Sign in to follow this  
Jacksaar

Pmmon.exe & pmsngr.exe

Recommended Posts

I have acquired both pmmon.exe and pmsngr.exe and am recieving taskbar popups like crazy. I've seen from other post several steps are required. Any direction is valuable please help.

 

Thanks

 

Edit --> Moved to HJT forum

Share this post


Link to post
Share on other sites

Hello there and welcome to Lavasoft's security forum.

My name is David, I will be helping you with your problem today.

 

Please start by running a full scan with Ad-aware and posting the log.

When you finish the scan click "show logfile", then right click on it and choose "copy to clipboard".

 

Then, click here to download HijackThis.

Save HJTsetup.exe to your Desktop.

Double click on the HJTsetup.exe icon to start the program.

By default it will install to C:\Program Files\HijackThis.

Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.

Put a check by Create a desktop icon then click Next again.

Continue to follow the rest of the prompts from there.

At the final dialogue box click Finish and it will launch HijackThis.

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.

Save the log, and post me it in your next reply.

 

So post back with the Hijackthis log, and the adaware log.

You are infected with a smitfraud trojan, which should be easy to remove.

Share this post


Link to post
Share on other sites

Hello David

 

Thanks for helping on this topic.

 

Here is the Hijackthislog

 

Logfile of HijackThis v1.99.1

Scan saved at 8:43:04 PM, on 1/24/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Video ActiveX Object\pmsngr.exe

C:\WINDOWS\GWMDMMSG.exe

C:\WINDOWS\shicoxp.exe

C:\WINDOWS\caxchg.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Video ActiveX Object\pmmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe

C:\Program Files\1-Click Answers\answers.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\1-CLIC~1\agtserv.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsb.stanford.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe

O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"

O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514889745

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134686506132

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Here is the Adware log

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Wednesday, January 24, 2007 8:53:52 PM

Using definitions file:SE1R146 22.01.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):21 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

1-24-2007 8:53:52 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Aaron\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Aaron\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\office\11.0\common\general

Description : list of recently used symbols in microsoft office

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru

Description : list of recent documents opened by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-329068152-484763869-854245398-1004\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 740

ThreadCreationTime : 1-25-2007 4:16:59 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 816

ThreadCreationTime : 1-25-2007 4:17:02 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 840

ThreadCreationTime : 1-25-2007 4:17:04 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 884

ThreadCreationTime : 1-25-2007 4:17:05 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 896

ThreadCreationTime : 1-25-2007 4:17:05 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1036

ThreadCreationTime : 1-25-2007 4:17:07 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1124

ThreadCreationTime : 1-25-2007 4:17:08 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1164

ThreadCreationTime : 1-25-2007 4:17:08 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1232

ThreadCreationTime : 1-25-2007 4:17:08 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1348

ThreadCreationTime : 1-25-2007 4:17:09 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1588

ThreadCreationTime : 1-25-2007 4:17:11 AM

BasePriority : Normal

FileVersion : 104.0.8.3

ProductVersion : 104.0.8.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:12 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1616

ThreadCreationTime : 1-25-2007 4:17:13 AM

BasePriority : Normal

FileVersion : 104.0.8.3

ProductVersion : 104.0.8.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccEvtMgr.exe

 

#:13 [ccproxy.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1820

ThreadCreationTime : 1-25-2007 4:17:15 AM

BasePriority : Normal

FileVersion : 104.0.11.1

ProductVersion : 104.0.11.1

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Network Proxy Service

InternalName : ccProxy

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccProxy.exe

 

#:14 [sndsrvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1832

ThreadCreationTime : 1-25-2007 4:17:15 AM

BasePriority : Normal

FileVersion : 6.0.4.402

ProductVersion : 6.0

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002 - 2006 Symantec Corporation

OriginalFilename : SndSrvc.exe

 

#:15 [spbbcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\

ProcessID : 1904

ThreadCreationTime : 1-25-2007 4:17:15 AM

BasePriority : Normal

FileVersion : 2.1.0.4

ProductVersion : 2.1.0.4

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.

OriginalFilename : SPBBCSvc.exe

 

#:16 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ProcessID : 1960

ThreadCreationTime : 1-25-2007 4:17:15 AM

BasePriority : Normal

FileVersion : 1.9.1.762

ProductVersion : 1.9.1.762

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

LegalCopyright : Copyright © 2003

OriginalFilename : symlcsvc.exe

 

#:17 [lexbces.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 512

ThreadCreationTime : 1-25-2007 4:17:20 AM

BasePriority : Normal

FileVersion : 5,13,00,00

ProductVersion : 5,13,00,00

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LexBce Service

InternalName : LexBce Service

LegalCopyright : © 1993 - 2000 Lexmark International, Inc.

OriginalFilename : LexBceS.exe

 

#:18 [lexpps.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 552

ThreadCreationTime : 1-25-2007 4:17:20 AM

BasePriority : Normal

FileVersion : 5,13,00,00

ProductVersion : 5,13,00,00

ProductName : MarkVision for Windows (32 bit)

CompanyName : Lexmark International, Inc.

FileDescription : LEXPPS.EXE

InternalName : LEXPPS

LegalCopyright : © 1993 - 2000 Lexmark International, Inc.

OriginalFilename : LEXPPS.EXE

Comments : MarkVision for Windows '95 New P2P Server (32-bit)

 

#:19 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 548

ThreadCreationTime : 1-25-2007 4:17:20 AM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:20 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 704

ThreadCreationTime : 1-25-2007 4:17:21 AM

BasePriority : Normal

FileVersion : 3.0.0.166

ProductVersion : 3.0.0.166

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2005 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:21 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\

ProcessID : 780

ThreadCreationTime : 1-25-2007 4:17:21 AM

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft® Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:22 [navapsvc.exe]

FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\

ProcessID : 812

ThreadCreationTime : 1-25-2007 4:17:21 AM

BasePriority : Normal

FileVersion : 12.2.0.13

ProductVersion : 12.2.0

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:23 [nicserv.exe]

FilePath : C:\Program Files\Linksys\Wireless-G Notebook Adapter\

ProcessID : 1072

ThreadCreationTime : 1-25-2007 4:17:21 AM

BasePriority : Normal

FileVersion : 1.1.0.0

ProductVersion : 1.0.0.0

 

#:24 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1712

ThreadCreationTime : 1-25-2007 4:17:22 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:25 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 412

ThreadCreationTime : 1-25-2007 4:17:24 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:26 [pmsngr.exe]

FilePath : C:\Program Files\Video ActiveX Object\

ProcessID : 1524

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

 

 

#:27 [gwmdmmsg.exe]

FilePath : C:\WINDOWS\

ProcessID : 1540

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

FileVersion : 3.6.08 03/17/2003 15:19:57

ProductVersion : 3.6.08 03/17/2003 15:19:57

ProductName : GTW Modem Messaging Applet

CompanyName : GTW

FileDescription : Modem Messaging Applet

InternalName : smdmstat.exe

LegalCopyright : Copyright © GTW 1998-2000

OriginalFilename : smdmstat.exe

 

#:28 [shicoxp.exe]

FilePath : C:\WINDOWS\

ProcessID : 1548

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

 

 

#:29 [caxchg.exe]

FilePath : C:\WINDOWS\

ProcessID : 1752

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

 

 

#:30 [igfxtray.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1768

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

FileVersion : 3.0.0.2285

ProductVersion : 7.0.0.2285

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : igfxTray Module

InternalName : IGFXTRAY

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : IGFXTRAY.EXE

 

#:31 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1776

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

FileVersion : 3.0.0.2285

ProductVersion : 7.0.0.2285

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:32 [syntplpr.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 1796

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

FileVersion : 7.9.0 08Jan04

ProductVersion : 7.9.0 08Jan04

ProductName : Progressive Touch

CompanyName : Synaptics, Inc.

FileDescription : TouchPad Driver Helper Application

InternalName : SynTPLpr

LegalCopyright : Copyright © Synaptics, Inc. 1996-2004

OriginalFilename : SynTPLpr.exe

 

#:33 [syntpenh.exe]

FilePath : C:\Program Files\Synaptics\SynTP\

ProcessID : 1708

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

FileVersion : 7.9.0 08Jan04

ProductVersion : 7.9.0 08Jan04

ProductName : Progressive Touch

CompanyName : Synaptics, Inc.

FileDescription : Synaptics TouchPad Enhancements

InternalName : Scrolleroo

LegalCopyright : Copyright © Synaptics, Inc. 1996-2004

OriginalFilename : SynTPEnh.exe

 

#:34 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 220

ThreadCreationTime : 1-25-2007 4:17:31 AM

BasePriority : Normal

FileVersion : 104.0.8.3

ProductVersion : 104.0.8.3

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:35 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_10\bin\

ProcessID : 2084

ThreadCreationTime : 1-25-2007 4:17:32 AM

BasePriority : Normal

 

 

#:36 [pmmon.exe]

FilePath : C:\Program Files\Video ActiveX Object\

ProcessID : 2204

ThreadCreationTime : 1-25-2007 4:17:32 AM

BasePriority : Normal

 

 

#:37 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 2168

ThreadCreationTime : 1-25-2007 4:17:32 AM

BasePriority : Normal

FileVersion : 7.1.3

ProductVersion : QuickTime 7.1.3

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

FileDescription : QuickTime Task

InternalName : QuickTime Task

LegalCopyright : Copyright Apple Computer, Inc. 1989-2006

OriginalFilename : QTTask.exe

 

#:38 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 2248

ThreadCreationTime : 1-25-2007 4:17:33 AM

BasePriority : Normal

FileVersion : 7.0.2.16

ProductVersion : 7.0.2.16

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:39 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 2336

ThreadCreationTime : 1-25-2007 4:17:33 AM

BasePriority : Normal

FileVersion : 0.1.0.3760

ProductVersion : 0.1.0.3760

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:40 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2416

ThreadCreationTime : 1-25-2007 4:17:34 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:41 [skype.exe]

FilePath : C:\Program Files\Skype\Phone\

ProcessID : 2424

ThreadCreationTime : 1-25-2007 4:17:34 AM

BasePriority : Normal

 

 

#:42 [ad-watch.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\

ProcessID : 2448

ThreadCreationTime : 1-25-2007 4:17:35 AM

BasePriority : Normal

FileVersion : 3.1.2.17

ProductVersion : 3.2

ProductName : Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Watch System Protector

InternalName : Ad-Watch.exe

LegalCopyright : 1999-2004 Team Lavasoft

OriginalFilename : Ad-Watch.exe

 

#:43 [answers.exe]

FilePath : C:\Program Files\1-Click Answers\

ProcessID : 3412

ThreadCreationTime : 1-25-2007 4:17:38 AM

BasePriority : Normal

FileVersion : 2.1 (build 521)

ProductVersion : 2.1 (build 521)

ProductName : Answers

CompanyName : Answers Corporation

FileDescription : 1-Click Answers Client

InternalName : 1-Click Answers Client

LegalCopyright : Copyright © Answers Corporation 1999-2006

OriginalFilename : Answers.exe

 

#:44 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3432

ThreadCreationTime : 1-25-2007 4:17:38 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:45 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ProcessID : 3700

ThreadCreationTime : 1-25-2007 4:17:39 AM

BasePriority : Normal

FileVersion : 7.0.2.16

ProductVersion : 7.0.2.16

ProductName : iTunes

CompanyName : Apple Computer, Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:46 [agtserv.exe]

FilePath : C:\PROGRA~1\1-CLIC~1\

ProcessID : 3584

ThreadCreationTime : 1-25-2007 4:17:55 AM

BasePriority : Normal

FileVersion : 8.1 (build 521)

ProductVersion : 8.1 (build 521)

ProductName : ScreenScraper SDK

CompanyName : Answers Corporation

FileDescription : AgtServ main executable

InternalName : AgtServ

LegalCopyright : Copyright © Answers Corporation 1999-2006

OriginalFilename : AgtServ.exe

 

#:47 [firefox.exe]

FilePath : C:\PROGRA~1\MOZILL~1\

ProcessID : 2832

ThreadCreationTime : 1-25-2007 4:18:15 AM

BasePriority : Normal

 

 

#:48 [nscsrvce.exe]

FilePath : C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\

ProcessID : 3724

ThreadCreationTime : 1-25-2007 4:18:40 AM

BasePriority : Normal

FileVersion : 2006.1.5.17

ProductVersion : 2006.1.5

ProductName : Norton Security Console

CompanyName : Symantec Corporation

FileDescription : Norton Security Console Norton Protection Center Service

InternalName : NSCService

LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.

OriginalFilename : NSCSrvce.exe

 

#:49 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\

ProcessID : 2648

ThreadCreationTime : 1-25-2007 4:50:47 AM

BasePriority : Normal

FileVersion : 6.2.0.237

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:50 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 3728

ThreadCreationTime : 1-25-2007 4:52:13 AM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:51 [acrord32.exe]

FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\

ProcessID : 2000

ThreadCreationTime : 1-25-2007 4:53:33 AM

BasePriority : Normal

FileVersion : 7.0.8.2006051600

ProductVersion : 7.0.8.2006051600

ProductName : Adobe Reader

CompanyName : Adobe Systems Incorporated

FileDescription : Adobe Reader 7.0

LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.

OriginalFilename : AcroRd32.exe

 

#:52 [navw32.exe]

FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\

ProcessID : 3920

ThreadCreationTime : 1-25-2007 4:53:46 AM

BasePriority : Idle

FileVersion : 12.2.0.13

ProductVersion : 12.2.0

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Scanner Module

InternalName : Navw32

LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.

OriginalFilename : Navw32.exe

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 21

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

9:04:17 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:10:25.9

Objects scanned:152731

Objects identified:0

Objects ignored:0

New critical objects:0

Share this post


Link to post
Share on other sites

Good work! :D

 

It is a good idea to print off these instructions:

This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.

 

You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

A print out of the instructions would be a good reference to make sure you don't yet lost.

Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!

If you have any queries about the process or just general questions, just ask.

 

Please download SmitfraudFix (by S!Ri)

Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

 

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

 

O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Now reboot into Safe Mode.

This can be done tapping the F8 key as soon as you start your computer

You will be brought to a menu where you can choose to boot into safe mode.

Make sure you choose the option without networking support.

 

Once in Safe Mode, open the SmitfraudFix folder again.

Double-click smitfraudfix.cmd.

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

 

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

 

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

 

Also post a new Hijackthis log.

 

David

Share this post


Link to post
Share on other sites

Completed Things Seem Better Now

 

Hijackthis log

 

Logfile of HijackThis v1.99.1

Scan saved at 8:32:08 PM, on 1/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\GWMDMMSG.exe

C:\WINDOWS\shicoxp.exe

C:\WINDOWS\caxchg.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe

C:\Program Files\1-Click Answers\answers.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\1-CLIC~1\agtserv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE

C:\Program Files\Hijackthis\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe

O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"

O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514889745

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134686506132

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Smithfraudfix log

 

SmitFraudFix v2.135

 

Scan done at 20:25:57.32, Thu 01/25/2007

Run from C:\Documents and Settings\Aaron\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

Thanks a lot :D:D

Share this post


Link to post
Share on other sites

PS the smitfraudfix.cmd was run twice. I forgot to safe the first rapport.txt file, and did not read in the instructions quick enough that the file was probably somewhere on my hard drive

 

Sorry

 

Things seem to be working well though

Share this post


Link to post
Share on other sites

Great work! ^_^

Things are looking a lot better!

 

I want to run a scanner of the whole PC, looking for any leftover infected files.

 

Also I want to export the contents of your msconfig entries to look for anything suspcious.

 

Please perform this online scan: Kaspersky Webscan

Read the Requirements and Privacy statement, then select "Accept"

A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab

Select "Install" to download the ActiveX controls that allows ActiveScan to run.

 

When the download is complete it will say ready, click "Next"

Select a target to scan: Click on "My Computer"

When the scan is complete choose to save the results as "Save as Text"

Post the Kaspersky scan results in your next reply.

 

Please download Combofix to your desktop.

Doubleclick combo.exe to launch the application.

 

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Also post the Kaspersky log.

 

You may need several replies, as the logs can be quite long...

Share this post


Link to post
Share on other sites

HIghjack this log

 

Logfile of HijackThis v1.99.1

Scan saved at 9:48:29 PM, on 1/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\GWMDMMSG.exe

C:\WINDOWS\shicoxp.exe

C:\WINDOWS\caxchg.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe

C:\Program Files\1-Click Answers\answers.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\1-CLIC~1\agtserv.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVCE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.answers.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe

O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"

O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1134514889745

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134686506132

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

combo fix log

 

"Aaron" - 07-01-26 21:42:02 Service Pack 2

ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Aaron\Desktop"

 

((((((((((((((((((((((((((((((( Files Created from 2006-12-26 to 2007-01-26 ))))))))))))))))))))))))))))))))))

 

 

2007-01-26 20:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-01-26 20:10 <DIR> d-------- C:\WINDOWS\LastGood

2007-01-25 20:23 2,820 --a------ C:\WINDOWS\system32\tmp.reg

2007-01-25 20:15 <DIR> d-------- C:\DOCUME~1\Aaron\SmitfraudFix

2007-01-24 20:42 <DIR> d-------- C:\Program Files\Hijackthis

2007-01-23 21:27 <DIR> d-------- C:\WINDOWS\pss

2007-01-09 23:10 696,320 --a------ C:\WINDOWS\system32\libeay32.dll

2007-01-09 23:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll

2007-01-09 23:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\iolo

2007-01-09 23:07 <DIR> d-------- C:\DOCUME~1\Aaron\Application Data\iolo

2007-01-09 22:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe

2007-01-09 22:26 <DIR> d-------- C:\WINDOWS\ie7updates

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-01-26 21:32 -------- d-------- C:\DOCUME~1\Aaron\Application Data\skype

2007-01-26 20:00 -------- d-------- C:\Program Files\mozilla firefox

2007-01-24 20:23 -------- d-------- C:\Program Files\norton internet security

2007-01-24 20:23 -------- d-------- C:\Program Files\Common Files\symantec shared

2007-01-21 08:45 -------- d-------- C:\Program Files\lavasoft

2007-01-21 08:45 -------- d-------- C:\DOCUME~1\Aaron\Application Data\lavasoft

2007-01-14 08:54 -------- d-------- C:\Program Files\windows media connect 2

2007-01-09 22:47 -------- d-------- C:\DOCUME~1\Aaron\Application Data\adobeum

2007-01-09 21:45 -------- d-------- C:\Program Files\Common Files\adobe

2007-01-05 20:27 -------- d-------- C:\Program Files\java

2006-12-16 05:43 -------- d-------- C:\Program Files\gateway

2006-12-13 21:19 -------- d-------- C:\Program Files\Common Files\xing shared

2006-12-13 21:19 -------- d-------- C:\Program Files\Common Files\real

2006-12-02 12:57 23366 --a------ C:\DOCUME~1\Aaron\Application Data\comma separated values (dos).adr

2006-11-27 00:45 60416 --------- C:\WINDOWS\system32\tzchange.exe

2006-11-26 10:37 -------- d-------- C:\DOCUME~1\Aaron\Application Data\apple computer

2006-11-26 09:30 -------- d-------- C:\Program Files\1-click answers

2006-11-12 22:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll

2006-11-12 22:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll

2006-11-12 22:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll

2006-11-12 22:02 116736 --------- C:\WINDOWS\system32\aaclient.dll

2006-11-08 20:28 73216 --a------ C:\WINDOWS\st6unst.exe

2006-11-08 20:28 249856 --------- C:\WINDOWS\setup1.exe

2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-07 00:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe

2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\rmactivate_isv.exe

2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\rmactivate.exe

2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\secproc_isv.dll

2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\secproc.dll

2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\rmactivate_ssp.exe

2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\rmactivate_ssp_isv.exe

2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll

2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp_isv.dll

2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~2\\Ad-Watch.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"GWMDMMSG"="GWMDMMSG.exe"

"shicoxp"="C:\\WINDOWS\\shicoxp.exe"

"caxchg"="C:\\WINDOWS\\caxchg.exe"

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89f38730-71b9-11da-baae-0014bf75bff0}]

Shell\AutoRun\command G:\setupSNK.exe

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Low Battery Alarm Program.job

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Aaron.job

C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - Aaron.job

 

Completion time: 07-01-26 21:44:38

Share this post


Link to post
Share on other sites

Kaspersky scan results

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, January 26, 2007 9:39:44 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 27/01/2007

Kaspersky Anti-Virus database records: 247921

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

E:\

F:\

 

Scan Statistics:

Total number of scanned objects: 58190

Number of viruses found: 7

Number of infected objects: 40 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:19:34

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\Aaron\Application Data\Lavasoft\Ad-Aware\Logs\AWEVLOG.txt Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\call256.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\chat512.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\index2.dat Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\profile16384.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\transfer512.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\user1024.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\user16384.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\user256.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\user4096.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Skype\aaron.d.jackson\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Aaron\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped

C:\Documents and Settings\Aaron\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Aaron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Aaron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Aaron\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Aaron\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Aaron\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Aaron\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Aaron\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03b92c9cfcc0bf82ffcaaab0ecfc5531_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d00e771e438aa49fec85d1eb0497d3e_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21708f962de48460650d31e2bace7b53_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c385d82df96470a470cd5f70c92c979_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32d6ab8ca1b65136f3280b9a2feb8a71_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c3a55acbf976ab28e455b76631d888d_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8f3ed9b741055b2dfed436f21d3c7af5_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c03832190f179dd77b07691dc4336974_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa3d57144fe64dc05723a389bf85f727_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc451aadf0957fd2e67550bbd95f86bb_946caafc-41b5-42ee-9da4-49cd81fb2dbd Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-01-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E23541F.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E267E1B.exe Infected: Trojan-Downloader.Win32.Zlob.bcb skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338A55F2.tmp/document.pif Infected: Net-Worm.Win32.Mytob.j skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338A55F2.tmp ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\338A55F2.tmp CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C135A31.exe Infected: Trojan.Win32.Agent.rx skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F784021.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76F67560.tmp/doc.exe Infected: Net-Worm.Win32.Mytob.j skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76F67560.tmp ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76F67560.tmp CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78180E20.tmp/text.bat Infected: Net-Worm.Win32.Mytob.j skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78180E20.tmp ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78180E20.tmp CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\796756CE.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0198NAV~.TMP Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0434NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bbr skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bbr skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe UPX: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023824.exe PE_Patch.UPX: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bbr skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bbr skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe UPX: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP254\A0023825.exe PE_Patch.UPX: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.blb skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe/stream Infected: Trojan-Downloader.Win32.Zlob.blb skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe UPX: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP257\A0025333.exe PE_Patch.UPX: infected - 2 skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP258\A0025347.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP258\A0025367.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP258\A0025377.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025397.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025431.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025439.exe Infected: Trojan-Downloader.Win32.Zlob.bls skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025451.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025471.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025478.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025479.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP259\A0025484.exe Infected: Trojan-Downloader.Win32.Zlob.bkn skipped

C:\System Volume Information\_restore{B23FF274-21C5-45DE-B4CD-934FF58D2C73}\RP260\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

Share this post


Link to post
Share on other sites

Good work! ;)

We've just got a couple of things left to do.

 

1) Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.

Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents.

Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.

 

Select the item you wish to remove and click on RED 'X' icon to delete it.

This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.

Repeat for any other quarantined files you want to remove.

 

When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window.

 

2) Please open notepad and and copy and paste next bold in it:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.

It should look like this: reg8ip.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

 

3) We need to purge your infected system restore points.

On the Desktop, right-click My Computer, then click Properties.

Click the System Restore tab near the top of the window.

Check Turn off System Restore, click Apply, and then click OK.

 

We want to create a new, clean restore point. Please first reboot your computer.

You will be asked to turn system restore on again, click "yes".

On the Desktop, right-click My Computer, then click Properties.

Click the System Restore tab near the top of the window.

Check Turn off System Restore, click Apply, and then click OK.

 

Click Start > All Programs > Accessories > System Tools, and select System Restore.

In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.

Type a description for your new restore point - Something like "After trojan/spyware cleanup".

Click Create, and after it has created the restore point, click "Close".

 

Reboot a final time, how is the computer running now?

Share this post


Link to post
Share on other sites

Thank you so much. You have been very helpful.

 

System is running great. All the time I've wasted in the past. Wow.

 

Two pieces of feedback and one more question

 

Feedback #1

FYI- My Norton AntiVirus (Norton Internet Security 2006) worked slightly differently than described. What I did was

1) Open Norton Internet Security

2) Select Norton AntiVirus

3) On Left hand side, select Reports

4) On Right hand side, select "View Norton Quarantine & Restore

5) follow the remainder of instruction you provided

 

Feedback #2

FYI the instructions in step 3 got a little confusing. Did the three lines beginning

ON the desktop,...

Click the system...

Check Turn off....

 

Get repeated twice in the first two paragraphs?

 

I never was asked to turn on system restore, unitl I followed the "Click Start . All Programs > Accessories >System Tools chain of menus.

 

No problem though once I turned on system restore, selected apply and selected okay. I repeated the menus and went straight to the wizard. Which led me to question, how many times was I supose to repeat the cycle. I may have done a few extra but ultimately, I cleaned out the old restore points, turned system resotre back on, restarted, and then created a new restore point wiht my own personal name. :)

 

Question

 

Assuming things are clean now, Can I use Add/remove programs to remove the several things I've downloaded. These programs are much to sophisticated/dangerous to be left near my reach ;)

 

Thanks again, wonderful experience, I'm glad people like you take the time to help others. Makes we want to rethink the use of my free time.

Share this post


Link to post
Share on other sites

Your welcome Jacksaar! :)

 

Thanks for the feedback, I have updated a few of my canned speeches.

 

I now use this for the system restore points:

 

"We need to purge your infected system restore points.

On the Desktop, right-click My Computer, then click Properties.

Click the System Restore tab near the top of the window.

Check Turn off System Restore, click Apply, and then click OK.

More information on how to disable your system restore can be found here.

 

We want to create a new, clean restore point. Please first reboot your computer.

On the Desktop, right-click My Computer, then click Properties.

Click the System Restore tab near the top of the window.

Uncheck "Turn off System Restore", click Apply, and then click OK.

 

Click Start > All Programs > Accessories > System Tools, and select System Restore.

In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.

Type a description for your new restore point - Something like "After trojan/spyware cleanup".

Click Create, and after it has created the restore point, click "Close".

Further instructions on creating a restore point can be found here"

 

I know use this canned speech for emptying Norton Quarantine:

 

I want you to remove a few infected quarantined files from your Norton Antivirus.

The instructions depend on the version of Norton that you are running

Please visit the following link, and follow the instructions by clicking the on the appropriate version:

http://service1.symantec.com/SUPPORT/nav.n...000041213443506

 

You can go ahead now and remove anything that you've downloaded in the clean-up process.

 

It's been a real pleasure helping you, you've repaid me by fixing my speeches! ;)

 

The latest log is looking clean!

Follow this list and your potential for being infected again will be reduced dramatically.

 

Use an Anti Virus Software -

* It is very important that your computer has an anti-virus software running on your machine.

* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:

* Click here for more information on -> Computer Safety On line - Anti-Virus

* I would recommend Grisoft's AVG or AVAST.

* These are the more secure and better ones.

 

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

 

Use a Firewall -

* I can not stress how important it is that you use a Firewall on your computer.

* Without a firewall your computer is susceptible to being hacked and taken over.

* Simply using a Firewall in its default configuration can lower your risk greatly.

* For an article on Firewalls and a listing of some available ones see the link below:

* Click here for more information on -> Computer Safety On line - Software Firewalls

* I would recommend ZoneAlarm as a firewall as it's easy to use.

 

Visit Microsoft's Windows Update Site Frequently -

* It is important that you visit http://www.windowsupdate.com regularly.

* This will ensure your computer has always the latest security updates available installed on your computer.

* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

 

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.

* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.

* You should also scan your computer with program on a regular basis just as you would an anti virus software.

* A tutorial on installing & using this product can be found here:

* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

 

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.

* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.

* A tutorial on installing & using this product can be found here:

* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

 

Install Javacools© SpywareBlaster -

* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.

* A article on anti-malware products with links for this program and others can be found here:

* Click here for more info -->Computer Safety on line - Anti-Malware

 

Update all these programs regularly - Make sure you update all the programs I have listed regularly.

Without regular updates you WILL NOT be protected when new malicious programs are released.

 

If you have any addition questions just ask...

David

Share this post


Link to post
Share on other sites
Sign in to follow this