Congratulations to AcaCandy on her 100,000th post!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
acer black screen blue screen boot bsod computer connection crash css dell driver drivers email error ethernet excel firefox firefox 3 freeze game hard drive internet internet explorer itunes laptop linux malware monitor network networking nvidia outlook outlook 2003 outlook 2007 outlook express partition password problem router slow software sound trojan usb video virus vista windows windows xp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
love.exe help


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Closed Thread
Page 2 of 5 < 1 2 345 >
 
Thread Tools
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
15-May-2008, 11:04 PM #16
ok i've used the recovery console and it made other users in the processi guess you could say...so there are A LOT of locked items that were skipped so i'm just going to post the ones that it said was infected
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
15-May-2008, 11:15 PM #17
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Uniblue\SpyEraser\Quarantine\Malware (General Components)_10_05_2008_16_54_33.asq29358 Infected: Trojan-PSW.Win32.VB.or skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\Folders etc\NEW STUFF\Radmin_31.rar/Radmin31/rserv31.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.n skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\Folders etc\NEW STUFF\Radmin_31.rar/Radmin31/rview31.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.n skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\Folders etc\NEW STUFF\Radmin_31.rar RAR: infected - 2 skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ophcrack livecd 1.0.iso/ophcrack-win32-installer-2.2.exe/file36 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ophcrack livecd 1.0.iso/ophcrack-win32-installer-2.2.exe/file37 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ophcrack livecd 1.0.iso/ophcrack-win32-installer-2.2.exe/file55 Infected: not-a-virus:PSWTool.Win32.PWDump.4 skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ophcrack livecd 1.0.iso/ophcrack-win32-installer-2.2.exe/file56 Infected: not-a-virus:PSWTool.Win32.PWDump.4 skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ophcrack livecd 1.0.iso/ophcrack-win32-installer-2.2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.4 skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ophcrack livecd 1.0.iso ISOimage: infected - 5 skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Local Settings\Application Data\Downloaded Installations\{DA0CEEE4-E986-4AA0-BDB4-1AD53E77A054}\rserv31.msi/Data1.cab/rserver3.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.n skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Local Settings\Application Data\Downloaded Installations\{DA0CEEE4-E986-4AA0-BDB4-1AD53E77A054}\rserv31.msi/Data1.cab Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.n skipped
C:\Documents and Settings\Stephen Matthews.STEPHEN\Local Settings\Application Data\Downloaded Installations\{DA0CEEE4-E986-4AA0-BDB4-1AD53E77A054}\rserv31.msi Embedded: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\love.exe.vir Infected: Trojan-PSW.Win32.VB.or skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP2\A0000087.exe Infected: Trojan-PSW.Win32.VB.or skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP2\A0000090.exe Infected: Trojan-PSW.Win32.VB.or skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP2\A0000159.exe Infected: Trojan-PSW.Win32.VB.or skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP3\A0000175.exe Infected: Trojan-PSW.Win32.VB.or skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP4\A0000334.exe Infected: Trojan-PSW.Win32.VB.or skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP4\A0000335.exe Infected: Trojan-PSW.Win32.VB.or skipped
C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP6\A0000381.exe Infected: Trojan-PSW.Win32.VB.or skipped
C:\WINDOWS\system32\config\sysrestore.exe Infected: Trojan-PSW.Win32.VB.or skipped
C:\WINDOWS\system32\dllcache\wiknpc.exe Infected: Trojan-PSW.Win32.VB.or skipped
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
15-May-2008, 11:19 PM #18
everything that has rserv31 in it is my radmin server that i distribute to fix computers...and everything that has ophcrack in it is a password cracking iso file that i use to gain access to computers with of course lost passwords as for everything else..idk what it is
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
15-May-2008, 11:23 PM #19
Super Anti Spyware Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2008 at 05:05 PM

Application Version : 4.0.1154

Core Rules Database Version : 3460
Trace Rules Database Version: 1451

Scan type : Complete Scan
Total Scan Time : 01:00:37

Memory items scanned : 420
Memory threats detected : 0
Registry items scanned : 5445
Registry threats detected : 1
File items scanned : 22933
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Stephen Matthews.STEPHEN\Cookies\stephen_matthews@media6degrees[1].txt
C:\Documents and Settings\Stephen Matthews.STEPHEN\Cookies\stephen_matthews@adopt.euroclick[2].txt
C:\Documents and Settings\Stephen Matthews.STEPHEN\Cookies\stephen_matthews@ads.revsci[1].txt
C:\Documents and Settings\Stephen Matthews.STEPHEN\Cookies\stephen_matthews@ads.techguy[2].txt
C:\Documents and Settings\Stephen Matthews.STEPHEN\Cookies\stephen_matthews@server.cpmstar[2].txt

Registry Cleaner Trial
HKU\S-1-5-21-1691938981-1926685983-1786476240-1006\Software\SoftwareOnline.com
Cookiegal's Avatar
Administrator with 54,773 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
16-May-2008, 09:16 AM #20
Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\system32\config\sysrestore.exe
C:\WINDOWS\system32\dllcache\wiknpc.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
16-May-2008, 06:16 PM #21
ComboFix 08-05-11.1 - Stephen Matthews 2008-05-16 14:58:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.139 [GMT -7:00]
Running from: C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\config\sysrestore.exe
C:\WINDOWS\system32\dllcache\wiknpc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\config\sysrestore.exe
C:\WINDOWS\system32\dllcache\wiknpc.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-15 14:28 . 2008-05-15 14:28 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-05-12 20:46 . 2004-03-09 00:00 224,016 --a--c--- C:\WINDOWS\system32\TabCtl32.ocx
2008-05-12 20:46 . 2004-03-09 00:00 132,880 --a--c--- C:\WINDOWS\system32\msinet.ocx
2008-05-12 16:45 . 2007-09-18 15:24 676,224 --a--c--- C:\WINDOWS\system32\OGACheckControl.dll
2008-05-10 20:42 . 2008-05-10 20:42 <DIR> d----c--- C:\Program Files\Trend Micro
2008-05-07 20:52 . 2008-05-07 20:52 <DIR> d----c--- C:\Program Files\Radmin Viewer 3
2008-05-07 18:32 . 2008-05-07 18:32 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Radmin
2008-05-07 16:57 . 2008-05-10 19:27 <DIR> d----c--- C:\WINDOWS\system32\rserver30
2008-05-06 17:58 . 2008-05-06 17:58 <DIR> d----c--- C:\WINDOWS\Migo Recover Lost Data
2008-05-06 14:20 . 2008-05-06 14:20 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Aurora Web Editor
2008-05-06 10:49 . 2008-05-06 16:05 <DIR> d----c--- C:\Program Files\Multimedia Australia
2008-05-03 21:44 . 2008-05-15 14:27 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-05-03 21:44 . 2008-05-14 16:03 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\SUPERAntiSpyware.com
2008-05-03 12:56 . 2008-05-03 12:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-01 21:44 . 2008-05-01 21:44 <DIR> d----c--- C:\Setup
2008-05-01 20:56 . 2008-05-01 20:56 <DIR> d--hsc--- C:\INCINERATE
2008-04-29 14:42 . 2008-04-29 14:42 <DIR> d----c--- C:\Program Files\Speed Gear 5
2008-04-27 20:07 . 2008-04-27 20:40 <DIR> d----c--- C:\Program Files\Norton Internet Security
2008-04-27 20:06 . 2008-04-27 20:35 123,952 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-27 20:06 . 2008-04-27 20:35 60,800 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-27 20:05 . 2008-04-27 20:35 <DIR> d----c--- C:\Program Files\Symantec
2008-04-27 19:15 . 2008-04-27 19:17 <DIR> d----c--- C:\WINDOWS\system32\Adobe
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_2_D1.prf
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_1_D1.prf
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\AM_D0.PRF
2008-04-26 07:45 . 2008-04-26 07:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-04-26 07:45 . 2007-05-03 10:27 47,360 -ra--c--- C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 46,592 -ra--c--- C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:28 39,552 -ra--c--- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 37,248 -ra--c--- C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 32,000 -ra--c--- C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2008-04-25 21:06 . 2008-04-25 21:06 <DIR> d----c--- C:\Program Files\Google Hacks
2008-04-25 15:12 . 2007-12-24 17:37 138,384 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-24 21:00 . 2008-04-24 21:00 <DIR> d----c--- C:\Documents and Settings\Administrator.STEPHEN\Application Data\Lavasoft
2008-04-23 18:56 . 2008-04-23 18:56 <DIR> d----c--- C:\Program Files\LimeWire
2008-04-23 17:06 . 2008-05-15 15:08 71 --a--c--- C:\WINDOWS\SpotAuditor.INI
2008-04-22 15:01 . 2008-04-22 15:01 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools Pro
2008-04-22 14:56 . 2007-02-22 09:05 90,112 --a--c--- C:\Progr_.dll
2008-04-22 14:38 . 2008-04-22 14:38 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools
2008-04-22 14:38 . 2008-04-22 14:38 717,296 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2008-04-22 04:59 . 2008-04-22 04:59 1,409 --a--c--- C:\WINDOWS\system32\tmp621EE.FOT
2008-04-22 04:59 . 2008-04-22 04:59 24 --a--c--- C:\WINDOWS\AM_D8.PRF
2008-04-22 04:55 . 2008-04-26 11:26 <DIR> d----c--- C:\Program Files\Graffiti Studio 2.0
2008-04-21 20:17 . 2008-04-21 20:17 16 --a--c--- C:\WINDOWS\system32\coh.cache
2008-04-20 20:25 . 2008-04-20 20:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-20 20:13 . 2008-04-21 21:25 <DIR> d----c--- C:\Program Files\Wireless WEP Key Password Spy
2008-04-18 19:01 . 2008-05-11 22:35 <DIR> d----c--- C:\Program Files\Speeditup Free
2008-04-17 04:49 . 2007-12-19 11:06 172,032 --a--c--- C:\WINDOWS\system32\igfxres.dll
2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\WINDOWS\OPTIONS
2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\Program Files\Realtek
2008-04-17 04:43 . 2008-01-31 21:45 53,248 --a--c--- C:\WINDOWS\system32\CSVer.dll
2008-04-17 04:40 . 2008-04-17 04:40 <DIR> d----c--- C:\WINDOWS\system32\ENU
2008-04-17 04:40 . 2007-10-18 15:51 126,976 --a--c--- C:\WINDOWS\system32\Imsmudlg.exe
2008-04-16 22:59 . 2004-06-14 14:56 427,864 --a--c--- C:\WINDOWS\system32\XceedZip.dll
2008-04-16 22:38 . 2008-04-16 22:46 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{36D03E21-363A-4CBC-9E13-A90BDCFAFB04}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 21:04 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 05:00 675,328 -c--a-w C:\WINDOWS\is-L7F12.exe
2008-05-16 04:45 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-05-14 23:02 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 10:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 03:43 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 03:30 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
2008-05-13 03:30 249,856 -c----w C:\WINDOWS\Setup1.exe
2008-05-12 04:02 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\LimeWire
2008-05-11 02:30 --------- dc----w C:\Program Files\Thinstall.VS
2008-05-09 00:26 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\U3
2008-05-08 02:35 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Thinstall
2008-05-07 22:51 --------- dc----w C:\Program Files\FriendBlasterPro
2008-05-06 00:58 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-05-03 21:01 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Registry Help Pro
2008-05-03 20:47 --------- dc----w C:\Program Files\TuneUp Utilities 2008
2008-05-03 20:46 307,968 -c--a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-02 16:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo
2008-04-30 16:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\iolo
2008-04-30 16:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-30 00:14 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-28 03:39 6,596 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-28 03:39 58,912 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-28 03:35 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-28 03:35 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-26 13:54 --------- dc----w C:\Program Files\RegCure
2008-04-24 01:52 --------- dc----w C:\Program Files\Microsoft Money 2006
2008-04-20 20:10 --------- dc----w C:\Program Files\KGB Archiver 2
2008-04-19 16:21 --------- dc----w C:\Program Files\XoftSpySE
2008-04-17 22:24 --------- dc----w C:\Program Files\Hewlett-Packard
2008-04-17 11:40 --------- dc----w C:\Program Files\Intel
2008-04-14 21:52 --------- dc----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-12 04:47 --------- dc----w C:\Program Files\Hitman Pro
2008-04-11 06:55 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 03:57 164 -c--a-w C:\install.dat
2008-04-08 03:42 32,300 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 03:42 2,331,424 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-07 23:46 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-04-07 21:00 --------- dc----w C:\Program Files\Kaspersky Lab
2008-04-07 05:50 --------- dc----w C:\Program Files\Yahoo!
2008-04-07 02:07 --------- dc----w C:\Program Files\Avant Browser
2008-04-04 03:30 31,938 -c--a-w C:\WINDOWS\system32\tcpipbak.reg
2008-04-03 21:11 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\URSoft
2008-04-03 05:32 --------- dc----w C:\Program Files\Lavasoft
2008-04-03 01:49 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Auslogics
2008-04-03 01:20 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\IconTweaker
2008-04-02 00:22 --------- dc----w C:\Program Files\Dachshund Software
2008-04-01 23:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Lavasoft
2008-04-01 23:31 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\AdobeUM
2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Sonic
2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Leadertech
2008-04-01 02:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\JP Software
2008-03-30 23:11 --------- dc----w C:\Program Files\CBS Software
2008-03-30 05:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\acccore
2008-03-30 02:59 --------- dc----w C:\Program Files\AIM6
2008-03-30 02:57 --------- dc----w C:\Program Files\Common Files\AOL
2008-03-29 21:50 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\InstallShield
2008-03-27 08:12 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 11:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\PC Tools
2008-03-21 11:48 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\BinarySense
2008-03-21 11:36 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\tor
2008-03-21 11:19 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Mask Surf Standard
2008-03-20 18:36 --------- dc----w C:\Documents and Settings\Administrator.STEPHEN\Application Data\Uniblue
2008-03-20 18:06 --------- dc----w C:\Program Files\Uniblue
2008-03-20 17:47 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Uniblue
2008-03-20 09:13 --------- dc----w C:\Program Files\Java
2008-03-19 16:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DMCache
2008-03-19 09:47 1,845,248 -c--a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 20:15 28,416 -c--a-w C:\WINDOWS\system32\uxtuneup.dll
2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_12.46.12.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21 554,008 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2008-05-11 03:32:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 05:17:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-30 15:00:41 217,864 -c--a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 02:16:17 217,864 -c--a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-04-30 15:01:50 20,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 10:01:31 20,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-30 15:01:50 184,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-14 10:01:31 184,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-30 15:01:50 217,864 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 10:01:31 217,864 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-30 15:01:50 18,704 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 10:01:31 18,704 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-30 15:01:51 35,088 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-14 10:01:31 35,088 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-30 15:01:50 922,384 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-14 10:01:31 922,384 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-30 15:01:51 888,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-14 10:01:31 888,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-30 15:01:50 1,172,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-14 10:01:31 1,172,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-14 23:03:23 18,944 -c--a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2008-01-14 01:44:02 65,024 -c--a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-14 23:03:23 65,024 -c--a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 -c----w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2008-04-30 16:44:49 282,928 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-14 11:43:34 282,928 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-05-02 23:11:12 70,936 -c--a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
+ 2008-05-16 02:12:24 70,936 -c--a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
+ 2005-05-24 19:27:16 213,048 -c--a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 -c--a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 -c--a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-04-06 05:56:22 19,836,024 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 -c--a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 21:00:00 512,029 -c--a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 21:00:00 319,517 -c--a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 21:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 21:00:00 358,976 -c--a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 21:00:00 53,279 -c--a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 21:00:00 241,693 -c--a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 21:00:00 213,023 -c--a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 21:00:00 348,189 -c--a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 21:00:00 421,919 -c--a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 21:00:00 315,423 -c--a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 21:00:00 552,989 -c--a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 21:00:00 258,077 -c--a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 21:00:00 831,519 -c--a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 21:00:00 614,429 -c--a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 21:00:00 348,189 -c--a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\msxbde40.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 15:21 135168]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"SQ931STI"="C:\WINDOWS\SQ931STI.EXE" [2007-01-24 14:24 151552]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 22:22 794713]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 11:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 11:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 11:07 131072]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen Matthews.STEPHEN^Start Menu^Programs^StartUp^HDDlife.lnk]
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2008-04-24 08:49]
R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service []
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 06:01]
S3 SQ931;USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\Capt931a.sys [2007-03-27 17:44]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 13:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 15:49:47 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Stephen Matthews.job"
- C:\PROGRA~1\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-04-24 20:17:03 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 15:01:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-16 15:03:41
ComboFix-quarantined-files.txt 2008-05-16 22:03:27
ComboFix2.txt 2008-05-14 03:53:50
ComboFix3.txt 2008-05-11 19:46:33

Pre-Run: 32,205,676,544 bytes free
Post-Run: 32,393,801,728 bytes free

343 --- E O F --- 2008-05-16 02:27:42
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
16-May-2008, 06:16 PM #22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:20 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SQ931STI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avp - GRISOFT, s.r.o. - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9911 bytes
Cookiegal's Avatar
Administrator with 54,773 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
16-May-2008, 07:00 PM #23
Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O23 - Service: avp - GRISOFT, s.r.o. - (no file)


Since you have Norton, you should uninstall Authentium as it's not good to have more than one anti-virus program installed as they will conflict and cause problems.


Reboot and post a new HijackThis log please.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
18-May-2008, 08:19 PM #24
actually t tell you the truth...i don't ave any other anti-virus installed that i know of ...if you tell me what the name of that Authentium antivirus is i'll uninstall it promptly....
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
18-May-2008, 08:19 PM #25


i have a problem with this too after the removal of love.exe which i thank you very much for assisting me in that....this keeps showing up how do i remove it???
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
18-May-2008, 08:21 PM #26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:08 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SQ931STI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9690 bytes
Cookiegal's Avatar
Administrator with 54,773 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
19-May-2008, 11:34 AM #27
That indicates something is still trying to load it although the file itself is now gone.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Leave the default settings and only change those that are specifically mentioned below.
  • Close any open browsers.
  • Disconnect from the Internet.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • In the Drivers group click Non-Microsoft.
  • In the Registry group click ALL.
  • In the File String Search group select ALL.
  • In the Rootkit Search group select YES.
  • In the Files Created Within group click 30 days.
  • In the Files Modified Within group select 30 days.
  • In the Additional Scans section please press Select ALL.
  • On the toolbar at the top select "Scan All User Accounts" then click the Run Scan button.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file and then upload it here as an attachment (do not copy and paste the report).
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
19-May-2008, 07:06 PM #28
kind of extensive but here it is

well nvm....the file is 8776 kb and you only allow 500kb txt type document to be posted what do you want me to do with the file since i can't post it would you like me to go ahead and post it on the thread or do you have another recommendation???
Cookiegal's Avatar
Administrator with 54,773 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
19-May-2008, 07:21 PM #29
Please zip it and then attach it. It should work that way. I may not get to this until tomorrow as these logs take a long time to analyze.
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
19-May-2008, 07:34 PM #30
when i zip it it's 663 kb and when i put it in rar it's 566 kb still ...so neither will work for the max upload amount i can upload it on rapidshare if you want...unless you hae another suggestion
Closed Thread
Page 2 of 5 < 1 2