B-2C2A8E433EB2} - \

O2 - BHO: (no name) - {A1907A48-6908-4A3A-A7DA-DA8CA18F9308} - \

O2 - BHO: (no name) - {A546E737-26BE-4FD6-9021-229339B57221} - \

O2 - BHO: (no name) - {A71302EB-A07D-4AF4-9329-15F86DACE3C5} - \

O2 - BHO: (no name) - {A84E4EC5-4B1F-48A2-AA22-46FDFECD20E4} - \

O2 - BHO: (no name) - {AA1C28F3-B027-4F61-9EC4-F71CACB15D04} - \

O2 - BHO: (no name) - {AA9A40F8-C591-4E66-8378-3CB69DB2F51B} - \

O2 - BHO: (no name) - {ACB2584E-54B2-4D80-B5C3-521F3F1A934B} - \

O2 - BHO: (no name) - {AE2CE19E-D46C-4D9C-ADCE-40D6CB60F634} - \

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BE9846B8-DE47-4D96-B318-EF475188E45C} - \

O2 - BHO: (no name) - {BF53CA70-E9F8-47C1-9729-EAAA92A6B607} - \

O2 - BHO: (no name) - {C8D4DE31-C023-4ECB-85C6-7667DCDEA6A9} - \

O2 - BHO: (no name) - {C9AEF489-05DF-48F8-A8CF-3C7E7A86BFFF} - \

O2 - BHO: (no name) - {D134F6EA-8DD0-4FB8-9BA7-31344FF85DAC} - \

O2 - BHO: (no name) - {D2E5F30C-6ABB-452D-ABCE-1CFBD3985AB6} - \

O2 - BHO: (no name) - {D4D34DC9-3736-41CC-92EE-802FD14755F7} - \

O2 - BHO: Kweaj Class - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINDOWS\system32\ubbv.dll

O2 - BHO: (no name) - {E0AB8770-43C1-4001-89CB-748438B04E10} - \

O2 - BHO: (no name) - {E2410C85-300C-46DC-AD65-BD2DA8D89D67} - C:\Program Files\Online Services\megobapu.dll (file missing)

O2 - BHO: (no name) - {E4B4C422-3BBA-4FAF-9B90-C2FA078B7E93} - \

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O2 - BHO: (no name) - {E603928A-19F9-458B-87B5-3996AF6224C9} - \

O2 - BHO: (no name) - {E8EF7E19-39DA-4EE2-8491-02981A8F8D1E} - \

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {ED15F27D-203E-4FE5-BDEC-82218C8596D6} - \

O2 - BHO: (no name) - {F12A651C-6F37-4496-BF20-8769BBDF5711} - \

O2 - BHO: (no name) - {F5316453-7044-4DD9-94AA-3D366F4A9C6B} - \

O2 - BHO: (no name) - {F9213D09-4560-4564-BE2D-D7E8784C1AB8} - \

O2 - BHO: (no name) - {FC9BAC61-0746-4A3F-A64C-8B4B091170D3} - \

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\system32\fhsxc.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe

O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe

O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe

O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: USB Sharing.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07b430cd786595...tzip/RdxIE6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B604433A-5764-450A-BF5D-71FE9DDB8657}: NameServer = 192.168.0.1

O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\system32\ubbv.dll

O20 - AppInit_DLLs: inicfg32.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Share this post


Link to post
Share on other sites

Hi yourgo,

 

Apologies for the late reply, we've been quite swamped in here as you can probably see.

 

I don't know how your topic was inadvertently missed!

 

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

 

This is quite a mess, unfortunately. Some of these infections are the hardest to remove and will require some special tools. Let's start with this one

 

1. Download this file - combofix.exe

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

2. Double click on combofix.exe & follow the prompts.

 

Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)

Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)

 

Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.

 

3. When finished, it shall produce a log for you. Post that log in your next reply

Share this post


Link to post
Share on other sites
Hi yourgo,

 

Apologies for the late reply, we've been quite swamped in here as you can probably see.

 

I don't know how your topic was inadvertently missed!

 

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

 

This is quite a mess, unfortunately. Some of these infections are the hardest to remove and will require some special tools. Let's start with this one

 

1. Download this file - combofix.exe

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

2. Double click on combofix.exe & follow the prompts.

 

Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)

Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)

 

Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.

 

3. When finished, it shall produce a log for you. Post that log in your next reply

ComboFix_Aug_17_2006.txt

Share this post


Link to post
Share on other sites

Hi

Thanks for the responce. I thought I was doing something wrong.

 

Owner*Administrators - 06-08-17 9:15:47.31

ComboFix 06.08.17 - Running from: C:\Documents and Settings\Owner\Desktop

 

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *

 

 

O4 - HKCU\...\Run C:\WINDOWS\system32\usnsxg.exe

O4 - HKLM\...\Run C:\WINDOWS\system32\usnsxg.exe

F2 -REG:system.ini: Shell C:\WINDOWS\system32\lcewx.exe

F2 -REG:system.ini: UserInit C:\WINDOWS\system32\vwlbilx.exe

 

 

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

2006-08-17 09:05 289 --a------ C:\WINDOWS\snuao.dll

2006-08-15 13:16 127488 --a------ C:\WINDOWS\system32\apcvj.dat

2006-07-25 16:55 48193 --a------ C:\WINDOWS\system32\VSL13.exe

2006-07-25 16:55 38412 --a------ C:\WINDOWS\system32\ssqbn.exe

2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-07-20 13:35 52 --a------ C:\WINDOWS\vwepbn.dat

2006-07-20 13:35 51712 --a------ C:\WINDOWS\system32\bansooj.dll

2006-07-20 13:35 380928 --a------ C:\WINDOWS\system32\WinNB58.dll

2006-07-20 13:35 28672 --a------ C:\WINDOWS\system32\lcewx.exe

2006-07-20 13:35 127488 --a------ C:\WINDOWS\system32\usnsxg.exe

2006-07-20 13:35 127488 --a------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\maate.exe

2006-07-13 15:13 1163264 --a------ C:\WINDOWS\system32\fhsxc.exe

 

 

* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *

 

 

2006-07-20 13:35 127488 C:\WINDOWS\system32\usnsxg.exe

2006-07-20 13:35 51712 C:\WINDOWS\system32\bansooj.dll

2006-07-20 13:35 23552 C:\WINDOWS\system32\vwlbilx.exe

2006-07-20 13:35 127488 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\maate.exe

2006-08-17 09:05 289 C:\WINDOWS\snuao.dll

2006-08-15 13:16 127488 C:\WINDOWS\system32\apcvj.dat

2006-07-20 13:35 28672 C:\WINDOWS\system32\lcewx.exe

 

 

* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

06-07-20 13:35 127488 maate.exe.qoo

06-07-20 13:35 127488 usnsxg.exe.qoo

06-08-15 13:16 127488 apcvj.dat.qoo

06-07-20 13:35 51712 bansooj.dll.qoo

06-07-20 13:35 28672 lcewx.exe.qoo

06-08-17 09:05 289 snuao.dll.qoo

06-07-20 13:35 52 vwepbn.dat.qoo

 

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO

 

 

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\inicfg32.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\icon_mediamotor.exe

C:\WINDOWS\media_motor_bundle.exe

C:\WINDOWS\system32\ts_mediamotor.exe

 

 

((((((((((((((((((((((((((((((( Files Created from 2006-07-17 to 2006-08-17 ))))))))))))))))))))))))))))))))))

 

 

2006-08-14 08:46 78,488 C:\WINDOWS\system32\XMD5.dll

2006-08-14 08:46 101,888 C:\WINDOWS\system32\vb6stkit.dll

2006-07-25 16:55 48,193 C:\WINDOWS\system32\VSL13.exe

2006-07-25 16:55 38,412 C:\WINDOWS\system32\ssqbn.exe

2006-07-21 10:15 221,184 C:\WINDOWS\system32\wmpns.dll

2006-07-20 13:39 45,996 C:\WINDOWS\system32\UnIrimon.exe

2006-07-20 13:36 45,056 C:\WINDOWS\system32tfthot.exe

2006-07-20 13:36 36,864 C:\WINDOWS\system32\ahnciup.exe

2006-07-20 13:36 28,672 C:\WINDOWS\system32\iqrdy2c1.exe

2006-07-20 13:36 221,184 C:\WINDOWS\system32\ubbv.dll

2006-07-20 13:36 1,163,264 C:\WINDOWS\system32\fhsxc.exe

2006-07-20 13:35 380,928 C:\WINDOWS\system32\WinNB58.dll

2006-07-20 13:35 32,976 C:\WINDOWS\system32\uninstIcn.exe

2006-07-20 13:35 23,552 C:\WINDOWS\system32\vwlbilx.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-08-17 08:57 -------- d-------- C:\Program Files\Common Files

2006-08-15 12:59 28672 --a------ C:\WINDOWS\system32\iqrdy2c1.exe

2006-08-15 12:59 221184 --a------ C:\WINDOWS\system32\ubbv.dll

2006-08-15 09:15 -------- d-------- C:\Program Files\Internet Explorer

2006-08-14 09:03 -------- d-------- C:\Program Files\SpywareBot

2006-08-11 17:10 -------- d-------- C:\Program Files\Morpheus

2006-08-11 17:10 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-08-11 15:39 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-08-01 14:11 -------- d-------- C:\Program Files\Norton AntiVirus

2006-08-01 12:43 -------- d-------- C:\Program Files\Common Files\Roxio Shared

2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-26 15:36 -------- d-------- C:\Program Files\Windows Media Connect 2

2006-07-26 15:07 -------- d-------- C:\Program Files\Microsoft Office

2006-07-26 15:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-07-25 20:34 -------- d-------- C:\Program Files\MSN

2006-07-25 20:33 -------- d-------- C:\Program Files\Online Services

2006-07-25 16:55 48193 --a------ C:\WINDOWS\system32\VSL13.exe

2006-07-25 16:55 38412 --a------ C:\WINDOWS\system32\ssqbn.exe

2006-07-25 16:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\System Restore

2006-07-22 15:43 -------- d-------- C:\Documents and Settings\Owner\Application Data\Roxio

2006-07-22 14:35 -------- d-------- C:\Program Files\Sonic

2006-07-22 14:35 -------- d-------- C:\Program Files\Common Files\Sonic Shared

2006-07-22 14:28 -------- d-------- C:\Program Files\DivX

2006-07-22 14:20 -------- d-------- C:\Documents and Settings\Owner\Application Data\Vso

2006-07-21 16:01 -------- d-------- C:\Program Files\Symantec

2006-07-21 15:49 -------- d-------- C:\Program Files\SymNetDrv

2006-07-21 15:26 -------- d-------- C:\Program Files\Azureus

2006-07-21 15:24 -------- d-------- C:\Program Files\AviSynth 2.5

2006-07-21 09:13 -------- d-------- C:\Program Files\Alcohol Soft

2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-07-20 20:14 25 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini

2006-07-20 20:14 1070 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log

2006-07-20 13:40 32976 --a------ C:\WINDOWS\system32\uninstIcn.exe

2006-07-20 13:39 45996 --a------ C:\WINDOWS\system32\UnIrimon.exe

2006-07-20 13:36 45056 --a------ C:\WINDOWS\system32tfthot.exe

2006-07-20 13:36 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb41.dat

2006-07-20 13:35 380928 --a------ C:\WINDOWS\system32\WinNB58.dll

2006-07-20 13:35 23552 --a------ C:\WINDOWS\system32\vwlbilx.exe

2006-07-19 13:01 -------- d-------- C:\Program Files\Microsoft Picture It! PhotoPub

2006-07-16 15:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft

2006-07-16 15:05 -------- d-------- C:\Program Files\Lavasoft

2006-07-15 09:40 -------- d-------- C:\Program Files\Windows Media Connect

2006-07-13 15:13 36864 --a------ C:\WINDOWS\system32\ahnciup.exe

2006-07-13 15:13 1163264 --a------ C:\WINDOWS\system32\fhsxc.exe

2006-07-13 11:53 -------- d--h----- C:\Program Files\Zero G Registry

2006-07-13 11:53 -------- d-------- C:\Program Files\THQ

2006-07-12 18:37 -------- d-------- C:\Program Files\epson

2006-07-11 17:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia

2006-07-10 17:15 -------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus

2006-07-10 13:31 -------- d-------- C:\Program Files\Java

2006-07-10 13:31 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun

2006-07-10 13:27 -------- d-------- C:\Program Files\Common Files\Java

2006-07-07 22:19 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys

2006-07-07 22:19 -------- d-------- C:\Program Files\vso

2006-07-07 21:30 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft

2006-07-06 18:21 5347232 --a------ C:\WebCleaner.dll

2006-07-06 12:17 -------- d-------- C:\Program Files\Common Files\Logitech

2006-07-06 12:16 -------- d-------- C:\Program Files\Logitech

2006-06-27 12:57 -------- d-------- C:\Documents and Settings\Owner\Application Data\Walgreens

2006-06-20 20:18 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition

2006-06-18 10:38 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2006-06-18 10:30 -------- d-------- C:\Program Files\Common Files\InstallShield

2006-06-17 20:53 -------- d-------- C:\Program Files\Microsoft Digital Image 2006

2006-06-07 10:55 3753 --a------ C:\Program Files\html2.htm

2006-06-07 10:55 3626 --a------ C:\Program Files\html1.htm

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE"

"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"farstone"=""

"LTMSG"="LTMSG.exe 7"

"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"

"RestoreIT!"="\"C:\\Program Files\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart"

"PowerS"="C:\\WINDOWS\\PowerS.exe"

"OneTouch Monitor"="C:\\PROGRA~1\\VISION~1\\ONETOU~2.EXE"

"tgcmd"="\"C:\\Program Files\\support.com\\bin\\tgcmd.exe\" /server"

"Logitech Utility"="Logi_MwX.Exe"

"EPSON Stylus Photo RX620 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9HA.EXE /P31 \"EPSON Stylus Photo RX620 Series\" /O6 \"USB002\" /M \"Stylus Photo RX620\""

"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"

"tSdURg2"="\"C:\\WINDOWS\\system32\\fhsxc.exe\""

"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"

"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DSS]

@="C:\\WINDOWS\\\\BBStore\\DSS\\dssagent.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

@=""

"BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"

"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Comcast\\COMCAS~2\\data\\Xtras\\mssysmgr.exe"

"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"

"PPWebCap"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"

"irssyncd"="C:\\WINDOWS\\system32\\irssyncd.exe"

"wallp2.exe"="C:\\WINDOWS\\system32\\wallp2.exe"

"VSL13.exe"="C:\\WINDOWS\\system32\\VSL13.exe"

"ssqbn.exe"="C:\\WINDOWS\\system32\\ssqbn.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

"kbdauc"="C:\\WINDOWS\\system32\\kbdauc.exe"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips FunCam Monitor.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Philips FunCam Monitor.lnk"

"backup"="C:\\WINDOWS\\pss\\Philips FunCam Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\PHILIP~1\\FunCam\\PHILIP~1.EXE "

"item"="Philips FunCam Monitor"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TM Monitor.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TM Monitor.lnk"

"backup"="C:\\WINDOWS\\pss\\TM Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\ArcSoft\\TOTALM~1\\TMMONI~1.EXE "

"item"="TM Monitor"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NAV CfgWiz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CfgWiz"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\OM_Monitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="FirstStart"

"hkey"="HKLM"

"command"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"

"inimapping"="0"

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

 

Completion time: Thu 08/17/2006 9:25:53.40

ComboFix.txt

Share this post


Link to post
Share on other sites

That did some good, there is still a ton of hard to remove malware on there, I'm just going to keep tackling away.

 

Run this tool next and post the log it makes:

 

Please download E2TakeOut by RubbeR DuckY from here:

 

http://www.malwarebytes.org/E2TakeOut.zip

  • Extract the file to your Desktop
  • Double click E2TakeOut.exe
  • Click the Begin Removal button
  • Wait until the program is finished scanning
  • Once done, it will produce a popup stating that the infection has been found and you need to reboot you computer to complete the removal
  • Reboot your computer
  • Once your computer has rebooted E2TakeOut will open and produce a report
  • Please copy/paste that report into your next reply

......................

And then run this tool and post it's log also.

 

Please download VundoFix.exe

to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above

instructions starting from "Click the Scan for Vundo button." when

VundoFix appears at reboot.

 

And a fresh HijackThis log, and ComboFix log please.

 

So, logs needed in your next reply are:

 

E2Takeout report

 

VundoFix.txt

 

Fresh Hijackthis log (after the last tool run and reboot)

 

Fresh ComboFix log

Share this post


Link to post
Share on other sites

Hi again

 

Here you go. After the first ComboFix this takes over the Comcast.net home page.

http://banners.searchingbooth.com/advertpr...pid=0&w=250

I just klick back to Comcast.

 

 

E2TakeOut v1.01 [http://www.malwarebytes.org]

Removed orphaned leftovers

AppInit key reset

 

E2TakeOut v1.01 [http://www.malwarebytes.org]

 

Removed orphaned leftovers

AppInit key reset

 

 

VundoFix.exe

No infected files Found

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:32:44 AM, on 8/17/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\PowerS.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\support.com\bin\tgcmd.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\WINDOWS\system32\fhsxc.exe

C:\WINDOWS\system32\ahnciup.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\LiveUpdate\LiveUpdate.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\USB Sharing\usbshare.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Owner\My Documents\Reg files backup\Unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

O2 - BHO: (no name) - {05C71219-7DFB-40ED-B08C-6B77106CE094} - \

O2 - BHO: (no name) - {06834924-FCC6-4EE4-AA16-8341C4155CDF} - \

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1037EBFD-6512-4D0C-8C94-9315CA0ADFA0} - \

O2 - BHO: (no name) - {136CA9A3-DDA5-4339-91C1-BE219B65DC10} - \

O2 - BHO: (no name) - {157C2528-2438-471F-98D0-78FA7B4B3164} - \

O2 - BHO: (no name) - {15916AE8-F06D-4B44-BABA-9E2AB84D62A4} - \

O2 - BHO: (no name) - {1D7FE75A-4D03-46EF-B3C8-7777C79CF2C5} - \

O2 - BHO: (no name) - {1FA4997A-3465-40F5-BC93-7352A3F5EF44} - \

O2 - BHO: (no name) - {22F9438A-2108-4523-9E31-5291E9E61152} - \

O2 - BHO: (no name) - {239CEDDB-9880-4FC9-A4EF-3B4D0F2DFE5A} - \

O2 - BHO: (no name) - {2502D022-A346-4EA0-AC15-9AE074C719DF} - \

O2 - BHO: (no name) - {2AB59C0D-1C2B-4EB3-96AA-D8B6AB06D605} - \

O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing)

O2 - BHO: (no name) - {31B96F13-F1B0-4770-A549-4DC3366AB652} - \

O2 - BHO: (no name) - {36B4A6CA-3E99-4DC8-94BD-BBA10781800A} - \

O2 - BHO: (no name) - {39E8F359-6AC8-4355-8CA5-5FA7F7DB7082} - \

O2 - BHO: (no name) - {3C849F8B-BD59-4566-9084-FDD836F2AE62} - \

O2 - BHO: (no name) - {44840408-0404-0806-8420-628480066820} - C:\WINDOWS\aiqi.dll

O2 - BHO: (no name) - {4C03EAED-0878-4431-B04E-ED51A5C4931F} - \

O2 - BHO: (no name) - {50023994-0052-488C-97E5-EEBCBCBBB890} - \

O2 - BHO: (no name) - {55E84824-1536-4166-AF04-F4F8CF5A5A32} - \

O2 - BHO: (no name) - {59ECEFE8-529D-4F37-A875-1C839A7AD588} - \

O2 - BHO: (no name) - {5B460B70-F18A-4FCA-A3B4-4E8526A2C677} - \

O2 - BHO: (no name) - {5CF4399C-E4C4-4145-8FD4-CCB056C4146F} - \

O2 - BHO: (no name) - {5D99EB38-8A66-4E9F-9C5A-88F019DC67C3} - \

O2 - BHO: (no name) - {5E06417A-6D9A-4175-A396-31C1A62595C5} - \

O2 - BHO: (no name) - {61343D0C-96D3-4751-A3DB-8AC55AEF2514} - \

O2 - BHO: (no name) - {6809F49C-91FF-4C6A-930C-4133C0560C9B} - \

O2 - BHO: (no name) - {6B320178-E587-4916-B59C-29AC4F44D835} - \

O2 - BHO: (no name) - {6CF15DC6-D2FB-4C11-86ED-92695DB0869D} - \

O2 - BHO: (no name) - {6D20B913-1015-404F-AFB5-CC6C269D8DB9} - \

O2 - BHO: (no name) - {70D5F022-D06E-4391-A7A5-28038CA4278B} - \

O2 - BHO: (no name) - {710A3317-8AE9-4C41-BEC1-8FFEA685E0E5} - \

O2 - BHO: (no name) - {73929110-C28E-45FA-A186-1AD803C3AB88} - \

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {77645659-E995-476F-9EEA-EF66CB337923} - \

O2 - BHO: (no name) - {79AF64F9-C068-4C57-BEDF-B42AB1010DAB} - \

O2 - BHO: (no name) - {7D0E6F57-D1EC-4302-8151-96D7984064F9} - \

O2 - BHO: (no name) - {7D319439-0652-4DC9-B9D9-A93E03FC378E} - \

O2 - BHO: (no name) - {7EAB2908-05B0-4632-B4C4-E055BAEB2B70} - \

O2 - BHO: (no name) - {81DE53D2-9326-4232-9B61-8ACAC983687F} - \

O2 - BHO: (no name) - {88B29F86-B123-4A1D-AC8A-BC5E476B4ED5} - \

O2 - BHO: (no name) - {89182C57-0972-4BFD-8381-AE60A527759A} - \

O2 - BHO: (no name) - {900F4D3A-8E01-4DE0-95C0-8D62CA674AC5} - \

O2 - BHO: (no name) - {965ED5FB-46D5-4040-9286-E9079FF45D79} - \

O2 - BHO: (no name) - {96EE8C64-4CBD-4848-ADC6-4560B7BAE07C} - \

O2 - BHO: (no name) - {9EB4825F-198F-4822-911B-2C2A8E433EB2} - \

O2 - BHO: (no name) - {A1907A48-6908-4A3A-A7DA-DA8CA18F9308} - \

O2 - BHO: (no name) - {A546E737-26BE-4FD6-9021-229339B57221} - \

O2 - BHO: (no name) - {A71302EB-A07D-4AF4-9329-15F86DACE3C5} - \

O2 - BHO: (no name) - {A84E4EC5-4B1F-48A2-AA22-46FDFECD20E4} - \

O2 - BHO: (no name) - {AA1C28F3-B027-4F61-9EC4-F71CACB15D04} - \

O2 - BHO: (no name) - {AA9A40F8-C591-4E66-8378-3CB69DB2F51B} - \

O2 - BHO: (no name) - {ACB2584E-54B2-4D80-B5C3-521F3F1A934B} - \

O2 - BHO: (no name) - {AE2CE19E-D46C-4D9C-ADCE-40D6CB60F634} - \

O2 - BHO: (no name) - {BB406331-807E-4BCD-BD24-CA86710E56DC} - \

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {BE9846B8-DE47-4D96-B318-EF475188E45C} - \

O2 - BHO: (no name) - {BF53CA70-E9F8-47C1-9729-EAAA92A6B607} - \

O2 - BHO: (no name) - {C8D4DE31-C023-4ECB-85C6-7667DCDEA6A9} - \

O2 - BHO: (no name) - {C9AEF489-05DF-48F8-A8CF-3C7E7A86BFFF} - \

O2 - BHO: (no name) - {D134F6EA-8DD0-4FB8-9BA7-31344FF85DAC} - \

O2 - BHO: (no name) - {D2E5F30C-6ABB-452D-ABCE-1CFBD3985AB6} - \

O2 - BHO: (no name) - {D4D34DC9-3736-41CC-92EE-802FD14755F7} - \

O2 - BHO: Kweaj Class - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINDOWS\system32\ubbv.dll

O2 - BHO: (no name) - {E0AB8770-43C1-4001-89CB-748438B04E10} - \

O2 - BHO: (no name) - {E2410C85-300C-46DC-AD65-BD2DA8D89D67} - C:\Program Files\Online Services\megobapu.dll (file missing)

O2 - BHO: (no name) - {E4B4C422-3BBA-4FAF-9B90-C2FA078B7E93} - \

O2 - BHO: (no name) - {E5C9C09D-E502-450A-B723-66B3033B2852} - \

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O2 - BHO: (no name) - {E603928A-19F9-458B-87B5-3996AF6224C9} - \

O2 - BHO: (no name) - {E8EF7E19-39DA-4EE2-8491-02981A8F8D1E} - \

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {ED15F27D-203E-4FE5-BDEC-82218C8596D6} - \

O2 - BHO: (no name) - {F12A651C-6F37-4496-BF20-8769BBDF5711} - \

O2 - BHO: (no name) - {F5316453-7044-4DD9-94AA-3D366F4A9C6B} - \

O2 - BHO: (no name) - {F9213D09-4560-4564-BE2D-D7E8784C1AB8} - \

O2 - BHO: (no name) - {FC9BAC61-0746-4A3F-A64C-8B4B091170D3} - \

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\system32\fhsxc.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe

O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe

O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe

O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: USB Sharing.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07b430cd786595...tzip/RdxIE6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B604433A-5764-450A-BF5D-71FE9DDB8657}: NameServer = 192.168.0.1

O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\system32\ubbv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

 

 

Owner*Administrators - 06-08-17 11:34:36.51

ComboFix 06.08.17 - Running from: C:\Documents and Settings\Owner\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-17 to 2006-08-17 ))))))))))))))))))))))))))))))))))

 

 

2006-08-14 08:46 78,488 C:\WINDOWS\system32\XMD5.dll

2006-08-14 08:46 101,888 C:\WINDOWS\system32\vb6stkit.dll

2006-07-25 16:55 48,193 C:\WINDOWS\system32\VSL13.exe

2006-07-25 16:55 38,412 C:\WINDOWS\system32\ssqbn.exe

2006-07-21 10:15 221,184 C:\WINDOWS\system32\wmpns.dll

2006-07-20 13:39 45,996 C:\WINDOWS\system32\UnIrimon.exe

2006-07-20 13:36 45,056 C:\WINDOWS\system32tfthot.exe

2006-07-20 13:36 36,864 C:\WINDOWS\system32\ahnciup.exe

2006-07-20 13:36 28,672 C:\WINDOWS\system32\iqrdy2c1.exe

2006-07-20 13:36 221,184 C:\WINDOWS\system32\ubbv.dll

2006-07-20 13:36 1,163,264 C:\WINDOWS\system32\fhsxc.exe

2006-07-20 13:35 380,928 C:\WINDOWS\system32\WinNB58.dll

2006-07-20 13:35 32,976 C:\WINDOWS\system32\uninstIcn.exe

2006-07-20 13:35 23,552 C:\WINDOWS\system32\vwlbilx.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-08-17 11:20 -------- d-------- C:\Program Files\Common Files

2006-08-15 12:59 28672 --a------ C:\WINDOWS\system32\iqrdy2c1.exe

2006-08-15 12:59 221184 --a------ C:\WINDOWS\system32\ubbv.dll

2006-08-15 09:15 -------- d-------- C:\Program Files\Internet Explorer

2006-08-14 09:03 -------- d-------- C:\Program Files\SpywareBot

2006-08-11 17:10 -------- d-------- C:\Program Files\Morpheus

2006-08-11 17:10 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-08-11 15:39 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-08-01 14:11 -------- d-------- C:\Program Files\Norton AntiVirus

2006-08-01 12:43 -------- d-------- C:\Program Files\Common Files\Roxio Shared

2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-26 15:36 -------- d-------- C:\Program Files\Windows Media Connect 2

2006-07-26 15:07 -------- d-------- C:\Program Files\Microsoft Office

2006-07-26 15:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-07-25 20:34 -------- d-------- C:\Program Files\MSN

2006-07-25 20:33 -------- d-------- C:\Program Files\Online Services

2006-07-25 16:55 48193 --a------ C:\WINDOWS\system32\VSL13.exe

2006-07-25 16:55 38412 --a------ C:\WINDOWS\system32\ssqbn.exe

2006-07-25 16:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\System Restore

2006-07-22 15:43 -------- d-------- C:\Documents and Settings\Owner\Application Data\Roxio

2006-07-22 14:35 -------- d-------- C:\Program Files\Sonic

2006-07-22 14:35 -------- d-------- C:\Program Files\Common Files\Sonic Shared

2006-07-22 14:28 -------- d-------- C:\Program Files\DivX

2006-07-22 14:20 -------- d-------- C:\Documents and Settings\Owner\Application Data\Vso

2006-07-21 16:01 -------- d-------- C:\Program Files\Symantec

2006-07-21 15:49 -------- d-------- C:\Program Files\SymNetDrv

2006-07-21 15:26 -------- d-------- C:\Program Files\Azureus

2006-07-21 15:24 -------- d-------- C:\Program Files\AviSynth 2.5

2006-07-21 09:13 -------- d-------- C:\Program Files\Alcohol Soft

2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-07-20 20:14 25 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini

2006-07-20 20:14 1070 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log

2006-07-20 13:40 32976 --a------ C:\WINDOWS\system32\uninstIcn.exe

2006-07-20 13:39 45996 --a------ C:\WINDOWS\system32\UnIrimon.exe

2006-07-20 13:36 45056 --a------ C:\WINDOWS\system32tfthot.exe

2006-07-20 13:36 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb41.dat

2006-07-20 13:35 380928 --a------ C:\WINDOWS\system32\WinNB58.dll

2006-07-20 13:35 23552 --a------ C:\WINDOWS\system32\vwlbilx.exe

2006-07-19 13:01 -------- d-------- C:\Program Files\Microsoft Picture It! PhotoPub

2006-07-16 15:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft

2006-07-16 15:05 -------- d-------- C:\Program Files\Lavasoft

2006-07-15 09:40 -------- d-------- C:\Program Files\Windows Media Connect

2006-07-13 15:13 36864 --a------ C:\WINDOWS\system32\ahnciup.exe

2006-07-13 15:13 1163264 --a------ C:\WINDOWS\system32\fhsxc.exe

2006-07-13 11:53 -------- d--h----- C:\Program Files\Zero G Registry

2006-07-13 11:53 -------- d-------- C:\Program Files\THQ

2006-07-12 18:37 -------- d-------- C:\Program Files\epson

2006-07-11 17:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia

2006-07-10 17:15 -------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus

2006-07-10 13:31 -------- d-------- C:\Program Files\Java

2006-07-10 13:31 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun

2006-07-10 13:27 -------- d-------- C:\Program Files\Common Files\Java

2006-07-07 22:19 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys

2006-07-07 22:19 -------- d-------- C:\Program Files\vso

2006-07-07 21:30 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft

2006-07-06 18:21 5347232 --a------ C:\WebCleaner.dll

2006-07-06 12:17 -------- d-------- C:\Program Files\Common Files\Logitech

2006-07-06 12:16 -------- d-------- C:\Program Files\Logitech

2006-06-27 12:57 -------- d-------- C:\Documents and Settings\Owner\Application Data\Walgreens

2006-06-23 08:22 9216 --a------ C:\WINDOWS\aiqi.dll

2006-06-20 20:18 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition

2006-06-18 10:38 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2006-06-18 10:30 -------- d-------- C:\Program Files\Common Files\InstallShield

2006-06-17 20:53 -------- d-------- C:\Program Files\Microsoft Digital Image 2006

2006-06-07 10:55 3753 --a------ C:\Program Files\html2.htm

2006-06-07 10:55 3626 --a------ C:\Program Files\html1.htm

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE"

"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"farstone"=""

"LTMSG"="LTMSG.exe 7"

"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"

"RestoreIT!"="\"C:\\Program Files\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart"

"PowerS"="C:\\WINDOWS\\PowerS.exe"

"OneTouch Monitor"="C:\\PROGRA~1\\VISION~1\\ONETOU~2.EXE"

"tgcmd"="\"C:\\Program Files\\support.com\\bin\\tgcmd.exe\" /server"

"Logitech Utility"="Logi_MwX.Exe"

"EPSON Stylus Photo RX620 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9HA.EXE /P31 \"EPSON Stylus Photo RX620 Series\" /O6 \"USB002\" /M \"Stylus Photo RX620\""

"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"

"tSdURg2"="\"C:\\WINDOWS\\system32\\fhsxc.exe\""

"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"

"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DSS]

@="C:\\WINDOWS\\\\BBStore\\DSS\\dssagent.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

@=""

"BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"

"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Comcast\\COMCAS~2\\data\\Xtras\\mssysmgr.exe"

"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"

"PPWebCap"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"

"irssyncd"="C:\\WINDOWS\\system32\\irssyncd.exe"

"wallp2.exe"="C:\\WINDOWS\\system32\\wallp2.exe"

"VSL13.exe"="C:\\WINDOWS\\system32\\VSL13.exe"

"ssqbn.exe"="C:\\WINDOWS\\system32\\ssqbn.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

"kbdauc"="C:\\WINDOWS\\system32\\kbdauc.exe"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips FunCam Monitor.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Philips FunCam Monitor.lnk"

"backup"="C:\\WINDOWS\\pss\\Philips FunCam Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\PHILIP~1\\FunCam\\PHILIP~1.EXE "

"item"="Philips FunCam Monitor"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TM Monitor.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TM Monitor.lnk"

"backup"="C:\\WINDOWS\\pss\\TM Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\ArcSoft\\TOTALM~1\\TMMONI~1.EXE "

"item"="TM Monitor"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NAV CfgWiz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CfgWiz"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\OM_Monitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="FirstStart"

"hkey"="HKLM"

"command"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"

"inimapping"="0"

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

 

Completion time: Thu 08/17/2006 11:36:52.98

ComboFix.txt

ComboFix2.txt

Share this post


Link to post
Share on other sites

There are a number of files I need to get samples of from you so I can identify and submit them for detection (and some I just need to find out what they are)

 

Make sure your PC is configured to show hidden files

How to Show Hidden Files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Click Start.

 

Open My Computer.

 

Select the Tools menu and click Folder Options.

 

Select the View Tab.

 

Under the Hidden files and folders heading select Show hidden files and folders.

 

Uncheck the Hide protected operating system files (recommended) option.

 

Click Yes to confirm.

 

Click OK.

........................

 

Go here to upload the files as attachments

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Just press new topic (Make the subject: For CalamityJane from yourgo at LS ),

fill in a short message & then press the browse button and then navigate to & select these files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press the *Post* button to upload the files

 

Files to attach for upload:

 

C:\\WINDOWS\\system32\\kbdauc.exe

 

C:\WINDOWS\system32\ahnciup.exe

 

C:\WINDOWS\system32\fhsxc.exe

 

C:\WINDOWS\aiqi.dll

 

C:\WINDOWS\system32\ubbv.dll

 

C:\WINDOWS\system32\irssyncd.exe

 

C:\WINDOWS\system32\wallp2.exe

 

C:\WINDOWS\system32\VSL13.exe

 

C:\WINDOWS\system32\ssqbn.exe

 

C:\WINDOWS\system32\WinNB58.dll

 

C:\WINDOWS\system32\UnIrimon.exe

 

C:\WINDOWS\system32\vwlbilx.exe

 

C:\WINDOWS\system32tfthot.exe

 

C:\WINDOWS\system32\iqrdy2c1.exe

 

It MAY take more than one post to attach them all. If so *Post* and then hit reply to add more files in a second post.

 

Note: If some files are not found, that's ok. A prior cleaning step may have already removed it and I am only seeing leftover references to it in the registry.

 

(Do not post HJT logs there as they will not get dealt with)

 

You DO NOT need to be a member to upload, anybody can upload the files

 

You will not see the files that have been uploaded as they only show to the authorized users who can download them. I'll be able to collect them from there and will reply back here after I've had a chance to examine them.

 

Meanwhile, could you please open HijackThis and instead of scan choose *Open Misc Tools Section*

Then choose *Open Uninstall Manager*

Wait while it makes a list. When done press the *save list* button

Notepad should popup with a text file. Copy that list back here please.

 

I can then proceed with writing up a final fix for you :(

Share this post


Link to post
Share on other sites

Hi again

Per you request

 

Ad-Aware SE Personal

Adobe Download Manager 2.0 (Remove Only)

Adobe Photoshop 7.0

Adobe Reader 7.0.8

Adobe Shockwave Player

ArcSoft ShowBiz DVD 2

ArcSoft Software Suite

ArcSoft TotalMedia

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

ATI HYDRAVISION

Call of Duty - United Offensive

Call of Duty Game of the Year Edition

Call of Duty® 2

Canon PhotoRecord

Canon PIXMA iP1500

Canon Utilities Easy-PhotoPrint

Cars

Cars - Radiator Springs Adventures

ccCommon

ComcastSUPPORT

ConvertXtoDVD 2.0.13

DivX

DVD Decrypter (Remove Only)

DVD Shrink 3.2

Easy-WebPrint

EPSON CardMonitor

EPSON Copy Utility 3

EPSON PhotoStarter3.2

EPSON Printer Software

EPSON Scan

EPSON Smart Panel

EPSON SPRX620 Reference Guide

EPSON Web-To-Page

Family Tree Maker 6.0

HijackThis 1.99.1

IBM ViaVoice Pro - US English

Icons

Image Resizer Powertoy for Windows XP

ImageMixer VCD/DVD2 for OLYMPUS

InCD

Internet Worm Protection

J2SE Runtime Environment 5.0 Update 7

Lavasoft VX2 Cleaner

LiveReg (Symantec Corporation)

LiveUpdate 3.0 (Symantec Corporation)

Logitech Gaming Software

Logitech MouseWare 9.79.1

Macromedia Flash Player 8

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft Digital Image Suite 2006

Microsoft Links 2001

Microsoft Picture It! Photo Premium 2001

Microsoft Windows Script Host

Microsoft Word 2000 SR-1

Microsoft Works 2000

Microsoft Works 2000 Setup Launcher

Morpheus 5.2 (remove only)

Multimedia Card Reader

Nero Digital

Nero Media Player

Nero OEM

Norton AntiVirus 2005

Norton AntiVirus 2005 (Symantec Corporation)

Norton AntiVirus Help

Norton AntiVirus Parent MSI

Norton WMI Update

OneTouch V3.0

PaperPort 7.0

Quicklinks

QuickTime

RealArcade

RealPlayer

Realtek AC'97 Audio

Recover Pro

ScanToWeb

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Shockwave

Sierra Utilities

SPBBC

Symantec

Symantec Script Blocking Installer

SymNet

TV Station

Ulead PhotoImpact 8 SE

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

USB Sharing

Visioneer 8600 Scanner, OneTouch V2.2

Windows Defender Signatures

Windows Genuine Advantage v1.3.0254.0

Windows Installer 3.1 (KB893803)

Windows Media Connect

Windows Media Format Runtime

Windows Media Player 10

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB887797

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinZip

Word in Works Suite add-in

WordPerfect Office 12

Share this post


Link to post
Share on other sites

I didn't get this file

C:\WINDOWS\aiqi.dll

 

Could you upload that too?

 

I'm pretty sure that one exists.

 

And this one too, (if found)

C:\WINDOWS\system32\wallp2.exe

 

Go to Start > Control Panel and look in Add/Remove programs. Remove this one if found:

 

Quicklinks

 

Reboot your computer.

 

I'm writing up the rest of the fix and will post again when I have that together.

Share this post


Link to post
Share on other sites

Open HijackThis and choose *system scan only*

 

When it finishes place a checkmark next to each of these:

 

O2 - BHO: (no name) - {05C71219-7DFB-40ED-B08C-6B77106CE094} - \

O2 - BHO: (no name) - {06834924-FCC6-4EE4-AA16-8341C4155CDF} - \

O2 - BHO: (no name) - {1037EBFD-6512-4D0C-8C94-9315CA0ADFA0} - \

O2 - BHO: (no name) - {136CA9A3-DDA5-4339-91C1-BE219B65DC10} - \

O2 - BHO: (no name) - {157C2528-2438-471F-98D0-78FA7B4B3164} - \

O2 - BHO: (no name) - {15916AE8-F06D-4B44-BABA-9E2AB84D62A4} - \

O2 - BHO: (no name) - {1D7FE75A-4D03-46EF-B3C8-7777C79CF2C5} - \

O2 - BHO: (no name) - {1FA4997A-3465-40F5-BC93-7352A3F5EF44} - \

O2 - BHO: (no name) - {22F9438A-2108-4523-9E31-5291E9E61152} - \

O2 - BHO: (no name) - {239CEDDB-9880-4FC9-A4EF-3B4D0F2DFE5A} - \

O2 - BHO: (no name) - {2502D022-A346-4EA0-AC15-9AE074C719DF} - \

O2 - BHO: (no name) - {2AB59C0D-1C2B-4EB3-96AA-D8B6AB06D605} - \

O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\nodeipproc.dll (file missing)

O2 - BHO: (no name) - {31B96F13-F1B0-4770-A549-4DC3366AB652} - \

O2 - BHO: (no name) - {36B4A6CA-3E99-4DC8-94BD-BBA10781800A} - \

O2 - BHO: (no name) - {39E8F359-6AC8-4355-8CA5-5FA7F7DB7082} - \

O2 - BHO: (no name) - {3C849F8B-BD59-4566-9084-FDD836F2AE62} - \

O2 - BHO: (no name) - {44840408-0404-0806-8420-628480066820} - C:\WINDOWS\aiqi.dll

O2 - BHO: (no name) - {4C03EAED-0878-4431-B04E-ED51A5C4931F} - \

O2 - BHO: (no name) - {50023994-0052-488C-97E5-EEBCBCBBB890} - \

O2 - BHO: (no name) - {55E84824-1536-4166-AF04-F4F8CF5A5A32} - \

O2 - BHO: (no name) - {59ECEFE8-529D-4F37-A875-1C839A7AD588} - \

O2 - BHO: (no name) - {5B460B70-F18A-4FCA-A3B4-4E8526A2C677} - \

O2 - BHO: (no name) - {5CF4399C-E4C4-4145-8FD4-CCB056C4146F} - \

O2 - BHO: (no name) - {5D99EB38-8A66-4E9F-9C5A-88F019DC67C3} - \

O2 - BHO: (no name) - {5E06417A-6D9A-4175-A396-31C1A62595C5} - \

O2 - BHO: (no name) - {61343D0C-96D3-4751-A3DB-8AC55AEF2514} - \

O2 - BHO: (no name) - {6809F49C-91FF-4C6A-930C-4133C0560C9B} - \

O2 - BHO: (no name) - {6B320178-E587-4916-B59C-29AC4F44D835} - \

O2 - BHO: (no name) - {6CF15DC6-D2FB-4C11-86ED-92695DB0869D} - \

O2 - BHO: (no name) - {6D20B913-1015-404F-AFB5-CC6C269D8DB9} - \

O2 - BHO: (no name) - {70D5F022-D06E-4391-A7A5-28038CA4278B} - \

O2 - BHO: (no name) - {710A3317-8AE9-4C41-BEC1-8FFEA685E0E5} - \

O2 - BHO: (no name) - {73929110-C28E-45FA-A186-1AD803C3AB88} - \

O2 - BHO: (no name) - {77645659-E995-476F-9EEA-EF66CB337923} - \

O2 - BHO: (no name) - {79AF64F9-C068-4C57-BEDF-B42AB1010DAB} - \

O2 - BHO: (no name) - {7D0E6F57-D1EC-4302-8151-96D7984064F9} - \

O2 - BHO: (no name) - {7D319439-0652-4DC9-B9D9-A93E03FC378E} - \

O2 - BHO: (no name) - {7EAB2908-05B0-4632-B4C4-E055BAEB2B70} - \

O2 - BHO: (no name) - {81DE53D2-9326-4232-9B61-8ACAC983687F} - \

O2 - BHO: (no name) - {88B29F86-B123-4A1D-AC8A-BC5E476B4ED5} - \

O2 - BHO: (no name) - {89182C57-0972-4BFD-8381-AE60A527759A} - \

O2 - BHO: (no name) - {900F4D3A-8E01-4DE0-95C0-8D62CA674AC5} - \

O2 - BHO: (no name) - {965ED5FB-46D5-4040-9286-E9079FF45D79} - \

O2 - BHO: (no name) - {96EE8C64-4CBD-4848-ADC6-4560B7BAE07C} - \

O2 - BHO: (no name) - {9EB4825F-198F-4822-911B-2C2A8E433EB2} - \

O2 - BHO: (no name) - {A1907A48-6908-4A3A-A7DA-DA8CA18F9308} - \

O2 - BHO: (no name) - {A546E737-26BE-4FD6-9021-229339B57221} - \

O2 - BHO: (no name) - {A71302EB-A07D-4AF4-9329-15F86DACE3C5} - \

O2 - BHO: (no name) - {A84E4EC5-4B1F-48A2-AA22-46FDFECD20E4} - \

O2 - BHO: (no name) - {AA1C28F3-B027-4F61-9EC4-F71CACB15D04} - \

O2 - BHO: (no name) - {AA9A40F8-C591-4E66-8378-3CB69DB2F51B} - \

O2 - BHO: (no name) - {ACB2584E-54B2-4D80-B5C3-521F3F1A934B} - \

O2 - BHO: (no name) - {AE2CE19E-D46C-4D9C-ADCE-40D6CB60F634} - \

O2 - BHO: (no name) - {BB406331-807E-4BCD-BD24-CA86710E56DC} - \

O2 - BHO: (no name) - {BE9846B8-DE47-4D96-B318-EF475188E45C} - \

O2 - BHO: (no name) - {BF53CA70-E9F8-47C1-9729-EAAA92A6B607} - \

O2 - BHO: (no name) - {C8D4DE31-C023-4ECB-85C6-7667DCDEA6A9} - \

O2 - BHO: (no name) - {C9AEF489-05DF-48F8-A8CF-3C7E7A86BFFF} - \

O2 - BHO: (no name) - {D134F6EA-8DD0-4FB8-9BA7-31344FF85DAC} - \

O2 - BHO: (no name) - {D2E5F30C-6ABB-452D-ABCE-1CFBD3985AB6} - \

O2 - BHO: (no name) - {D4D34DC9-3736-41CC-92EE-802FD14755F7} - \

O2 - BHO: Kweaj Class - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINDOWS\system32\ubbv.dll

O2 - BHO: (no name) - {E0AB8770-43C1-4001-89CB-748438B04E10} - \

O2 - BHO: (no name) - {E2410C85-300C-46DC-AD65-BD2DA8D89D67} - C:\Program Files\Online Services\megobapu.dll (file missing)

O2 - BHO: (no name) - {E4B4C422-3BBA-4FAF-9B90-C2FA078B7E93} - \

O2 - BHO: (no name) - {E5C9C09D-E502-450A-B723-66B3033B2852} - \

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O2 - BHO: (no name) - {E603928A-19F9-458B-87B5-3996AF6224C9} - \

O2 - BHO: (no name) - {E8EF7E19-39DA-4EE2-8491-02981A8F8D1E} - \

O2 - BHO: (no name) - {ED15F27D-203E-4FE5-BDEC-82218C8596D6} - \

O2 - BHO: (no name) - {F12A651C-6F37-4496-BF20-8769BBDF5711} - \

O2 - BHO: (no name) - {F5316453-7044-4DD9-94AA-3D366F4A9C6B} - \

O2 - BHO: (no name) - {F9213D09-4560-4564-BE2D-D7E8784C1AB8} - \

O2 - BHO: (no name) - {FC9BAC61-0746-4A3F-A64C-8B4B091170D3} - \

O4 - HKLM\..\Run: [tSdURg2] "C:\WINDOWS\system32\fhsxc.exe"

O4 - HKLM\..\Run: [spywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe

O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe

O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe

 

O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

 

Then press the *fix checked* button.

 

Delete these files and/or folders (if found):

 

C:\Program Files\SpywareBot (folder)

 

C:\\WINDOWS\\system32\\kbdauc.exe

 

C:\WINDOWS\system32\ahnciup.exe

 

C:\WINDOWS\system32\fhsxc.exe

 

C:\WINDOWS\aiqi.dll

 

C:\WINDOWS\system32\ubbv.dll

 

C:\WINDOWS\system32\irssyncd.exe

 

C:\WINDOWS\system32\wallp2.exe

 

C:\WINDOWS\system32\VSL13.exe

C:\WINDOWS\system32\ssqbn.exe

 

C:\WINDOWS\system32\WinNB58.dll

 

C:\WINDOWS\system32\UnIrimon.exe

 

C:\WINDOWS\system32\vwlbilx.exe

 

C:\WINDOWS\system32tfthot.exe

 

C:\WINDOWS\system32\iqrdy2c1.exe

 

Reboot your computer.

 

Please scan once more with HijackThis and ComboFix and post fresh logs from both :(

Share this post


Link to post
Share on other sites

Hi again

per your request

 

Yourgo

 

Logfile of HijackThis v1.99.1Scan saved at 19:39, on 06-08-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\PowerS.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\support.com\bin\tgcmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\LiveUpdate\LiveUpdate.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\USB Sharing\usbshare.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Owner\My Documents\Reg files backup\Unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {F9CA844F-AB0A-40CB-B04B-05A593ABD05A} - \

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: USB Sharing.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07b430cd786595...tzip/RdxIE6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B604433A-5764-450A-BF5D-71FE9DDB8657}: NameServer = 192.168.0.1

O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\system32\ubbv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

 

Owner*Administrators - 06-08-17 19:39:49.82

ComboFix 06.08.17 - Running from: C:\Documents and Settings\Owner\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-17 to 2006-08-17 ))))))))))))))))))))))))))))))))))

 

 

2006-08-14 08:46 78,488 C:\WINDOWS\system32\XMD5.dll

2006-08-14 08:46 101,888 C:\WINDOWS\system32\vb6stkit.dll

2006-07-25 16:55 48,193 C:\WINDOWS\system32\VSL13.exe

2006-07-21 10:15 221,184 C:\WINDOWS\system32\wmpns.dll

2006-07-20 13:36 45,056 C:\WINDOWS\system32tfthot.exe

2006-07-20 13:35 32,976 C:\WINDOWS\system32\uninstIcn.exe

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-08-17 19:38 -------- d-------- C:\Program Files\Common Files

2006-08-15 09:15 -------- d-------- C:\Program Files\Internet Explorer

2006-08-14 09:03 -------- d-------- C:\Program Files\SpywareBot

2006-08-11 17:10 -------- d-------- C:\Program Files\Morpheus

2006-08-11 17:10 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-08-11 15:39 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-08-01 14:11 -------- d-------- C:\Program Files\Norton AntiVirus

2006-08-01 12:43 -------- d-------- C:\Program Files\Common Files\Roxio Shared

2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-26 15:36 -------- d-------- C:\Program Files\Windows Media Connect 2

2006-07-26 15:07 -------- d-------- C:\Program Files\Microsoft Office

2006-07-26 15:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-07-25 20:34 -------- d-------- C:\Program Files\MSN

2006-07-25 20:33 -------- d-------- C:\Program Files\Online Services

2006-07-25 16:55 48193 --a------ C:\WINDOWS\system32\VSL13.exe

2006-07-25 16:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\System Restore

2006-07-22 15:43 -------- d-------- C:\Documents and Settings\Owner\Application Data\Roxio

2006-07-22 14:35 -------- d-------- C:\Program Files\Sonic

2006-07-22 14:35 -------- d-------- C:\Program Files\Common Files\Sonic Shared

2006-07-22 14:28 -------- d-------- C:\Program Files\DivX

2006-07-22 14:20 -------- d-------- C:\Documents and Settings\Owner\Application Data\Vso

2006-07-21 16:01 -------- d-------- C:\Program Files\Symantec

2006-07-21 15:49 -------- d-------- C:\Program Files\SymNetDrv

2006-07-21 15:26 -------- d-------- C:\Program Files\Azureus

2006-07-21 15:24 -------- d-------- C:\Program Files\AviSynth 2.5

2006-07-21 09:13 -------- d-------- C:\Program Files\Alcohol Soft

2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-07-20 20:14 25 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini

2006-07-20 20:14 1070 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log

2006-07-20 13:40 32976 --a------ C:\WINDOWS\system32\uninstIcn.exe

2006-07-20 13:36 45056 --a------ C:\WINDOWS\system32tfthot.exe

2006-07-20 13:36 0 --a------ C:\Documents and Settings\Owner\Application Data\internaldb41.dat

2006-07-19 13:01 -------- d-------- C:\Program Files\Microsoft Picture It! PhotoPub

2006-07-16 15:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft

2006-07-16 15:05 -------- d-------- C:\Program Files\Lavasoft

2006-07-15 09:40 -------- d-------- C:\Program Files\Windows Media Connect

2006-07-13 11:53 -------- d--h----- C:\Program Files\Zero G Registry

2006-07-13 11:53 -------- d-------- C:\Program Files\THQ

2006-07-12 18:37 -------- d-------- C:\Program Files\epson

2006-07-11 17:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia

2006-07-10 17:15 -------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus

2006-07-10 13:31 -------- d-------- C:\Program Files\Java

2006-07-10 13:31 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun

2006-07-10 13:27 -------- d-------- C:\Program Files\Common Files\Java

2006-07-07 22:19 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys

2006-07-07 22:19 -------- d-------- C:\Program Files\vso

2006-07-07 21:30 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft

2006-07-06 18:21 5347232 --a------ C:\WebCleaner.dll

2006-07-06 12:17 -------- d-------- C:\Program Files\Common Files\Logitech

2006-07-06 12:16 -------- d-------- C:\Program Files\Logitech

2006-06-27 12:57 -------- d-------- C:\Documents and Settings\Owner\Application Data\Walgreens

2006-06-20 20:18 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition

2006-06-18 10:38 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2006-06-18 10:30 -------- d-------- C:\Program Files\Common Files\InstallShield

2006-06-17 20:53 -------- d-------- C:\Program Files\Microsoft Digital Image 2006

2006-06-07 10:55 3753 --a------ C:\Program Files\html2.htm

2006-06-07 10:55 3626 --a------ C:\Program Files\html1.htm

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE"

"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"farstone"=""

"LTMSG"="LTMSG.exe 7"

"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"

"RestoreIT!"="\"C:\\Program Files\\Phoenix Technologies Ltd\\RecoverPro_XP\\VBPTASK.EXE\" VBStart"

"PowerS"="C:\\WINDOWS\\PowerS.exe"

"OneTouch Monitor"="C:\\PROGRA~1\\VISION~1\\ONETOU~2.EXE"

"tgcmd"="\"C:\\Program Files\\support.com\\bin\\tgcmd.exe\" /server"

"Logitech Utility"="Logi_MwX.Exe"

"EPSON Stylus Photo RX620 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9HA.EXE /P31 \"EPSON Stylus Photo RX620 Series\" /O6 \"USB002\" /M \"Stylus Photo RX620\""

"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"

"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"

"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DSS]

@="C:\\WINDOWS\\\\BBStore\\DSS\\dssagent.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

@=""

"BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"

"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Comcast\\COMCAS~2\\data\\Xtras\\mssysmgr.exe"

"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"

"PPWebCap"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoCDBurning"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

"kbdauc"="C:\\WINDOWS\\system32\\kbdauc.exe"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000000

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips FunCam Monitor.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Philips FunCam Monitor.lnk"

"backup"="C:\\WINDOWS\\pss\\Philips FunCam Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\PHILIP~1\\FunCam\\PHILIP~1.EXE "

"item"="Philips FunCam Monitor"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TM Monitor.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TM Monitor.lnk"

"backup"="C:\\WINDOWS\\pss\\TM Monitor.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\ArcSoft\\TOTALM~1\\TMMONI~1.EXE "

"item"="TM Monitor"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NAV CfgWiz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CfgWiz"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\OM_Monitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="FirstStart"

"hkey"="HKLM"

"command"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"

"inimapping"="0"

 

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

 

Completion time: Thu 08/17/2006 19:42:15.23

ComboFix.txt

ComboFix2.txt

ComboFix3.txt

Share this post


Link to post
Share on other sites

Missed a couple.

 

Open HijackThis and do a *system scan only*

 

When it finishes, checkmark these 2 entries, then press the *fix checked* button

 

O2 - BHO: (no name) - {F9CA844F-AB0A-40CB-B04B-05A593ABD05A} - \

 

O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINDOWS\system32\ubbv.dll

 

After pressing the *fix checked* you can close HijackThis

.................................

1. Please download The Avenger by Swandog46 to your Desktop.

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the white part of the code box below (do not include the word "code") to your Clipboard by highlighting it and pressing (Ctrl+C):

 

Files to delete:
C:\WINDOWS\system32\VSL13.exe
C:\WINDOWS\system32tfthot.exe
C:\WINDOWS\system32\uninstIcn.exe

Folders to delete:
C:\Program Files\SpywareBot

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log

Share this post


Link to post
Share on other sites

Hello

Here are the two log files.

 

Question, can I delete the following files on the HJT log. I have been trying for a long time to remove them.

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

 

Thanks again for all your help.

Yourgo

 

 

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\yyqgyfrw

 

*******************

 

Script file located at: \??\C:\Program Files\ifsfarmj.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\VSL13.exe deleted successfully.

File C:\WINDOWS\system32tfthot.exe deleted successfully.

File C:\WINDOWS\system32\uninstIcn.exe deleted successfully.

Folder C:\Program Files\SpywareBot deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

Logfile of HijackThis v1.99.1Scan saved at 10:00:06 AM, on 8/18/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE

C:\WINDOWS\PowerS.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\support.com\bin\tgcmd.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\LiveUpdate\LiveUpdate.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\USB Sharing\usbshare.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\ViaVoice\Bin\engine.exe

C:\Program Files\Microsoft Works\MSWorks.exe

C:\Documents and Settings\Owner\My Documents\Reg files backup\Unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {F9CA844F-AB0A-40CB-B04B-05A593ABD05A} - \

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: USB Sharing.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (file missing)

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07b430cd786595...tzip/RdxIE6.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B604433A-5764-450A-BF5D-71FE9DDB8657}: NameServer = 192.168.0.1

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Share this post


Link to post
Share on other sites

Very good.

 

Could you please go here:

http://www.thespykiller.co.uk/forum/index.php?topic=2378.0

 

Scroll down until you see your first message and press the *reply* button. Put in a short message and

Then attach these files for upload:

 

C:\avenger\backup.zip

 

C:\Qoobox <--all files in that folder (or just put the folder in a compressed/zip file and attach Qoobox.zip)

 

................................................

The remaining two entries from my last post did not get fixed in HijackThis

 

Make sure that you don't have one of your security programs blocking changing to the registry (I see Windows Defender installed, if that pops up with a message about a change, choose to *allow*)

 

Make sure the IE is closed.

 

Scan with HijackThis and checkmark these two items, then press the *fix checked* button

 

O2 - BHO: (no name) - {F9CA844F-AB0A-40CB-B04B-05A593ABD05A} - \

 

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/...FreeInstall.cab

 

Delete these two files (if found)

 

C:\Program Files\html2.htm

C:\Program Files\html1.htm

 

And then delete the two I had you upload earlier:

 

C:\avenger\backup.zip <--delete file

 

C:\Qoobox <--delete folder

 

Reboot your PC and post a fresh HijackThis please.

 

I don't know why you can't delete the 09 items for party poker. It isn't on your uninstall list, but they aren't important really - that section is just a "flag" sometimes for malware that doesn't show up anywhere else and we would then know to look for files to delete if we see a malware in that section. Party Poker isn't malware, of course. The 09's in HJT corresponds to having buttons on main Internet Explorer toolbar or items in the Internet Explorer 'Tools' menu that are not part of the default installation.

 

corresponds to having buttons on main Internet Explorer toolbar or items in the Internet Explorer 'Tools' menu that are not part of the default installation.

and reside in this key:

 

Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key.

 

If you do not need these buttons or menu items or recognize them as malware, you can remove them safely.

 

When you fix these types of entries, HijackThis not delete the offending file listed. It is recommended that you reboot into safe mode and delete the offending file.

......................

Also, how is your computer acting at this point? Seeing any problems?

 

 

If you do not need these buttons or menu items or recognize them as malware, you can remove them safely.

 

When you fix these types of entries, HijackThis not delete the offending file listed. It is recommended that you reboot into safe mode and delete the offending file.

Share this post


Link to post
Share on other sites
Sign in to follow this