Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 11. April 2008., 07:58:11 »

Ok Mark,

You're PC is infected with Trojan.

Please follow next instructions:

1. Turn of System Restore

Quote
Steps to turn off System Restore
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.

2. Uninstal your Symantec AntiVirus (go to Control Panel -> Ad/Remove programs ...)

3. Download & Install Kaspersky Anti-Virus: http://scforum.info/scf_shop/scshop.html
(just click on Buy button and there if you don't want to buy just choose to download FREE Trial Version)

4. Run your Spybot Search & Destroy AntiSpyWare

5. Update the virus definitions (for both, Kaspersky & Spybot)
 
6. Run a full system scan and delete all the files detected (for both).

7. After that, please run another Online AV Scan, this time we choose McAfee ( http://scforum.info/index.php/topic,734.0.html ) and provide us information did he after all find some infections?

8. Provide us also new HJT log

Regards,

Samker
Posted by: MarkRules
« on: 10. April 2008., 23:22:04 »

Finally, the kaspersky report is FINISHED.


   KASPERSKY ONLINE SCANNER REPORT
Thursday, April 10, 2008 3:16:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/04/2008
Kaspersky Anti-Virus database records: 695891
Scan Settings
Scan using the following antivirus database    extended
Scan Archives    true
Scan Mail Bases    true
Scan Target    My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects    145850
Number of viruses found    19
Number of infected objects    32

Number of suspicious objects    0
Duration of the scan process    05:59:02

Infected Object Name    Virus Name    Last Action
C:\9cf2f23379905fb4365fcb7ba8\admparse.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\admparse.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\advpack.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\advpack.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\browseui.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\corpol.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\custsat.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\dxtmsft.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\dxtrans.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\extmgr.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\extmgr.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\feeddisc.wav    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\hmmapi.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\hmmapi.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\html.iec    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\html.iec.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\icardie.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\icardie.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\icrav03.rat    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ie4uinit.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ie4uinit.exe.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieakeng.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieakeng.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieakmmc.chm    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieaksie.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieaksie.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieakui.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieakui.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieapfltr.dat    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieapfltr.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iedkcs32.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iedkcs32.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iedw.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iedw.exe.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieencode.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieeula.chm    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieframe.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieframe.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iepeers.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iepeers.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieproxy.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iernonce.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iernonce.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iertutil.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iesetup.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iesetup.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iesupp.chm    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieudinit.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieui.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieui.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieuinit.inf    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ieunatt.exe.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iexplore.chm    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iexplore.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\iexplore.exe.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\imgutil.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\inetcorp.iem    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\inetcpl.cpl    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\inetcpl.cpl.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\inetres.adm    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\inetset.iem    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\infobar.wav    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\inseng.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\inseng.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\install.ins    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\jscript.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\jsproxy.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\licmgr10.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\licmgr10.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msfeeds.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msfeeds.mof    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msfeedsbs.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msfeedsbs.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msfeedsbs.mof    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msfeedssync.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshta.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshta.exe.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshtml.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshtml.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshtml.tlb    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshtmled.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshtmled.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshtmler.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mshtmler.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msls31.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msrating.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\msrating.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\mstime.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\navstart.wav    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\occache.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\occache.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\occache.ini    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\pngfilt.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\popupblk.wav    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\shdocvw.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\shlwapi.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\spmsg.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\spuninst.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\spupdsvc.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\tdc.ocx    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\ticrf.rat    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\eula.rtf    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\idndl.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\ie7.cat    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\iecustom.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\iereseticons.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\iesetup.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\legitlibm.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\nlsdl.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\update.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\update.exe.manifest    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\update.inf    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\update.ver    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\updspapi.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\update\xmllitesetup.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\url.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\urlmon.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\urlmon.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\vbscript.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\vgx.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\webcheck.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\webcheck.dll.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\webcheck.ini    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\winfxdocobj.exe    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\winfxdocobj.exe.mui    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\wininet.dll    Object is locked    skipped
C:\9cf2f23379905fb4365fcb7ba8\wininet.dll.mui    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0000.VBN    Infected: Trojan-Downloader.Win32.Adload.fu    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0002.VBN    Infected: Trojan.Win32.Obfuscated.ev    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0004.VBN    Infected: not-a-virus:AdWare.Win32.Virtumonde.fv    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0006.VBN/data0002    Infected: Trojan.Win32.VB.tg    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0006.VBN/data0005    Infected: Trojan.Win32.VB.tg    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0006.VBN/data0006    Infected: Trojan.Win32.VB.tg    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0006.VBN    NSIS: infected - 3    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0006.VBN    CryptZ: infected - 3    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0008.VBN    Infected: Constructor.Perl.Msdds.b    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C000A.VBN    Infected: Trojan-Downloader.Win32.Tibs.ir    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C000C.VBN    Infected: Trojan-Downloader.Win32.Ani.c    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C000E.VBN    Infected: Trojan-Downloader.Win32.Agent.acd    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0010.VBN    Infected: Trojan-Downloader.Win32.Small.cyh    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0012.VBN    Infected: Trojan-Downloader.Win32.Small.cyh    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0014.VBN    Infected: Trojan-Downloader.Win32.Small.cyh    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0016.VBN    Infected: not-a-virus:AdWare.Win32.BookedSpace.h    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0018.VBN    Infected: not-a-virus:AdWare.Win32.BookedSpace.h    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C001A.VBN    Infected: Trojan-Clicker.Win32.VB.qd    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C001E.VBN/data0002    Infected: Trojan.Win32.VB.tg    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C001E.VBN/data0005    Infected: Trojan.Win32.VB.tg    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C001E.VBN/data0006    Infected: Trojan.Win32.VB.tg    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C001E.VBN    NSIS: infected - 3    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C001E.VBN    CryptZ: infected - 3    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0020.VBN    Infected: Trojan-Downloader.Win32.Zlob.avo    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0022.VBN    Infected: not-a-virus:AdWare.Win32.Virtumonde.de    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0024.VBN    Infected: Trojan.Win32.Obfuscated.ev    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0026.VBN    Infected: Trojan-Downloader.Win32.Small.dxm    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C0028.VBN    Infected: Trojan-Dropper.Win32.Agent.axo    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C002A.VBN    Infected: Trojan-Proxy.Win32.Xorpix.ar    skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D9C002C.VBN    Infected: Trojan-Dropper.Win32.Agent.mu    skipped

C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Tech\Application Data\Autodesk\WebServices\ws_CommCntr_20080408_0.log    Object is locked    skipped
C:\Documents and Settings\Tech\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Application Data\Mozilla\Firefox\Profiles\wb9g8ra9.default\Cache\_CACHE_001_    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Application Data\Mozilla\Firefox\Profiles\wb9g8ra9.default\Cache\_CACHE_002_    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Application Data\Mozilla\Firefox\Profiles\wb9g8ra9.default\Cache\_CACHE_003_    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Application Data\Mozilla\Firefox\Profiles\wb9g8ra9.default\Cache\_CACHE_MAP_    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Temp\IMG16FE.tmp    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Temp\Perflib_Perfdata_b58.dat    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Temp\~DF276E.tmp    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Temp\~DFAB5.tmp    Object is locked    skipped
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Tech\ntuser.dat    Object is locked    skipped
C:\Documents and Settings\Tech\NTUSER.DAT.LOG    Object is locked    skipped
C:\itouch_crash_info.txt    Object is locked    skipped
C:\PRIVATE\NOACCESS\TECH ONLY\Old Drive\My Documents\ѕystem32\сhkdsk.exe    Infected: not-a-virus:AdWare.Win32.PurityScan.ex    skipped
C:\Program Files\Circle Developement\Uninstall.exe    Infected: Trojan-Dropper.Win32.Agent.lxl    skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\chandir.dat    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\chandir.idx    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\chn.dat    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\chn.idx    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\D0000000.FCS    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\inuse.txt    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\L0000016.FCS    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\main.log    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs.dat    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs.idx    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs_die.dat    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs_die.idx    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs_dnd.dat    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs_dnd.idx    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs_ext.dat    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs_ext.idx    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs_rcv.dat    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\prs_rcv.idx    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\storydb.dat    Object is locked    skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tech\Data\storydb.idx    Object is locked    skipped
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
C:\System Volume Information\_restore{5D9D1D0A-DDD5-410B-99D8-C9A604B91C56}\RP564\change.log    Object is locked    skipped
C:\WINDOWS\Debug\PASSWD.LOG    Object is locked    skipped
C:\WINDOWS\SchedLgU.Txt    Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log    Object is locked    skipped
C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\edb.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb    Object is locked    skipped
C:\WINDOWS\system32\config\ACEEvent.evt    Object is locked    skipped
C:\WINDOWS\system32\config\AppEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\default    Object is locked    skipped
C:\WINDOWS\system32\config\default.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\Internet.evt    Object is locked    skipped
C:\WINDOWS\system32\config\SAM    Object is locked    skipped
C:\WINDOWS\system32\config\SAM.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SecEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\software    Object is locked    skipped
C:\WINDOWS\system32\config\software.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SysEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\system    Object is locked    skipped
C:\WINDOWS\system32\config\system.LOG    Object is locked    skipped
C:\WINDOWS\system32\h323log.txt    Object is locked    skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP    Object is locked    skipped
C:\WINDOWS\wiadebug.log    Object is locked    skipped
C:\WINDOWS\wiaservc.log    Object is locked    skipped
C:\WINDOWS\WindowsUpdate.log    Object is locked    skipped
Scan process completed.
Posted by: Samker
« on: 10. April 2008., 06:18:32 »

Hi Mark (again).

Don't worry we will resolve this, SCF Team will analyze your HJT log in the next few hours. Until that please provide us also a Kaspersky Online Scan log: http://scforum.info/index.php/topic,734.0.html

cya later my friend,

Samker


P.S.

I also want to wish welcome to Gerald309BCPCNet. :bih:

Posted by: MarkRules
« on: 10. April 2008., 04:39:36 »

Oh and just to save ya'll the trouble, here is my HJT log with everything closed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:18 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\G-VGA.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech Wireless\MouseWare\system\em_exec.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech Wireless\iTouch\iTouch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DfrgNTFS.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tech\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\system32\G-VGA.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech Wireless\iTouch\iTouch.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Steam] "C:\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [GLUE FIVE] C:\DOCUME~1\Tech\APPLIC~1\16surf\webmailprogram.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://gamespace.110mb.com
O15 - Trusted Zone: http://*.bravehost.com
O15 - Trusted Zone: http://*.bravenet.com
O15 - Trusted Zone: http://boards.ign.com
O15 - Trusted Zone: www.verizon.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127754613021
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12824 bytes


PS: I have bolded 1 thing that i find suspicious.
PSS: WTF? "C:\Documents and Settings\All Users\Application Data\mapi nurb bat remote"
it contains "DVD Ping.exe" Last modified? Today, 5:02pm. Earlier? 4/4/08, 11:44am. I am definatley infected. HELP ME!
Posted by: MarkRules
« on: 10. April 2008., 04:35:52 »

I know what adware is, but i cannot seem to find the adware itself. Rogue Remover cant find it - Yahoo Online Protection cant find it - Hijack This cant find it - CCleaner cant find it - NOTHING CAN!

Yet i continue to get CiD popups. I also noticed a serious lag in computer speed lately. And there is always "iexplore.exe" running, no matter what i do. It's like this adware is making IE run no matter what. i found something called "nurbi bat movi.." bla bla bla something in my APP data. and there was a 16surf folder aswell! I made HJT fix it but i still get popups. What is concering me is that they were all made 4/4/08 @ 11:44am. That is when my mom was on. I hate this bull****!
Posted by: Gerald309BCPCNet
« on: 10. April 2008., 03:05:35 »

hi... it has been my experience that continual unexpected pop ups while browsing may be generated by adware installed on the system. Generally, as well, if pop up blockers seem to not be working - it is possible the adware threat is circumventing these. Adware is a spyware catagory threat and perhaps a lowest level threat - though it is broadcasting personal surfing habits, actions.

Adware Defintion:
http://en.wikipedia.org/wiki/Adware

To block these unwanted installations and detect others for quarantine (unsure) and removal (sure) I recommend the following for immediate removal (linjks below). You may consider quality security software (firewall, antivirus, antispyware) shareware (paid) that activates real time protection (heuristics) as the solution for spyware catagory threats. Note that viruses and worms are in the antivirus catagory threats blocked/removed.

Microsoft AntiSpyware is now Windows Defender
[working-freeware from Microsoft]
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, and a new streamlined interface that minimizes interruptions and helps you stay productive.

AVG Anti-Spyware Free Edition
http://free.grisoft.com/doc/20/us/frt/0
http://www.grisoft.com/

webmaster bluecollarpc.net (non-commercial)
Posted by: MarkRules
« on: 09. April 2008., 21:09:22 »

A few days ago, my mom wanted to use my computer because hers was acting slow. So i said if you need to use the internet, use firefox. She says that Firefox is unreliable and says that IE is much faster. So what happens? I start getting CiD popups and this started happening AFTER MY MOM USED INTERNET EXPLORER. This very stupid if you ask me. Can i get some help?
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising