1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Control Panel Missing

Discussion in 'Virus & Other Malware Removal' started by mervward, Oct 31, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. mervward

    mervward Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    26
    Hi,

    I have lost access to the control panel on 2 out of the 5 user accounts on my windows XP.

    I had this problem about three weeks ago when I lost access for all users and with help from this forum got it sorted.

    Any help appreciated.
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,930
    Click here and then scroll down to and click on hijackthis self installer to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. mervward

    mervward Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    26
    I saved this log last night. I have not got HJT to "fix" anything.

    Thanks

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:09:32, on 31/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Documents and Settings\Merv\My Documents\Set up apps\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fromthelane.co.uk/forum/forum_topics.asp?FID=2&PN=1
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1007\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Mel')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1007\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" (User 'Mel')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mel')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mel')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Mel')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm037YYGB
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/sis/slgwebinstall.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A36ED00-D86E-493E-B49D-3C582A3FC23E}: NameServer = 212.159.6.10 212.159.6.9
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9997 bytes
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,930
    Please download SmitfraudFix (by S!Ri)

    Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.


    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
     
  5. mervward

    mervward Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    26
    SmitFraudFix v2.246

    Scan done at 18:43:30.34, 01/11/2007
    Run from C:\Documents and Settings\Merv\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Merv


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Merv\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Merv\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: WAN (PPP/SLIP) Interface
    DNS Server Search Order: 212.159.6.9
    DNS Server Search Order: 212.159.6.10

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A36ED00-D86E-493E-B49D-3C582A3FC23E}: NameServer=212.159.6.9 212.159.6.10
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A36ED00-D86E-493E-B49D-3C582A3FC23E}: NameServer=212.159.6.9 212.159.6.10
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{7A36ED00-D86E-493E-B49D-3C582A3FC23E}: NameServer=212.159.6.9 212.159.6.10


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,930
    Download ComboFix and save it to your desktop.

    **Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    1. Close any open browsers.

    2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**
     
  7. mervward

    mervward Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    26
    ComboFix 07-11-01.2 - Merv 2007-11-01 21:39:14.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.645 [GMT 0:00]
    Running from: C:\Documents and Settings\Merv\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Dan\Application Data\FunWebProducts
    C:\Documents and Settings\Dan\Application Data\FunWebProducts\Data\Dan\avatar.dat
    C:\Documents and Settings\Nath\Application Data\FunWebProducts
    C:\Documents and Settings\Sian\Application Data\FunWebProducts
    C:\Documents and Settings\Sian\Application Data\FunWebProducts\Data\Sian\avatar.dat
    C:\Documents and Settings\Sian\Application Data\FunWebProducts\Data\Sian\register.dat
    C:\Program Files\internet explorer\msimg32.dll
    C:\WINDOWS\system32\8_exception.nls
    C:\WINDOWS\system32\f3PSSavr.scr

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
    .

    2007-11-01 21:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-29 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-10-29 21:57 <DIR> d-------- C:\Program Files\Windows Live
    2007-10-22 13:42 <DIR> d-------- C:\Program Files\scan2PDF
    2007-10-22 13:37 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\MyPDFCreator
    2007-10-22 13:37 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2007-10-11 20:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-11 20:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-11 20:35 <DIR> d-------- C:\Documents and Settings\Merv\Application Data\SUPERAntiSpyware.com
    2007-10-11 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-11 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
    2007-10-11 20:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
    2007-10-11 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
    2007-10-11 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
    2007-10-11 19:57 3,660 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-10 17:03 20,992 --a------ C:\WINDOWS\oeimara.exe
    2007-10-10 16:18 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-10 16:15 16,384 --a------ C:\WINDOWS\xlavra.exe
    2007-10-09 17:17 16,384 --a------ C:\WINDOWS\mraera.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-01 21:37 --------- d-----w C:\Documents and Settings\Merv\Application Data\Spyware Terminator
    2007-11-01 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-01 18:37 --------- d-----w C:\Program Files\Spyware Terminator
    2007-10-30 17:11 --------- d-----w C:\Documents and Settings\Dan\Application Data\Spyware Terminator
    2007-10-29 21:57 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-29 21:57 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-10-29 16:49 --------- d-----w C:\Documents and Settings\Sian\Application Data\Spyware Terminator
    2007-10-28 08:31 --------- d-----w C:\Documents and Settings\Nath\Application Data\Spyware Terminator
    2007-10-25 08:33 --------- d-----w C:\Documents and Settings\Mel\Application Data\Spyware Terminator
    2007-10-22 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2007-09-30 09:53 --------- d-----w C:\Program Files\Winamp
    2007-09-22 18:12 --------- d-----w C:\Program Files\Google
    2007-09-15 17:27 --------- d-----w C:\Documents and Settings\Dan\Application Data\VideoEgg
    2007-09-10 18:11 --------- d-----w C:\Program Files\Digital Image Tool
    2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-05-01 10:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2006-09-13 18:03:59 88 --sh--r C:\WINDOWS\system32\956E073203.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-02 22:20]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20]
    "CnxDslTaskBar"="C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2001-12-19 02:47]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 10:06]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 18:05]
    "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 03:00]
    "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 22:12]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:00 C:\WINDOWS\system32\bthprops.cpl]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-19 11:47]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 06:51]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
    "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 03:00]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-29 16:09:45]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
    R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
    R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
    S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys
    S3 ZDNDIS5;ZDNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ZDNDIS5.SYS

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-01 20:49:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-01 21:44:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-01 21:45:04 - machine was rebooted
    .
    --- E O F ---


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:48:50, on 01/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Merv\My Documents\Set up apps\HiJackThis_v2.exe


    --
    End of file - 2018 bytes
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,930
    Download MsnCleaner_eng.zip but don't use it yet.
    (Copy/Paste the download link in the url window or use "Save Target As")
    • Now reboot into Safe Modeusing the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
    • Double-click MsnCleaner_eng.exe to run it.
    • Click the Analyze button.
    • A report will be created after the scan is finished.
    • If it finds an infection, click the Deleted button.
    • Now, please reboot back to normal mode.
    • Please post the contents of C:\MsnCleaner.txt in a reply to this post.
     
  9. mervward

    mervward Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    26
    - Logfile MSNCleaner 1.4.5 by www.forospyware.com
    - Created Logfile: 02/11/2007 on 13:18:02
    - Operative System: Windows XP
    - Boot mode: Safe mode
    _________________________________________

    Detected files: 1
    Deleted file: 1
    Undeleted Files: 0

    C:\WINDOWS\xlavra.exe <--- Deleted

    Host file Restored
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,930
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  11. mervward

    mervward Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    26
    ComboFix 07-11-01.2 - Merv 2007-11-02 22:33:31.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.444 [GMT 0:00]
    Running from: C:\Documents and Settings\Merv\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Merv\Desktop\CFScript.txt
    * Created a new restore point

    FILE::
    C:\WINDOWS\mraera.exe
    C:\WINDOWS\oeimara.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\mraera.exe
    C:\WINDOWS\oeimara.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
    .

    2007-11-01 21:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-29 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-10-29 21:57 <DIR> d-------- C:\Program Files\Windows Live
    2007-10-22 13:42 <DIR> d-------- C:\Program Files\scan2PDF
    2007-10-22 13:37 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\MyPDFCreator
    2007-10-22 13:37 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2007-10-11 20:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-11 20:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-11 20:35 <DIR> d-------- C:\Documents and Settings\Merv\Application Data\SUPERAntiSpyware.com
    2007-10-11 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-11 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
    2007-10-11 20:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
    2007-10-11 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
    2007-10-11 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
    2007-10-11 19:57 3,660 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-10 16:18 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-02 18:32 --------- d-----w C:\Program Files\Spyware Terminator
    2007-11-02 18:00 --------- d-----w C:\Documents and Settings\Nath\Application Data\Spyware Terminator
    2007-11-02 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2007-11-02 17:28 --------- d-----w C:\Documents and Settings\Sian\Application Data\Spyware Terminator
    2007-11-02 13:03 --------- d-----w C:\Documents and Settings\Mel\Application Data\Spyware Terminator
    2007-11-01 21:37 --------- d-----w C:\Documents and Settings\Merv\Application Data\Spyware Terminator
    2007-11-01 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-10-30 17:11 --------- d-----w C:\Documents and Settings\Dan\Application Data\Spyware Terminator
    2007-10-29 21:57 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-29 21:57 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-10-02 20:47 6,164 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-09-30 09:53 --------- d-----w C:\Program Files\Winamp
    2007-09-22 18:12 --------- d-----w C:\Program Files\Google
    2007-09-15 17:27 --------- d-----w C:\Documents and Settings\Dan\Application Data\VideoEgg
    2007-09-10 18:11 --------- d-----w C:\Program Files\Digital Image Tool
    2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-05-01 10:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2006-09-13 18:03:59 88 --sh--r C:\WINDOWS\system32\956E073203.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_21.44.34.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-02 13:21:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-02 22:20]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20]
    "CnxDslTaskBar"="C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" [2001-12-19 02:47]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 10:06]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 18:05]
    "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 03:00]
    "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 22:12]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:00 C:\WINDOWS\system32\bthprops.cpl]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-19 11:47]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 06:51]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
    "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 03:00]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-29 16:09:45]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
    R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
    R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
    S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
    S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys
    S3 ZDNDIS5;ZDNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ZDNDIS5.SYS

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-02 21:49:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 22:37:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-02 22:38:11
    C:\ComboFix2.txt ... 2007-11-01 21:45
    .
    --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 22:46:24, on 02/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Documents and Settings\Merv\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fromthelane.co.uk/forum/forum_topics.asp?FID=2&PN=1
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm037YYGB
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/sis/slgwebinstall.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 9225 bytes
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,930
    Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    Choose the "Extended database" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from the Kaspersky scan
     
  13. mervward

    mervward Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    26
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, November 03, 2007 5:41:47 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 3/11/2007
    Kaspersky Anti-Virus database records: 450877
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 107094
    Number of viruses found: 19
    Number of infected objects: 51
    Number of suspicious objects: 0
    Duration of the scan process: 01:08:48

    Infected Object Name / Virus Name / Last Action
    C:\BackUpMSNCleaner\xlavra.exe.vir Infected: Trojan-Downloader.Win32.Wixud.d skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Merv\.housecall6.6\Quarantine\crtdcghcn.jar-200770a0-5f8916f4.zip.bac_a05012/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
    C:\Documents and Settings\Merv\.housecall6.6\Quarantine\crtdcghcn.jar-200770a0-5f8916f4.zip.bac_a05012/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
    C:\Documents and Settings\Merv\.housecall6.6\Quarantine\crtdcghcn.jar-200770a0-5f8916f4.zip.bac_a05012/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
    C:\Documents and Settings\Merv\.housecall6.6\Quarantine\crtdcghcn.jar-200770a0-5f8916f4.zip.bac_a05012 ZIP: infected - 3 skipped
    C:\Documents and Settings\Merv\.housecall6.6\Quarantine\crtdcghcn.jar-200770a0-5f8916f4.zip.bac_a05012 CryptFF.b: infected - 3 skipped
    C:\Documents and Settings\Merv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
    C:\Documents and Settings\Merv\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Merv\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Merv\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Merv\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Merv\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Merv\Local Settings\History\History.IE5\MSHist012007110320071104\index.dat Object is locked skipped
    C:\Documents and Settings\Merv\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Merv\Local Settings\Temporary Internet Files\Content.IE5\A7BVK089\20071103_comp_517[1].xml Object is locked skipped
    C:\Documents and Settings\Merv\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Merv\My Documents\Comp Virus Stuff\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Merv\My Documents\Comp Virus Stuff\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Merv\My Documents\Comp Virus Stuff\SmitfraudFix.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Merv\My Documents\Set up apps\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Merv\My Documents\Set up apps\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Merv\My Documents\Set up apps\SmitfraudFix.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Merv\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Merv\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\qoobox\Quarantine\C\WINDOWS\oeimara.exe.vir Infected: Trojan.Win32.Pakes.sb skipped
    C:\qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP437\A0283726.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289197.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289198.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289199.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289200.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289201.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289202.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289203.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289204.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289205.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289206.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289207.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289209.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289210.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289211.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289212.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289213.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289214.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289215.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289217.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289218.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289220.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289222.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289223.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289224.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289226.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289227.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289228.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP441\A0289237.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP479\A0318819.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP496\A0333404.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP500\A0335224.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP500\A0335225.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP500\A0335378.exe Infected: Trojan-Downloader.Win32.Wixud.d skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP502\A0335631.exe Infected: Trojan.Win32.Pakes.sb skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP502\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\D289282J.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\CnxDslWz.log Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat Object is locked skipped
    C:\WINDOWS\Temp\ZLT06261.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT07cad.TMP Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 17:46:35, on 03/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Merv\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fromthelane.co.uk/forum/forum_topics.asp?FID=2&PN=1
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1008\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Dan')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Dan')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Dan')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Dan')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1008\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'Dan')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1008\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'Dan')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm037YYGB
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/sis/slgwebinstall.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A36ED00-D86E-493E-B49D-3C582A3FC23E}: NameServer = 212.159.6.10 212.159.6.9
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10222 bytes
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,930
    Can you post a new HijackThis log taken from Dan's account please?
     
  15. mervward

    mervward Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    26
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:22:12 PM, on 11/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Dan\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jdsports.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Merv')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Merv')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1006\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU" (User 'Merv')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1006\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Merv')
    O4 - HKUS\S-1-5-21-3549304305-4229197624-2869060079-1007\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Mel')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm037YYGB
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?3c8849ed573049e9bbbf2e444d1ccda8
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?3c8849ed573049e9bbbf2e444d1ccda8
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/sis/slgwebinstall.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7A36ED00-D86E-493E-B49D-3C582A3FC23E}: NameServer = 212.159.6.10 212.159.6.9
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 10719 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646017

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice