Sign in to follow this  
scumpusheadddd

IE IP Hijacked

Recommended Posts

My system has Norton INternet Security 2007 and SPySweeper in it. THeres this blimp in the lower right corner that says "Security Alert:[email protected]". I also have the blue/white question mark that flashes over to a like non-cmoking ring thing. I jsut want to get rid of the thing.

 

IM pretty sure Its the Maleware that uses the IP to get into your OS. And i have read that most anti virus; cant get find it because its in actual windows OS files and VIrus scans dont have access into them. So, the question is, how do i get rid of it?

 

Heres a pic of whats on my tray. I guess i cant post the actual pic with the.jpg extension.

 

http://img.photobucket.com/albums/v737/scu...iruspicture.jpg

Share this post


Link to post
Share on other sites

Hello,TChick09 & Welcome

 

Please show us an updated Ad-Aware Se, logfile followed by a HijackThis, logfile.

 

Posting Ad-Aware Se, log

http://www.castlecops.com/t100186-Ad_Aware...structions.html

 

 

Please download HijackThis version 1.99.1 from here:

http://www.downloads.subratam.org/hijackthis.zip

and make sure to unzip it to a permanent folder. Then please run HijackThis, click Scan and Save log, and post the new log here.

 

----------------

 

Do not add as an Attachment or they may not be looked at.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Ok, heres the Hijack Log....obviously lol. Im running the Ad-Ware SE scan now.

 

Logfile of HijackThis v1.99.1

Scan saved at 9:07:02 PM, on 2/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe

C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Video Access ActiveX Object\isamntr.exe

C:\Program Files\Video Access ActiveX Object\pmsnrr.exe

C:\Program Files\Video Access ActiveX Object\pmmnt.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DellMIS90dSetup] D:\setup.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\Quickset.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab

O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://wpn.mlxchange.com/Control/MultiSelectComboBox.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160369139593

O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://wpn.mlxchange.com/Control/MLXClientUtils.cab

O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/Control/IRCSharc.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Share this post


Link to post
Share on other sites

Heres the AD ware log

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Monday, February 26, 2007 8:57:25 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R155 26.02.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Other(TAC index:5):1 total references

SpyDawn(TAC index:3):2 total references

Tracking Cookie(TAC index:3):11 total references

Win32.Trojandownloader.Zlob(TAC index:10):18 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

2-26-2007 8:57:25 PM - Scan started. (Full System Scan)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 972

ThreadCreationTime : 2-26-2007 2:35:40 AM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1096

ThreadCreationTime : 2-26-2007 2:36:01 AM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 1160

ThreadCreationTime : 2-26-2007 2:36:34 AM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1204

ThreadCreationTime : 2-26-2007 2:36:35 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1216

ThreadCreationTime : 2-26-2007 2:36:35 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1392

ThreadCreationTime : 2-26-2007 2:36:37 AM

BasePriority : Normal

FileVersion : 6.14.10.4118

ProductVersion : 6.14.10.4118.02

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1408

ThreadCreationTime : 2-26-2007 2:36:37 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1492

ThreadCreationTime : 2-26-2007 2:36:38 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1652

ThreadCreationTime : 2-26-2007 2:36:38 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [evteng.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 1768

ThreadCreationTime : 2-26-2007 2:36:40 AM

BasePriority : Normal

FileVersion : 9, 0, 1, 12

ProductVersion : 9, 0, 0, 0

ProductName : EvtEng Module

CompanyName : Intel Corporation

FileDescription : EvtEng Module

InternalName : EvtEng

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : EvtEng.EXE

 

#:11 [s24evmon.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 1808

ThreadCreationTime : 2-26-2007 2:36:41 AM

BasePriority : Normal

FileVersion : 9, 0, 1, 41

ProductVersion : 9, 0, 0, 0

ProductName : Mobile Unit Support Service

CompanyName : Intel Corporation

FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.

InternalName : S24EvMon

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : S24EvMon.exe

 

#:12 [wlkeeper.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 1848

ThreadCreationTime : 2-26-2007 2:36:41 AM

BasePriority : Normal

FileVersion : 9, 0, 1, 14

ProductVersion : 1, 0, 0, 1

ProductName : SSOFSet Service

CompanyName : Intel® Corporation

FileDescription : WLKEEPER

InternalName : WLKEEPER

LegalCopyright : Copyright © 2004

OriginalFilename : WLKEEPER.exe

 

#:13 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1928

ThreadCreationTime : 2-26-2007 2:36:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:14 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 232

ThreadCreationTime : 2-26-2007 2:36:44 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:15 [ccsvchst.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 480

ThreadCreationTime : 2-26-2007 2:36:45 AM

BasePriority : Normal

FileVersion : 106.1.3.3

ProductVersion : 106.1.3.3

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec Service Framework

InternalName : ccSvcHst

LegalCopyright : Copyright © 2000-2006 Symantec Corporation. All rights reserved.

OriginalFilename : ccSvcHst.exe

 

#:16 [appsvc32.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\

ProcessID : 1416

ThreadCreationTime : 2-26-2007 2:36:51 AM

BasePriority : Normal

FileVersion : 1.0.00.101

ProductVersion : 1.0

ProductName : Symantec Application Core

CompanyName : Symantec Corporation

FileDescription : Symantec Application Core Service

InternalName : AppSvc32

LegalCopyright : Copyright © 1997-2006 Symantec Corporation

OriginalFilename : AppSvc32.exe

 

#:17 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1620

ThreadCreationTime : 2-26-2007 2:36:53 AM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:18 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 464

ThreadCreationTime : 2-26-2007 2:37:00 AM

BasePriority : Normal

FileVersion : 3.1.0.99

ProductVersion : 3.1.0.99

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2006 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:19 [cisvc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1576

ThreadCreationTime : 2-26-2007 2:37:20 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Content Index service

InternalName : cisvc.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : cisvc.exe

 

#:20 [lssrvc.exe]

FilePath : C:\Program Files\Common Files\LightScribe\

ProcessID : 188

ThreadCreationTime : 2-26-2007 2:37:23 AM

BasePriority : Normal

FileVersion : 1.4.97.1

ProductName : LightScribe

CompanyName : Hewlett-Packard Company

LegalCopyright : © Copyright 2003-2006 Hewlett-Packard Development Company, LP

OriginalFilename : LSSrvc.exe

 

#:21 [zcfgsvc.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 316

ThreadCreationTime : 2-26-2007 2:37:28 AM

BasePriority : Normal

FileVersion : 9, 0, 1, 45

ProductVersion : 1, 0, 0, 2

ProductName : ZeroCfgSvc Application

CompanyName : Intel Corporation

FileDescription : ZeroCfgSvc MFC Application

InternalName : ZeroCfgSvc

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : ZeroCfgSvc.EXE

 

#:22 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 772

ThreadCreationTime : 2-26-2007 2:37:31 AM

BasePriority : Normal

FileVersion : 6.14.10.4118

ProductVersion : 6.14.10.4118.02

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:23 [1xconfig.exe]

FilePath : C:\PROGRA~1\Intel\Wireless\Bin\

ProcessID : 1284

ThreadCreationTime : 2-26-2007 2:37:32 AM

BasePriority : Normal

FileVersion : 9, 0, 1, 33

ProductVersion : 9, 0, 0, 0

ProductName : 8021XConfig Module

CompanyName : Intel

FileDescription : 8021XConfig Module

InternalName : 8021XConfig

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : 1XConfig.EXE

Comments : Wrapper for MH. (Service COM)

 

#:24 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1732

ThreadCreationTime : 2-26-2007 2:37:33 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Process

Data : higehsg.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\system32\

 

 

 

#:25 [nicconfigsvc.exe]

FilePath : C:\Program Files\Dell\NICCONFIGSVC\

ProcessID : 880

ThreadCreationTime : 2-26-2007 2:37:35 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : NicConfigSvc

CompanyName : Dell Inc.

FileDescription : Internal Network Card Power Management Service

InternalName : TestMFCAppWiz

LegalCopyright : Copyright © 2004 Dell Inc.

OriginalFilename : NicConfigSvc.EXE

 

#:26 [regsrvc.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 2056

ThreadCreationTime : 2-26-2007 2:37:43 AM

BasePriority : Normal

FileVersion : 9, 0, 1, 10

ProductVersion : 9, 0, 0, 0

ProductName : RegSrvc Module

CompanyName : Intel Corporation

FileDescription : RegSrvc Module

InternalName : RegSrvc

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : RegSrvc.EXE

Comments : Registry Interface for Intel Wireless Products

 

#:27 [snmp.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2096

ThreadCreationTime : 2-26-2007 2:37:45 AM

BasePriority : Normal

FileVersion : 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303)

ProductVersion : 5.1.2600.3038

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : SNMP Service

InternalName : snmp.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : snmp.exe

 

#:28 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2200

ThreadCreationTime : 2-26-2007 2:37:47 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:29 [wdfmgr.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2280

ThreadCreationTime : 2-26-2007 2:37:50 AM

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WdfMgr.exe

 

#:30 [viewpointservice.exe]

FilePath : C:\Program Files\Viewpoint\Common\

ProcessID : 2580

ThreadCreationTime : 2-26-2007 2:37:52 AM

BasePriority : Normal

FileVersion : 2, 0, 0, 54

ProductVersion : 2, 0, 0, 54

ProductName : Viewpoint Manager

CompanyName : Viewpoint Corporation

FileDescription : ViewMgr

InternalName : Viewpoint Manager

LegalCopyright : Copyright © 2004

OriginalFilename : ViewMgr.exe

Comments : Viewpoint Manager

 

#:31 [spysweeper.exe]

FilePath : C:\Program Files\Webroot\Spy Sweeper\

ProcessID : 2628

ThreadCreationTime : 2-26-2007 2:37:53 AM

BasePriority : Normal

FileVersion : 3,3,1,2592

ProductVersion : 3, 3

ProductName : Spy Sweeper SDK

CompanyName : Webroot Software, Inc.

FileDescription : Spy Sweeper Engine

LegalCopyright : Copyright © 2002 - 2007, All Rights Reserved.

LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

OriginalFilename : SpySweeper.exe

 

#:32 [isamntr.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 3228

ThreadCreationTime : 2-26-2007 2:38:13 AM

BasePriority : Normal

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Process

Data : isamntr.exe

TAC Rating : 10

Category : Malware

Comment : isamntr.exe.dmp

Object : C:\Program Files\Video Access ActiveX Object\

 

 

Warning! Win32.Trojandownloader.Zlob Object found in memory(C:\Program Files\Video Access ActiveX Object\isamntr.exe)

 

"C:\Program Files\Video Access ActiveX Object\isamntr.exe"Process terminated successfully

"C:\Program Files\Video Access ActiveX Object\isamntr.exe"Process terminated successfully

 

#:33 [pmsnrr.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 3236

ThreadCreationTime : 2-26-2007 2:38:13 AM

BasePriority : Normal

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Process

Data : pmsnrr.exe

TAC Rating : 10

Category : Malware

Comment : pmsnrr.exe.dmp

Object : C:\Program Files\Video Access ActiveX Object\

 

 

Warning! Win32.Trojandownloader.Zlob Object found in memory(C:\Program Files\Video Access ActiveX Object\pmsnrr.exe)

 

"C:\Program Files\Video Access ActiveX Object\pmsnrr.exe"Process terminated successfully

"C:\Program Files\Video Access ActiveX Object\pmsnrr.exe"Process terminated successfully

 

#:34 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 3248

ThreadCreationTime : 2-26-2007 2:38:14 AM

BasePriority : Normal

FileVersion : 0.1.0.3510

ProductVersion : 0.1.0.3510

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:35 [issch.exe]

FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\

ProcessID : 3264

ThreadCreationTime : 2-26-2007 2:38:14 AM

BasePriority : Normal

FileVersion : 4, 50, 100, 33433

ProductVersion : 4, 50

ProductName : InstallShield Update Service

CompanyName : InstallShield Software Corporation

FileDescription : InstallShield Update Service Scheduler

InternalName : Scheduler

LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation

OriginalFilename : issch.exe

 

#:36 [ifrmewrk.exe]

FilePath : C:\Program Files\Intel\Wireless\Bin\

ProcessID : 3360

ThreadCreationTime : 2-26-2007 2:38:20 AM

BasePriority : Normal

FileVersion : 9, 0, 1, 19

ProductVersion : 9, 0, 0, 0

ProductName : Intel PROSet/Wireless

CompanyName : Intel Corporation

FileDescription : Intel Framework MFC Application

InternalName : Framework

LegalCopyright : Copyright © Intel Corporation 1999-2004

OriginalFilename : iFramewrk.exe

 

#:37 [tfswctrl.exe]

FilePath : C:\WINDOWS\system32\dla\

ProcessID : 3540

ThreadCreationTime : 2-26-2007 2:38:21 AM

BasePriority : Normal

FileVersion : 1.04.08a

CompanyName : Sonic Solutions

FileDescription : Drive Letter Access Component

LegalCopyright : Copyright © 2004 Sonic Solutions

 

#:38 [atiptaxx.exe]

FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\

ProcessID : 3696

ThreadCreationTime : 2-26-2007 2:38:25 AM

BasePriority : Normal

FileVersion : 6.14.10.5160

ProductVersion : 6.14.10.5160

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright © 1998-2005 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

 

#:39 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 3772

ThreadCreationTime : 2-26-2007 2:38:26 AM

BasePriority : Normal

 

 

#:40 [pmmnt.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 3768

ThreadCreationTime : 2-26-2007 2:38:26 AM

BasePriority : Normal

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Process

Data : pmmnt.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\Program Files\Video Access ActiveX Object\

 

 

"C:\Program Files\Video Access ActiveX Object\pmmnt.exe"Process terminated successfully

"C:\Program Files\Video Access ActiveX Object\pmmnt.exe"Process terminated successfully

 

#:41 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_10\bin\

ProcessID : 3860

ThreadCreationTime : 2-26-2007 2:38:27 AM

BasePriority : Normal

 

 

#:42 [pcmservice.exe]

FilePath : C:\Program Files\Dell\Media Experience\

ProcessID : 800

ThreadCreationTime : 2-26-2007 2:38:31 AM

BasePriority : Normal

FileVersion : 1.0.1611

ProductVersion : 1.0.1611

ProductName : PCM2Launcher Application

CompanyName : CyberLink Corp.

FileDescription : PowerCinema Resident Program for Dell

InternalName : PowerCinema Resident Program for Dell

LegalCopyright : Copyright c 2003 CyberLink Corp.

OriginalFilename : PCM2Launcher.EXE

 

#:43 [mmtask.exe]

FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\

ProcessID : 2268

ThreadCreationTime : 2-26-2007 2:38:33 AM

BasePriority : Normal

FileVersion : 9.0.0.1

ProductVersion : 9.0.0.1

ProductName : Musicmatch Jukebox

CompanyName : Musicmatch Inc.

FileDescription : <Musicmatch System Tray Application>

InternalName : mmtask.exe

LegalCopyright : © Musicmatch Inc.. All rights reserved.

OriginalFilename : mmtask.exe

 

#:44 [hpwuschd2.exe]

FilePath : C:\Program Files\HP\HP Software Update\

ProcessID : 2460

ThreadCreationTime : 2-26-2007 2:38:35 AM

BasePriority : Normal

FileVersion : 53.0.13.000

ProductVersion : 053.000.013.000

ProductName : hp digital imaging - hp all-in-one series

CompanyName : Hewlett-Packard Co.

FileDescription : Hewlett-Packard Product Assistant

InternalName : hpwuSchd2

LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004

OriginalFilename : hpwuSchd2.exe

Comments : Hewlett-Packard Product Assistant

 

#:45 [mediadetect.exe]

FilePath : C:\Program Files\Corel\Corel Photo Album 6\

ProcessID : 2696

ThreadCreationTime : 2-26-2007 2:38:37 AM

BasePriority : Normal

FileVersion : 6.3.3 (20060209.16)

ProductVersion : 6.3.3 (20060209.16)

ProductName : Corel Photo Album 6

CompanyName : Corel, Inc.

FileDescription : Corel Photo Album 6 Application

InternalName : Corel Photo Album 6

LegalCopyright : Copyright © 1995-2005

OriginalFilename : MediaDetect.exe

 

#:46 [apoint.exe]

FilePath : C:\Program Files\Apoint\

ProcessID : 2720

ThreadCreationTime : 2-26-2007 2:38:39 AM

BasePriority : Normal

FileVersion : 5.5.101.141

ProductVersion : 5.5.101.141

ProductName : Alps Pointing-device Driver

CompanyName : Alps Electric Co., Ltd.

FileDescription : Alps Pointing-device Driver

InternalName : Alps Pointing-device Driver

LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.

OriginalFilename : Apoint.exe

 

#:47 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 3036

ThreadCreationTime : 2-26-2007 2:38:48 AM

BasePriority : Normal

FileVersion : 106.1.3.3

ProductVersion : 106.1.3.3

ProductName : Symantec Security Technologies

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2006 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:48 [apntex.exe]

FilePath : C:\Program Files\Apoint\

ProcessID : 3124

ThreadCreationTime : 2-26-2007 2:38:52 AM

BasePriority : Normal

FileVersion : 5.5.1.19

ProductVersion : 5.5.1.19

ProductName : Alps Pointing-device Driver for Windows NT/2000/XP

CompanyName : Alps Electric Co., Ltd.

FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP

InternalName : Alps Pointing-device Driver for Windows NT/2000/XP

LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.

OriginalFilename : ApntEx.exe

 

#:49 [viewmgr.exe]

FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\

ProcessID : 3136

ThreadCreationTime : 2-26-2007 2:38:53 AM

BasePriority : Normal

FileVersion : 2, 0, 0, 54

ProductVersion : 2, 0, 0, 54

ProductName : Viewpoint Manager

CompanyName : Viewpoint Corporation

FileDescription : ViewMgr

InternalName : Viewpoint Manager

LegalCopyright : Copyright © 2004

OriginalFilename : ViewMgr.exe

Comments : Viewpoint Manager

 

#:50 [spysweeperui.exe]

FilePath : C:\Program Files\Webroot\Spy Sweeper\

ProcessID : 892

ThreadCreationTime : 2-26-2007 2:39:28 AM

BasePriority : Normal

FileVersion : 5,3,1,2344

ProductVersion : 5, 3

ProductName : Spy Sweeper

CompanyName : Webroot Software, Inc.

FileDescription : Spy Sweeper Client Executable

LegalCopyright : Copyright © 2002 - 2007, All Rights Reserved.

OriginalFilename : SpySweeper.exe

 

#:51 [wmiprvse.exe]

FilePath : C:\WINDOWS\system32\wbem\

ProcessID : 3868

ThreadCreationTime : 2-26-2007 2:40:28 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

 

#:52 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 344

ThreadCreationTime : 2-26-2007 2:40:41 AM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:53 [tosbtmng.exe]

FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\

ProcessID : 2320

ThreadCreationTime : 2-26-2007 2:41:02 AM

BasePriority : Normal

 

 

#:54 [dlg.exe]

FilePath : C:\Program Files\Digital Line Detect\

ProcessID : 2360

ThreadCreationTime : 2-26-2007 2:41:05 AM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : BVRP Software TestLine

CompanyName : BVRP Software

FileDescription : Digital Line Detection

InternalName : TestLine

LegalCopyright : Copyright © 2003

OriginalFilename : TestLine.exe

 

#:55 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 552

ThreadCreationTime : 2-26-2007 2:43:02 AM

BasePriority : Normal

 

 

#:56 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 1884

ThreadCreationTime : 2-26-2007 2:43:09 AM

BasePriority : Normal

 

 

#:57 [tosa2dp.exe]

FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\

ProcessID : 3172

ThreadCreationTime : 2-26-2007 2:43:12 AM

BasePriority : Normal

 

 

#:58 [tosbthid.exe]

FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\

ProcessID : 1788

ThreadCreationTime : 2-26-2007 2:43:26 AM

BasePriority : Normal

FileVersion : 4, 0, 804, 0

ProductVersion : 4, 0, 804, 0

ProductName : Bluetooth Stack for Windows by TOSHIBA

CompanyName : TOSHIBA CORPORATION.

LegalCopyright : Copyright © 2005 TOSHIBA CORPORATION, All rights reserved.

OriginalFilename : TosBtHid.exe

 

#:59 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 3448

ThreadCreationTime : 2-26-2007 2:43:29 AM

BasePriority : Normal

 

 

#:60 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 3284

ThreadCreationTime : 2-26-2007 2:43:34 AM

BasePriority : Normal

 

 

#:61 [tosbthsp.exe]

FilePath : C:\Program Files\Toshiba\Bluetooth Toshiba Stack\

ProcessID : 2604

ThreadCreationTime : 2-26-2007 2:43:35 AM

BasePriority : Normal

 

 

#:62 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 992

ThreadCreationTime : 2-26-2007 2:44:09 AM

BasePriority : Normal

 

 

#:63 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 2052

ThreadCreationTime : 2-26-2007 2:49:39 AM

BasePriority : Normal

 

 

#:64 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 2900

ThreadCreationTime : 2-26-2007 2:50:39 AM

BasePriority : Normal

 

 

#:65 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 5788

ThreadCreationTime : 2-26-2007 5:32:17 AM

BasePriority : Normal

 

 

#:66 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ProcessID : 4992

ThreadCreationTime : 2-26-2007 5:55:53 AM

BasePriority : Normal

FileVersion : 1.9.1.1034

ProductVersion : 1.9.1.1034

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

LegalCopyright : Copyright © 2003

OriginalFilename : symlcsvc.exe

 

#:67 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 5328

ThreadCreationTime : 2-26-2007 6:31:41 AM

BasePriority : Normal

 

 

#:68 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 1008

ThreadCreationTime : 2-26-2007 6:32:59 AM

BasePriority : Normal

 

 

#:69 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 2996

ThreadCreationTime : 2-26-2007 6:33:03 AM

BasePriority : Normal

 

 

#:70 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 2464

ThreadCreationTime : 2-26-2007 9:08:25 AM

BasePriority : Normal

 

 

#:71 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 5012

ThreadCreationTime : 2-26-2007 4:50:22 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:72 [isamini.exe]

FilePath : C:\Program Files\Video Access ActiveX Object\

ProcessID : 828

ThreadCreationTime : 2-26-2007 9:49:26 PM

BasePriority : Normal

 

 

#:73 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 6092

ThreadCreationTime : 2-27-2007 1:51:14 AM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:74 [navw32.exe]

FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\

ProcessID : 3380

ThreadCreationTime : 2-27-2007 1:55:54 AM

BasePriority : Idle

FileVersion : 14.0.0.89

ProductVersion : 14.0.0

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Scanner Module

InternalName : Navw32

LegalCopyright : Copyright © 2006 Symantec Corporation. All rights reserved.

OriginalFilename : Navw32.exe

 

#:75 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ProcessID : 5540

ThreadCreationTime : 2-27-2007 1:56:26 AM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:76 [ssu.exe]

FilePath : C:\Program Files\Webroot\Spy Sweeper\

ProcessID : 2888

ThreadCreationTime : 2-27-2007 1:56:49 AM

BasePriority : Normal

 

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 3

Objects found so far: 4

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{2016a466-91a2-43c6-97d8-2fd380f065ef}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 5

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 5

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\toolbar

Value : {84938242-5c5b-4a55-b6b9-a1507543b418}

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:137

Value : Cookie:travis [email protected]/

Expires : 12-30-2037 10:00:00 PM

LastSync : Hits:137

UseCount : 0

Hits : 137

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:472

Value : Cookie:travis [email protected]/

Expires : 12-31-2020

LastSync : Hits:472

UseCount : 0

Hits : 472

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:308

Value : Cookie:travis [email protected]/

Expires : 2-24-2008 6:05:56 AM

LastSync : Hits:308

UseCount : 0

Hits : 308

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:6

Value : Cookie:travis [email protected]/

Expires : 2-16-2037 6:03:36 AM

LastSync : Hits:6

UseCount : 0

Hits : 6

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:travis [email protected]/

Expires : 2-17-2007

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:travis [email protected]/

Expires : 12-31-2020 7:00:00 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:travis [email protected]/

Expires : 2-19-2012 2:58:30 AM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:85

Value : Cookie:travis [email protected]/

Expires : 2-24-2009 11:29:40 PM

LastSync : Hits:85

UseCount : 0

Hits : 85

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:14

Value : Cookie:travis [email protected]/

Expires : 2-24-2010 4:52:56 AM

LastSync : Hits:14

UseCount : 0

Hits : 14

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:travis [email protected]/

Expires : 12-30-2037 11:00:00 AM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 10

Objects found so far: 16

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : pmmnt.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\Program Files\Video Access ActiveX Object\

 

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : A0085735.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\

 

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : A0086249.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP350\

 

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : A0086354.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\

 

 

 

SpyDawn Object Recognized!

Type : File

Data : A0086367.exe

TAC Rating : 3

Category : Misc

Comment :

Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\

FileVersion : 3.0.0.0

ProductVersion : 3.0.0.0

ProductName : SpyDawn

CompanyName : SpyDawn.com

FileDescription : Anti- spyware and adware

InternalName : SpyDawn.exe

LegalCopyright : © SpyDawn.com. All rights reserved.

OriginalFilename : SpyDawn.exe

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : A0086381.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\

 

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : A0086419.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP352\

 

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : higehsg.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\system32\

 

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : travis [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\WINDOWS\Temp\Cookies\travis [email protected][1].txt

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 25

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

4 entries scanned.

New critical objects:0

Objects found so far: 25

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\internet explorer security plugin 2006

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\internet explorer security plugin 2006

Value : UninstallString

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : Folder

TAC Rating : 10

Category : Malware

Comment : Win32.Trojandownloader.Zlob

Object : C:\Program Files\Video Access ActiveX Object

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : Security Troubleshooting.url

TAC Rating : 10

Category : Malware

Comment :

Object : c:\documents and settings\all users\start menu\

 

 

 

Win32.Trojandownloader.Zlob Object Recognized!

Type : File

Data : Online Security Guide.url

TAC Rating : 10

Category : Malware

Comment :

Object : c:\documents and settings\all users\start menu\

 

 

 

SpyDawn Object Recognized!

Type : Folder

TAC Rating : 3

Category : Misc

Comment : SpyDawn

Object : C:\Program Files\SpyDawn

 

Other Object Recognized!

Type : File

Data : PMMNT.EXE-39D4E79C.pf

TAC Rating : 7

Category : Malware

Comment :

Object : C:\WINDOWS\prefetch\

 

 

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 7

Objects found so far: 32

 

10:23:33 PM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:01:26:07.734

Objects scanned:288577

Objects identified:32

Objects ignored:0

New critical objects:32

Share this post


Link to post
Share on other sites

STATUS: FINISHEDComplete scanning result of "isamini.exe", received in VirusTotal at 02.27.2007, 21:41:01 (CET).

 

Antivirus Version Update Result

AntiVir 7.3.1.38 02.27.2007 TR/Dldr.Zlob.bpf.2

Authentium 4.93.8 02.26.2007 no virus found

Avast 4.7.936.0 02.27.2007 Win32:Zlob-VL

AVG 7.5.0.441 02.27.2007 no virus found

BitDefender 7.2 02.27.2007 Trojan.Downloader.Zlob.DV

CAT-QuickHeal 9.00 02.27.2007 TrojanDownloader.Zlob.bpf

ClamAV devel-20060426 02.27.2007 no virus found

DrWeb 4.33 02.27.2007 Trojan.Popuper

eSafe 7.0.14.0 02.27.2007 no virus found

eTrust-Vet 30.4.3438 02.27.2007 no virus found

Ewido 4.0 02.27.2007 Downloader.Zlob.bpf

FileAdvisor 1 02.27.2007 no virus found

Fortinet 2.85.0.0 02.27.2007 Zlobmi!tr

F-Prot 4.3.1.45 02.26.2007 no virus found

F-Secure 6.70.13030.0 02.27.2007 Trojan-Downloader.Win32.Zlob.bpf

Ikarus T3.1.1.3 02.27.2007 Trojan-Downloader.Win32.Zlob.bpf

Kaspersky 4.0.2.24 02.27.2007 Trojan-Downloader.Win32.Zlob.bpf

McAfee 4972 02.27.2007 no virus found

Microsoft 1.2204 02.27.2007 TrojanDownloader:Win32/Zlob.gen

NOD32v2 2083 02.27.2007 Win32/TrojanDownloader.Zlob.ASO

Norman 5.80.02 02.27.2007 W32/Zlob.AFPW

Panda 9.0.0.4 02.27.2007 Adware/VideoActiveXObject

Prevx1 V2 02.27.2007 Malicious

Sophos 4.14.0 02.26.2007 Troj/Zlobmi-Gen

Sunbelt 2.2.907.0 02.24.2007 no virus found

Symantec 10 02.27.2007 no virus found

TheHacker 6.1.6.065 02.26.2007 no virus found

UNA 1.83 02.27.2007 TrojanDownloader.Win32.Zlob.D944

VBA32 3.11.2 02.27.2007 Trojan.Popuper

VirusBuster 4.3.19:9 02.27.2007 no virus found

 

 

Aditional Information

File size: 5632 bytes

MD5: 44fdf6694c5bef8007fd19d5771e1923

SHA1: 07cbe531e1c148808b0c4b23d4b539bbd223a1f2

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=79f979291331

 

 

STATUS: FINISHEDComplete scanning result of "isamntr.exe", received in VirusTotal at 02.27.2007, 21:25:03 (CET).

 

Antivirus Version Update Result

AntiVir 7.3.1.38 02.27.2007 TR/Dldr.Zlob.bpf.4

Authentium 4.93.8 02.26.2007 no virus found

Avast 4.7.936.0 02.27.2007 Win32:Zlob-TZ

AVG 7.5.0.441 02.27.2007 no virus found

BitDefender 7.2 02.27.2007 Trojan.Downloader.Zlob.DV

CAT-QuickHeal 9.00 02.27.2007 TrojanDownloader.Zlob.bpf

ClamAV devel-20060426 02.27.2007 no virus found

DrWeb 4.33 02.27.2007 Trojan.Popuper

eSafe 7.0.14.0 02.27.2007 no virus found

eTrust-Vet 30.4.3438 02.27.2007 no virus found

Ewido 4.0 02.27.2007 Downloader.Zlob.bpf

FileAdvisor 1 02.27.2007 no virus found

Fortinet 2.85.0.0 02.27.2007 Zlobmi!tr

F-Prot 4.3.1.45 02.26.2007 no virus found

F-Secure 6.70.13030.0 02.27.2007 Trojan-Downloader.Win32.Zlob.bpf

Ikarus T3.1.1.3 02.27.2007 MalwareScope.Downloader.Zlob.1

Kaspersky 4.0.2.24 02.27.2007 Trojan-Downloader.Win32.Zlob.bpf

McAfee 4972 02.27.2007 no virus found

Microsoft 1.2204 02.27.2007 TrojanDownloader:Win32/Zlob.gen

NOD32v2 2083 02.27.2007 Win32/TrojanDownloader.Zlob.ASO

Norman 5.80.02 02.27.2007 W32/Zlob.AFPX

Panda 9.0.0.4 02.27.2007 Adware/VideoActiveXObject

Prevx1 V2 02.27.2007 Generic.Zlob!DL

Sophos 4.14.0 02.26.2007 Troj/Zlobmi-Gen

Sunbelt 2.2.907.0 02.24.2007 no virus found

Symantec 10 02.27.2007 Trojan.Zlob.M

TheHacker 6.1.6.065 02.26.2007 no virus found

UNA 1.83 02.27.2007 TrojanDownloader.Win32.Zlob.4434

VBA32 3.11.2 02.26.2007 MalwareScope.Downloader.Zlob.1

VirusBuster 4.3.19:9 02.27.2007 no virus found

 

 

Aditional Information

File size: 31744 bytes

MD5: 68f7f3bb804ca711e2ce0d863bc2a2d8

SHA1: 63ae5941215c21e69841c93a95cb83ff3a563964

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=934479291270

 

 

STATUS: FINISHEDComplete scanning result of "isamntr.exe", received in VirusTotal at 02.27.2007, 21:25:03 (CET).

 

Antivirus Version Update Result

AntiVir 7.3.1.38 02.27.2007 TR/Dldr.Zlob.bpf.4

Authentium 4.93.8 02.26.2007 no virus found

Avast 4.7.936.0 02.27.2007 Win32:Zlob-TZ

AVG 7.5.0.441 02.27.2007 no virus found

BitDefender 7.2 02.27.2007 Trojan.Downloader.Zlob.DV

CAT-QuickHeal 9.00 02.27.2007 TrojanDownloader.Zlob.bpf

ClamAV devel-20060426 02.27.2007 no virus found

DrWeb 4.33 02.27.2007 Trojan.Popuper

eSafe 7.0.14.0 02.27.2007 no virus found

eTrust-Vet 30.4.3438 02.27.2007 no virus found

Ewido 4.0 02.27.2007 Downloader.Zlob.bpf

FileAdvisor 1 02.27.2007 no virus found

Fortinet 2.85.0.0 02.27.2007 Zlobmi!tr

F-Prot 4.3.1.45 02.26.2007 no virus found

F-Secure 6.70.13030.0 02.27.2007 Trojan-Downloader.Win32.Zlob.bpf

Ikarus T3.1.1.3 02.27.2007 MalwareScope.Downloader.Zlob.1

Kaspersky 4.0.2.24 02.27.2007 Trojan-Downloader.Win32.Zlob.bpf

McAfee 4972 02.27.2007 no virus found

Microsoft 1.2204 02.27.2007 TrojanDownloader:Win32/Zlob.gen

NOD32v2 2083 02.27.2007 Win32/TrojanDownloader.Zlob.ASO

Norman 5.80.02 02.27.2007 W32/Zlob.AFPX

Panda 9.0.0.4 02.27.2007 Adware/VideoActiveXObject

Prevx1 V2 02.27.2007 Generic.Zlob!DL

Sophos 4.14.0 02.26.2007 Troj/Zlobmi-Gen

Sunbelt 2.2.907.0 02.24.2007 no virus found

Symantec 10 02.27.2007 Trojan.Zlob.M

TheHacker 6.1.6.065 02.26.2007 no virus found

UNA 1.83 02.27.2007 TrojanDownloader.Win32.Zlob.4434

VBA32 3.11.2 02.26.2007 MalwareScope.Downloader.Zlob.1

VirusBuster 4.3.19:9 02.27.2007 no virus found

 

 

Aditional Information

File size: 31744 bytes

MD5: 68f7f3bb804ca711e2ce0d863bc2a2d8

SHA1: 63ae5941215c21e69841c93a95cb83ff3a563964

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=934479291270

 

 

STATUS: FINISHEDComplete scanning result of "pmmnt.exe", received in VirusTotal at 02.27.2007, 21:25:52 (CET).

 

Antivirus Version Update Result

AntiVir 7.3.1.38 02.27.2007 no virus found

Authentium 4.93.8 02.26.2007 no virus found

Avast 4.7.936.0 02.27.2007 Win32:Zlob-VN

AVG 7.5.0.441 02.27.2007 no virus found

BitDefender 7.2 02.27.2007 Trojan.Downloader.Zlob.CN

CAT-QuickHeal 9.00 02.27.2007 TrojanDownloader.Zlob.bng

ClamAV devel-20060426 02.27.2007 no virus found

DrWeb 4.33 02.27.2007 no virus found

eSafe 7.0.14.0 02.27.2007 no virus found

eTrust-Vet 30.4.3438 02.27.2007 no virus found

Ewido 4.0 02.27.2007 Downloader.Zlob.bcz

FileAdvisor 1 02.27.2007 no virus found

Fortinet 2.85.0.0 02.27.2007 Zlobmi!tr

F-Prot 4.3.1.45 02.26.2007 no virus found

F-Secure 6.70.13030.0 02.27.2007 Trojan-Downloader.Win32.Zlob.bng

Ikarus T3.1.1.3 02.27.2007 Trojan-Downloader.Win32.Zlob.bnw

Kaspersky 4.0.2.24 02.27.2007 Trojan-Downloader.Win32.Zlob.bng

McAfee 4972 02.27.2007 no virus found

Microsoft 1.2204 02.27.2007 TrojanDownloader:Win32/Zlob.gen

NOD32v2 2083 02.27.2007 Win32/TrojanDownloader.Zlob.ASO

Norman 5.80.02 02.27.2007 W32/Zlob.AFPY

Panda 9.0.0.4 02.27.2007 Adware/VideoActiveXObject

Prevx1 V2 02.27.2007 Malicious

Sophos 4.14.0 02.26.2007 Troj/Zlobmi-Gen

Sunbelt 2.2.907.0 02.24.2007 no virus found

Symantec 10 02.27.2007 no virus found

TheHacker 6.1.6.065 02.26.2007 no virus found

UNA 1.83 02.27.2007 no virus found

VBA32 3.11.2 02.26.2007 MalwareScope.Downloader.Zlob.1

VirusBuster 4.3.19:9 02.27.2007 no virus found

 

 

Aditional Information

File size: 9728 bytes

MD5: 76ebe35ed0d299143eb874037e16fc9b

SHA1: fa594a663b91831abcea24fa655173bc1a0c9968

Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=1e3c79291362

Edited by TChick09

Share this post


Link to post
Share on other sites

Hi,TChick09

 

Please run these two tools for me then come back with the logfiles.

 

 

Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press Enter

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

 

Please do not run any other options until you are asked to do so.

 

------------------

 

Please download SUPERAntiSpyware Home Edition (free version)

Install it and double-click the icon on your desktop to run it.

It will ask if you want to update the program definitions, click Yes.

Under Configuration and Preferences, click the Preferences button.

Click the Scanning Control tab.

Under Scanner Options make sure the following are checked:

Close browsers before scanning

Scan for tracking cookies

Terminate memory threats before quarantining.

Please leave the others unchecked.

Click the Close button to leave the control center screen.

On the main screen, under Scan for Harmful Software click Scan your computer.

On the left check C:\Fixed Drive.

On the right, under Complete Scan, choose Perform Complete Scan.

Click Next to start the scan. Please be patient while it scans your computer.

After the scan is complete a summary box will appear. Click OK.

Make sure everything in the white box has a check next to it, then click Next.

It will quarantine what it found and if it asks if you want to reboot, click Yes.

To retrieve the removal information for me please do the following:

After reboot, double-click the SUPERAntispyware icon on your desktop.

Click Preferences. Click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

It will open in your default text editor (such as Notepad/Wordpad).

Please highlight everything in the notepad, then right-click and choose copy.

Click close and close again to exit the program.

Please paste that information here for me with a new HijackThis log.

 

-------------------

 

Then again come back with all logfiles.

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Im am currently running the second thing you asked for now. I have the first log and im just posting this because my computer keeps freezing while sunning the SUperAntispyware scan about 5488 files into it on an Americans Army.fileshack file. Just trying to get this posted incase anything else goes wrong.

 

Also, my Norton Anti-Phishing is screwed up now. Not working.

Edited by TChick09

Share this post


Link to post
Share on other sites

THis is the SMitfaud

 

SmitFraudFix v2.144

 

Scan done at 23:29:56.31, Tue 02/27/2007

Run from C:\Documents and Settings\Travis Chickness\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Travis Chickness

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Travis Chickness\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TRAVIS~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\SpyDawn\ FOUND !

C:\Program Files\Video Access ActiveX Object\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

The other one i cannot get because it freezes up my entire computer on "AmericasArmy_Fileshack.exe"

 

I have tried running it 3 times and still same thing.

Share this post


Link to post
Share on other sites

Hi,TChick09

 

 

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

 

Reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.

 

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

 

When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

 

Please post the newrapport.txt log along with a new HijackThis Log in your next reply.

 

 

Gogo :angry:

Share this post


Link to post
Share on other sites

Heres that super antispyware log. i was able to get it after removing the setup for americas army file.

 

SUPERAntiSpyware Scan Log

Generated 02/28/2007 at 10:29 AM

 

Application Version : 3.5.1016

 

Core Rules Database Version : 3165

Trace Rules Database Version: 1176

 

Scan type : Complete Scan

Total Scan Time : 09:30:00

 

Memory items scanned : 565

Memory threats detected : 1

Registry items scanned : 6431

Registry threats detected : 8

File items scanned : 146824

File threats detected : 70

 

Trojan.Media-Codec

C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\ISAMINI.EXE

C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\ISAMINI.EXE

HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}

HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\InprocServer32

HKCR\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\InprocServer32#ThreadingModel

HKU\S-1-5-21-3932219771-116683974-1773990845-1006\Software\Internet Security

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#UninstallString

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}

C:\WINDOWS\Prefetch\ISAMINI.EXE-27A63A60.pf

 

Adware.Tracking Cookie

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][4].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][3].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][4].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][3].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][2].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\Documents and Settings\Travis Chickness\Cookies\travis [email protected][1].txt

C:\WINDOWS\Temp\Cookies\travis [email protected][1].txt

 

Trojan.Security Toolbar

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url

C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

 

Adware.MyWay

C:\Program Files\MyWay\myBar\History\search

C:\Program Files\MyWay\myBar\History

C:\Program Files\MyWay\myBar

C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT

C:\Program Files\MyWay\SrchAstt\1.bin

C:\Program Files\MyWay\SrchAstt\Cache\00049BA0

C:\Program Files\MyWay\SrchAstt\Cache\0004A0EF

C:\Program Files\MyWay\SrchAstt\Cache

C:\Program Files\MyWay\SrchAstt

C:\Program Files\MyWay

 

Trojan.Unknown Origin

C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\OT.ICO

C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\TS.ICO

 

Unclassified.Unknown Origin

C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0076127.EXE

 

Adware.180solutions/ZangoSearch

C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP340\A0079789.EXE

 

Trojan Downloader-SystemAlert.Process

C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0087418.DLL

 

 

Heres the other Hijack this logfile you wanted b4 posting the latest instructions.

 

Logfile of HijackThis v1.99.1

Scan saved at 12:17:35 PM, on 2/28/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Video Access ActiveX Object\isamntr.exe

C:\Program Files\Video Access ActiveX Object\pmsnrr.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\pmmnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Video Access ActiveX Object\isamini.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video Access ActiveX Object\isadd.dll

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DellMIS90dSetup] D:\setup.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\Quickset.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [sUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab

O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://wpn.mlxchange.com/Control/MultiSelectComboBox.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160369139593

O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://wpn.mlxchange.com/Control/MLXClientUtils.cab

O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/Control/IRCSharc.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\SYSTEM32\HIGEHSG.DLL (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

 

I will now continue with your lastest instructions tonight after my classes. Thanks in advance

Share this post


Link to post
Share on other sites

SmitFraudFix v2.144

 

Scan done at 17:45:32.53, Wed 02/28/2007

Run from C:\Documents and Settings\Travis Chickness\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

127.255.255.255 serial.alcohol-soft.com

127.255.255.255 www.alcohol-soft.com

127.255.255.255 images.alcohol-soft.com

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 6:09:44 PM, on 2/28/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O1 - Hosts: 127.255.255.255 www.alcohol-soft.com

O1 - Hosts: 127.255.255.255 images.alcohol-soft.com

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DellMIS90dSetup] D:\setup.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\Quickset.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [sUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab

O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://wpn.mlxchange.com/Control/MultiSelectComboBox.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160369139593

O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://wpn.mlxchange.com/Control/MLXClientUtils.cab

O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://wpn.mlxchange.com/Control/IRCSharc.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Share this post


Link to post
Share on other sites

Hi,TChick09

 

Nice work now may I have some feedback from you is the PC doing any better now

if no what is going on. need this info so we may move on to the last steps here.

 

 

Gogo :)

Share this post


Link to post
Share on other sites

Honestly man. I dont know what the heck you made me do but it got ride of the main problem, the malware and all. I cant believe it.

 

Im having two problems now. 1) I have Norton INternet Security 2007 and the Anti-Phishing is nto working. I tried their steps to complete it(whichi ill do again after i post this now that this problem is resolved), and a program i use call "Teamspeak RC2" is still very very choppy. Teamspeak is a program used to talk to people while in a game and it freezes up during the audio part. Like if you were having a phone conversation and it were to just freeze and repeat the same sylabol over and over until i shut the program off. I dont know what is causing this though.

 

EDIT: My norton has been fixed, i guess the spyware or whatever was blocking or currupting it. Now its good though. But my Teamspeak is still screwed up.

Edited by TChick09

Share this post


Link to post
Share on other sites

Hey,TChick09

 

Glad we could be of some help to you but first let's do my last steps here

then we can jump all over the other problme.

 

------------------

 

You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6). Please update and remove the older versions. Do the following:

Go to Start | Control Panel | Add/Remove Programs

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have this icon next to it: javaicon.gif

Select it and click Remove.

Then download and install the newest version from here (scroll down to find it):

Java Runtime Environment (JRE) 6

 

Do a reboot

 

------------------

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

 

Next, let's clean your restore points and set a new one

 

 

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

 

1. Turn off System Restore.

* On the Desktop, right-click My Computer.

* Click Properties.

* Click the System Restore tab.

* CHECK Turn off System Restore.

* Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.

* On the Desktop, right-click My Computer.

* Click Properties.

* Click the System Restore tab.

* UN-Check Turn off System Restore.

* Click Apply, and then click OK.

 

System Restore will now be active again.

 

 

Then create a new restore point once you have System Restore back on.

To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.

When the System Restore Utility opens, click "Create a Restore Point" then click Next.

Enter a name for this Restore Point, and click Create.

 

----------------

 

Clean out your Temporary Internet files.

Internet Explorer

Close Internet Explorer and close any instances of Windows Explorer.

Click Start -> Control Panel and then double-click Internet Options.

On the General tab, click Delete Files under Temporary Internet Files.

In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.

On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.

Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.

Click OK.

 

-----------------

 

Firefox (In case you also have Firefox installed)

Open Firefox and go to Tools -> Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to close the Options window.

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

-----------------

 

Make your Internet Explorer more secure - This can be done by following these simple instructions:

1. From within Internet Explorer click on the Tools menu and then click on Options.

2. Click once on the Security tab

3. Click once on the Internet icon so it becomes highlighted.

4. Click once on the Custom Level button.

a. Change the Download signed ActiveX controls to Prompt

b. Change the Download unsigned ActiveX controls to Disable

c . Change the Initialize and script ActiveX controls not marked as safe to Disable

d. Change the Installation of desktop items to Prompt

e. Change the Launching programs and files in an IFRAME to Prompt

f. Change the Navigate sub-frames across different domains to Prompt

g. When all these settings have been made, click on the OK button.

h. If it prompts you as to whether or not you want to save the settings, press the Yes button.

5. Next press the Apply button and then the OK to exit the Internet Properties page.

 

And please have a look at the great info by Mr,TK

So how did I get infected in the first place

 

 

Gogo :)

Share this post


Link to post
Share on other sites

Hey,TChick09

 

Great work now if not having anymore problmes I will close this Topic.

 

Since this issue appears resolved ... this topic is closed.

 

If you need this topic reopened, please request this by sending the moderating team

a PM with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a new topic.

 

 

Gogo :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this