There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot browser bsod computer crash css dell desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware help please hijackthis hjt hjt log install internet internet explorer itunes javascript keyboard laptop log malware monitor network networking openoffice outlook outlook 2003 outlook express password popups problem router seo slow sound sp3 spyware startup trojan usb video virtumonde virus vista vundo windows windows xp winxp wireless youtube
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Vundo virus


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 2 of 3 < 1 2 3 >
 
Thread Tools
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
01-May-2008, 03:58 AM #16
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:15 PM, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\iPod\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
E:\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [iTunesHelper] "E:\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Acrobat 7.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://webmail.ilfsets.com/dwa7W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D79DE2E-3B23-4F0D-9899-903645C6A635}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D79DE2E-3B23-4F0D-9899-903645C6A635}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D79DE2E-3B23-4F0D-9899-903645C6A635}: NameServer = 85.255.116.28,85.255.112.185
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10962 bytes
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
01-May-2008, 05:57 AM #17
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 01, 2008 3:23:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 733657
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 58514
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:54:27

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6D90B3AF-463E-43A2-AE13-829E895D6DE9}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04172008-160214.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-01_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\8DEDC3E3.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C8E04BEA.TMP Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3023A775-D083-418B-8016-BC60E4F47E8D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC9D1E7D0-0877-4971-880D-AD18059DC89B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB23F5465-69C1-4081-A9B8-D3E7BAB5B760.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD1092122-0E5B-4036-9183-421351153A46.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6629204C-CCFD-4C71-93CC-54DD270370E7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0DE278C4-10BC-4FE7-96DC-61FDEC637E2D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF85AE2D8-5D06-409E-940F-1BE9511015BD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD093822D-4BC1-4B63-99A9-7A6BA384837A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1136558F-D3F5-4294-A87E-C4AD2A44ABC6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46C39ECE-C2E8-4082-9FA6-BC416EC94B01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0FBA6F3D-8F4C-49A0-BE0C-875B71234ED1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS606DF2DE-5054-4525-A98C-EB64043DF0FE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7FC960DC-59D0-431C-A6A2-838E802FE357.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC21DC595-02F9-4447-8E32-B4C1B32EDFBB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS542BBCFA-2856-4489-93F6-5A941E7BBED7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC67043CA-0263-44ED-A9ED-539770F1C3BC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4F5207DA-65DC-4AAC-AC1F-CFD629F0D72F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS123DC9D6-40B8-423A-AFE6-9F76A3418F79.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC061A20-B09C-451A-A963-DFDA4085E201.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D27D6CC-0D5A-4635-89DE-93ADA6B76F8D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBF1345C1-121D-4D0C-8E5F-A4B5ECB33B3E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD9F330B6-6808-40AE-B8B1-3DD4FCC54E5C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2A3E3BA2-0B83-4E2E-B880-571032D1FA83.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D4FAAB4-95D4-4220-9A58-297C79739243.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFEC63804-E619-4B8B-9E82-BFC1B08A0467.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA24F5BC1-23CC-4099-999A-0AC52B2F66F7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42CCF294-A0C8-4F76-BF14-62ECA0CE8A83.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC3C7F409-6398-4808-A8D7-7627A485F12C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD03EACD4-0AE0-484D-96E1-8A0DC191B08C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEF324398-CE89-47BB-8355-E05C81148EB5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS47C6D044-CEBA-482B-98A0-D8BD82367DE6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2072B2F4-532B-47BF-BFB0-6C9E3D467B1D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD93BF383-A512-4EB1-A2EA-17011B17F872.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA60182EC-3BA9-4E3A-995C-73B2FFEB8D75.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3767ED7E-8D1A-42C7-88E6-8AA7C5C9D27A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS84355E34-39EA-431B-BB12-8EF24474A737.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7AFCAA50-D9CA-453F-9A65-6AFFA22BD33F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB5D5366D-E93C-4C8E-8B0E-FBD6A581387A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE488F301-3820-4EE8-833B-0819B6540518.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS49DF8F93-F088-47B2-8BFD-C7AA5CBE110A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDEFE72B8-85E5-4AEB-9AA8-5E63EBF5DF42.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD17D75A9-B061-4C22-A077-9CC9BE6FC8E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1FE68E0D-7C75-459F-8504-B4599094A0FA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8921071F-4B2B-4455-BFEB-D8C984604383.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS88345983-618C-4EA4-92CE-020C60B69087.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC435CB5-9290-478B-AE1D-CFD1AF8575B5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS04BFCC9A-CAD0-468D-87F0-B6BA82EA616E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS16CCFF56-118B-49E1-8B03-0DBFD407DF24.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS48B2B255-F2A6-4BE9-BDFB-CAD9AF0093D6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8200FA35-9ACB-4205-83CB-D560DA24C03D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9BE805A3-B3B9-4745-B299-A891807ABF7F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFEF66565-3BF6-4026-97B2-49734EE04885.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAF6E53D7-3413-49F5-969B-79DB3234A6E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1B7420D3-698B-4AC2-8B7D-474670DB434D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS99369458-C366-4485-8E19-4BB810635B9F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2CFA14A8-2560-49E7-9706-7D37680F4854.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA913B922-07C8-4CC6-A8E9-AF572D925B1D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE021792B-438A-4557-9173-D72D253A66FD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF4FD2031-1880-45A1-BEF8-17BEA13B019F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE5C837AE-CF22-4F93-A0A1-D1B14C7E2DD5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA66B7B8-CF96-4A52-9649-18F02EF93F56.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAD0A841F-414B-4786-8799-EA7078B89874.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFF71D710-25A0-4AE6-915E-4CF9EC008E1B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0041D68D-5E0F-4D60-BE4A-74ACAF73B654.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF1EAB5F5-DFF2-4E96-8EB5-C0F4F3B0E86F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6AE5FDDB-3275-4D5F-AC29-2304321CA28F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE90DA5FE-8061-4E4E-8CC2-E39D968551A7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD2511B3D-E187-4E10-A3F9-EFBFB3000BF8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS18DFFE90-8F82-4334-AE10-4AC43F480784.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS52B800AE-82E3-424F-ADF6-558A1DE26E39.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB2483706-60D1-4885-8DB8-76A644F83965.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA563888A-F85E-4C47-84BC-EFADAFD4598A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9CC1DA8-74F3-49AC-B677-67463AEC3E1C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9E575D0C-8C1E-4BD0-9A7C-6923DFE114C4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA2CE2F68-59AF-4968-80B8-097C7606DE3C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS18B38F40-3457-4194-83DF-5B720236E021.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS939344D3-2370-42B2-B485-9A3D3A0985BF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5A8D06D6-94CD-4D45-90BE-615F4D56B5C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCDDC8BB4-61DB-499E-95EA-A27698111DC3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS755F6745-AD5C-43D1-A6AE-179750418AF7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5D50C347-6205-47DB-8BD9-9932C9A3A6F3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1859DF85-87BD-42B8-8E13-2CB9AF2AA020.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4D497D75-C776-470E-879B-C970BD93A253.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA447E0EA-7F0A-4DF7-BD70-AB00A9E69A9E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAA9E23D2-262B-4A23-BE92-4DC3A1F9A9DA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4957E586-1005-4420-BE63-880A3A4AEBCD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0EAF749F-C98A-4E3A-BEDD-101883EDAF04.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC8485041-EC85-4DC1-844A-3EB1A3C99EE8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS984BA96B-34E2-4E29-9EE8-07BF08B4B168.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Shreyans\ntuser.dat Object is locked skipped
C:\Documents and Settings\Shreyans\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\History\History.IE5\MSHist012008050120080502\index.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Temporary Internet Files\AntiPhishing\5AFAD6B8-456C-4DA1-88AD-AF7DFF52072B.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3EA70BF9-1752-11DD-9DD8-001676A2DF53}.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3EA70BFA-1752-11DD-9DD8-001676A2DF53}.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{89842154-1754-11DD-9DD8-001676A2DF53}.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1713C115-1755-11DD-9DD8-001676A2DF53}.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E5255BA6-175C-11DD-9DD8-001676A2DF53}.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{83743F42-175E-11DD-9DD8-001676A2DF53}.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{78406B25-57C7-4F6B-AF3D-8820BD496B59} Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\temp\~DF7CC0.tmp Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\temp\~DFFD33.tmp Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\temp\fla4C3.tmp Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\temp\Perflib_Perfdata_7b0.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\temp\~DFADF4.tmp Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\temp\~DFBAD1.tmp Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\temp\~DF6FD1.tmp Object is locked skipped
C:\Documents and Settings\Shreyans\Local Settings\temp\~DFEA1D.tmp Object is locked skipped
C:\Documents and Settings\Shreyans\My Documents\Downloads\Spy Sweeper 5.5.7 CLEAN\Spy Sweeper 5.5.7.EXE/data0000.cab/WR-1-1~1.EXE Infected: Trojan-Downloader.Win32.Small.ixj skipped
C:\Documents and Settings\Shreyans\My Documents\Downloads\Spy Sweeper 5.5.7 CLEAN\Spy Sweeper 5.5.7.EXE/data0000.cab Infected: Trojan-Downloader.Win32.Small.ixj skipped
C:\Documents and Settings\Shreyans\My Documents\Downloads\Spy Sweeper 5.5.7 CLEAN\Spy Sweeper 5.5.7.EXE Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\Shreyans\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\parent.lock Object is locked skipped
C:\Documents and Settings\Shreyans\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\cert8.db Object is locked skipped
C:\Documents and Settings\Shreyans\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\key3.db Object is locked skipped
C:\Documents and Settings\Shreyans\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Shreyans\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\history.dat Object is locked skipped
C:\Documents and Settings\Shreyans\Application Data\Mozilla\Firefox\Profiles\vy1vmkrx.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Shreyans\Application Data\Webroot\Spy Sweeper\Logs\080501122045.ses Object is locked skipped
C:\Documents and Settings\Shreyans\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-1-2008( 12-39-51 ).LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\SYMLCRST.DLL Object is locked skipped
C:\Program Files\Norton 2007\NAV 2007 CB.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.oax skipped
C:\Program Files\Norton 2007\NAV 2007 CB.rar/crack.exe Infected: Trojan.Win32.Obfuscated.xr skipped
C:\Program Files\Norton 2007\NAV 2007 CB.rar RAR: infected - 2 skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\_restore{D0792A3B-0F37-4190-AEA8-78974ACC2B9C}\RP4\change.log Object is locked skipped
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

Scan process completed.
cybertech's Avatar
Computer Specs
Moderator with 56,527 posts.
  
Join Date: Apr 2002
Location: Washington State
01-May-2008, 11:24 AM #18
Open Notepad and copy and paste the text in the quote box below into it:
Quote:
KILLALL::
File::
C:\Documents and Settings\Shreyans\My Documents\Downloads\Spy Sweeper 5.5.7 CLEAN\Spy Sweeper 5.5.7.EXE
C:\Program Files\Norton 2007\NAV 2007 CB.rar

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.



Please print these instructions for reference, as you will have to restart your computer during the fix.

Please download FixWareout from Here or Here.

Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.
  1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  2. The fix will begin; follow the prompts.
  3. If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
  4. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  5. Once the desktop loads a text file will open (report.txt).
    Please post the C:\fixwareout\report.txt ), along with a new HijackThis log into this thread.
__________________
Microsoft MVP/Windows - Consumer Security


If we have helped you, please consider making a donation to TSG!
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
01-May-2008, 02:13 PM #19
ComboFix 08-04-28.2 - Shreyans 2008-05-01 22:50:05.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.131 [GMT 5.5:30]
Running from: C:\Documents and Settings\Shreyans\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shreyans\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Shreyans\My Documents\Downloads\Spy Sweeper 5.5.7 CLEAN\Spy Sweeper 5.5.7.EXE
C:\Program Files\Norton 2007\NAV 2007 CB.rar
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Shreyans\My Documents\Downloads\Spy Sweeper 5.5.7 CLEAN\Spy Sweeper 5.5.7.EXE
C:\Program Files\Norton 2007\NAV 2007 CB.rar

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 13:36 . 2008-05-01 13:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 13:36 . 2008-05-01 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 12:39 . 2008-05-01 12:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-01 12:39 . 2008-05-01 12:39 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\SUPERAntiSpyware.com
2008-05-01 12:39 . 2008-05-01 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-01 12:38 . 2008-05-01 12:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 12:15 . 2008-04-29 12:15 <DIR> d-------- C:\fixwareout
2008-04-28 20:21 . 2008-04-28 20:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-26 20:16 . 2008-04-26 20:16 <DIR> d--hs---- C:\FOUND.005
2008-04-26 18:12 . 2008-04-26 18:13 <DIR> d--h----- C:\WINDOWS\ie8
2008-04-26 01:51 . 2008-04-26 01:51 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\Malwarebytes
2008-04-26 01:50 . 2008-04-26 01:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-26 01:50 . 2008-04-26 01:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 13:52 . 2008-04-21 13:52 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2008-04-21 13:52 . 2008-04-21 13:52 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2008-04-21 13:52 . 2008-04-21 13:52 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2008-04-21 13:52 . 2008-04-21 13:52 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2008-04-21 13:52 . 2008-04-21 13:52 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2008-04-21 13:52 . 2008-04-21 13:52 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2008-04-21 13:52 . 2008-04-21 13:52 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2008-04-21 13:52 . 2008-04-21 13:52 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2008-04-21 13:52 . 2008-04-21 13:52 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2008-04-21 01:07 . 2008-04-21 01:07 <DIR> d--hs---- C:\FOUND.004
2008-04-21 00:56 . 2008-04-29 21:50 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-04-20 13:05 . 2008-04-20 13:05 <DIR> d--hs---- C:\FOUND.003
2008-04-19 17:04 . 2008-04-19 17:04 <DIR> d-------- C:\Program Files\Webroot
2008-04-19 17:04 . 2008-04-19 17:04 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\Webroot
2008-04-19 17:04 . 2008-04-19 17:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-19 17:04 . 2008-04-19 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-19 17:04 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-04-19 17:04 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-19 17:04 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-19 17:04 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-19 17:04 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-19 15:54 . 2008-04-19 15:54 <DIR> d--hs---- C:\FOUND.002
2008-04-19 01:30 . 2008-04-29 22:28 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-19 00:19 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-19 00:19 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-19 00:19 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-18 20:15 . 2008-04-18 20:15 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-04-18 20:14 . 2008-05-01 15:41 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-18 20:14 . 2008-05-01 15:41 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-18 20:13 . 2008-04-18 20:13 <DIR> d-------- C:\Program Files\Symantec
2008-04-18 20:13 . 2008-04-18 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-18 01:24 . 2008-04-18 01:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-17 21:48 . 2008-04-17 21:48 <DIR> d--hs---- C:\FOUND.001
2008-04-17 16:01 . 2008-04-17 16:01 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-16 15:46 . 2008-05-01 22:39 1,024 --ah----- C:\Documents and Settings\Guest\ntuser.dat.LOG
2008-04-16 14:16 . 2008-04-16 14:16 <DIR> d--hs---- C:\FOUND.000
2008-04-16 00:09 . 2008-05-01 15:41 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-16 00:09 . 2008-05-01 15:41 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-15 23:51 . 2008-04-18 20:57 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-15 23:31 . 2008-04-15 23:31 <DIR> d-------- C:\Program Files\Norton 2007
2008-04-15 22:46 . 2008-04-15 22:46 <DIR> d-------- C:\Program Files\PowerISO
2008-04-15 22:11 . 2008-04-15 22:11 <DIR> d-------- C:\Program Files\uTorrent
2008-04-15 22:11 . 2008-04-15 22:11 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\uTorrent
2008-04-15 22:05 . 2008-04-15 22:05 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\PCF-VLC
2008-04-15 21:30 . 2008-04-15 21:38 921,624 --a------ C:\img2-001.raw
2008-04-15 16:54 . 2008-04-15 21:09 369 --a------ C:\WINDOWS\capture.ini
2008-04-11 15:18 . 2008-04-11 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-04-03 19:21 . 2008-04-03 19:21 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\Participatory Culture Foundation
2008-04-03 19:20 . 2008-04-03 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
2008-04-01 22:02 . 2004-02-05 20:53 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-04-01 22:02 . 2002-01-05 16:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-04-01 22:02 . 2004-01-08 01:43 253,952 --a------ C:\WINDOWS\system32\histogram.ocx
2008-04-01 22:02 . 2004-01-09 10:54 188,416 --a------ C:\WINDOWS\system32\actsplash.ocx
2008-04-01 22:01 . 2008-04-01 22:01 <DIR> d-------- C:\Program Files\SystemGuards.com
2008-04-01 22:01 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash8.ocx
2008-04-01 20:18 . 2001-08-29 05:00 94,720 --------- C:\WINDOWS\system32\CNMLM20.DLL
2008-04-01 20:18 . 2001-08-29 05:00 5,632 --a------ C:\WINDOWS\system32\CNMVS20.DLL
2008-04-01 20:17 . 2008-04-01 20:17 <DIR> d--h----- C:\BJPrinter
2008-04-01 20:17 . 2001-09-13 16:30 36,864 --a------ C:\WINDOWS\system32\CNMCP20.EXE
2008-04-01 20:16 . 2008-04-01 20:16 <DIR> d-------- C:\BJC265SP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 16:58 --------- d-----w C:\Program Files\Smart AntiVirus
2008-03-21 07:36 --------- d-----w C:\Documents and Settings\Shreyans\Application Data\River Past G5
2008-03-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-03-20 21:18 --------- d-----w C:\Documents and Settings\Shreyans\Application Data\PlayFirst
2008-03-20 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-11 12:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-11 12:11 --------- d-----w C:\Program Files\Real
2008-03-03 14:23 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-03 14:23 78,336 ----a-w C:\WINDOWS\system32\dllcache\ieencode.dll
2008-03-03 14:22 70,656 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-03 14:22 599,552 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-03-03 14:22 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-03 14:22 41,984 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-03-03 14:22 349,184 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-03-03 14:22 224,768 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-03-03 14:22 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-03-03 14:22 17,920 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-03-03 14:22 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-03 14:22 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-03-03 14:22 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-03-03 14:21 94,208 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-03-03 14:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-03-03 14:21 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-03 14:21 69,120 ----a-w C:\WINDOWS\system32\dllcache\iesetup.dll
2008-03-03 14:21 69,120 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
2008-03-03 14:21 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-03 14:21 557,056 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2008-03-03 14:21 44,032 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2008-03-03 14:21 149,504 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-03 14:21 126,464 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2008-03-03 14:21 119,808 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-03-03 14:20 60,928 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-03 14:20 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-03 14:20 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
2008-03-03 14:20 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-03 14:20 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-03-03 14:20 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-03-03 14:20 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-03-03 14:20 36,352 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
2008-03-03 14:20 345,600 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-03-03 14:20 268,800 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-03 14:20 212,992 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-03-03 14:16 68,096 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-03-03 14:04 440,832 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-29_22.52.14.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-29 17:14:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 17:24:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 07:09:32 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-01 07:09:32 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2005-05-24 06:57:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 10:17:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 10:19:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 00:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\spydoctor.exe" [2004-09-22 10:28 1818624]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 22:53 15961088 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"PCSuiteTrayApplication"="E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"iTunesHelper"="E:\iPod\iTunesHelper.exe" [2006-02-23 15:45 278528]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Acrobat 7.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 05:21 233472]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 15:47 847872]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-06 12:29 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-01-06 13:10 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="E:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-01-11 16:02:11 106560]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-05 13:34:12 126136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"= es1371.dll
"midi1"= es1371.dll
"mixer2"= es1371.dll
"aux1"= es1371.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\iPod\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-04-29 21:50]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{0169f456-bb74-11dc-9d80-001676a2df53}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{2398bc60-7de4-11dc-9cb2-001676a2df53}]
\Shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{30765be0-2f29-11dc-9b30-001676a2df53}]
\Shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{3e7d918a-52de-11dc-9bd6-001676a2df53}]
\Shell\AutoRun\command - H:\SSCVIHOST.exe
\Shell\Open\command - H:\SSCVIHOST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{e949e6fa-7d7b-11dc-9cb0-001676a2df53}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 01:31:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 14:54:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Shreyans.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-05-01 17:27:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 22:54:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
C:\WINDOWS\System32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\WINDOWS\SYSTEM32\UTSCSI.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.
**************************************************************************
.
Completion time: 2008-05-01 23:04:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 17:34:06
ComboFix3.txt 2008-04-29 17:23:36
ComboFix2.txt 2008-05-01 06:39:38

Pre-Run: 4,410,843,136 bytes free
Post-Run: 4,392,755,200 bytes free

275 --- E O F --- 2008-03-13 15:00:13
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
01-May-2008, 02:32 PM #20
Username "Shreyans" - 01/05/2008 23:44:37 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{0D79DE2E-3B23-4F0D-9899-903645C6A635}
"nameserver"="85.255.116.28,85.255.112.185" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"RTHDCPL"="RTHDCPL.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"VX1000"="C:\\WINDOWS\\vVX1000.exe"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"PCSuiteTrayApplication"="\"E:\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"iTunesHelper"="\"E:\\iPod\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\Reader_sl.exe\""
"PWRISOVM.EXE"="\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SpyHunter Security Suite"="\"C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter3.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\spydoctor.exe\" /Q"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"SUPERAntiSpyware"="\"C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
01-May-2008, 02:32 PM #21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:31 AM, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\iPod\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\iPod\bin\iPodService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [iTunesHelper] "E:\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Acrobat 7.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://webmail.ilfsets.com/dwa7W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D79DE2E-3B23-4F0D-9899-903645C6A635}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{94525950-EEB6-4F6D-85F8-62D52D5EFCF6}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.28 85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D79DE2E-3B23-4F0D-9899-903645C6A635}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.28 85.255.112.185
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11541 bytes
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
01-May-2008, 02:35 PM #22
This tme too after running FixWareout, i faced the same internet problem.
But after running dnsbak.reg in the fixwareout folder i could acces internet sites.