Hijackthis / Combofix Logs

midnight70

By midnight70,
in Malware Removal

 Share Followers 0

Recommended Posts

midnight70

midnight70

Posted
Posted

This is running currently on my Mom's system - the chief complaint was that she was unable to use Nero - only the Image recorder was coming up as a valid recrorder but other programs that don't use the IMAPI layer see it fine. I noticed in the event manager that the IMAPI service would stop very shortly after starting - thus Nero's inability to see the drive - which got me looking into whether this system has been 'jacked - i'm seeing a lot of things I don't recognize -

Thanks for your help -

:)

-Midnight70

Logfile of HijackThis v1.99.1

Scan saved at 4:03:35 PM, on 2/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{DED86118-6AC3-4A17-A2F8-40C83F0F67B3}: NameServer = 192.168.0.1,192.168.0.254

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetOp Helper ver. 7.60 (2003146) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

---------------------------------------------------------------------------------------------------------------------------

"Mom" - 07-02-07 16:14:16 Service Pack 2

ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Mom\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))

2007-02-07 16:12 <DIR> d-------- C:\Program Files\Hijackthis

2007-02-07 05:15 103,489 --a------ C:\WINDOWS\hpqins13.dat

2007-02-07 05:15 <DIR> d-------- C:\Program Files\Common Files\HP

2007-02-07 05:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\HP

2007-02-04 20:37 <DIR> d-------- C:\Program Files\MemoriesOnTV3

2007-01-26 10:08 287,256 -ra------ C:\WINDOWS\system32\AbaleZip.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-07 15:50 -------- d-------- C:\Program Files\mozilla firefox

2007-02-01 20:56 -------- d-------- C:\Program Files\Common Files\ahead

2007-01-29 19:33 -------- d-------- C:\Program Files\arcsoft

2007-01-29 19:26 -------- d--h----- C:\Program Files\installshield installation information

2007-01-29 19:23 -------- d-------- C:\Program Files\Common Files\real

2007-01-29 19:08 -------- d-------- C:\Program Files\3d-album-picturepro

2007-01-28 21:28 -------- d-------- C:\Program Files\mywebsearch

2006-12-31 16:36 -------- d-------- C:\Program Files\funwebproducts

2006-12-31 16:36 -------- d-------- C:\DOCUME~1\Mom\Application Data\funwebproducts

2006-12-29 18:37 -------- d-------- C:\Program Files\gamehouse

2006-12-29 18:21 -------- d-------- C:\Program Files\terminal studio

2006-12-20 06:12 -------- d-------- C:\DOCUME~1\Mom\Application Data\lumapix

2006-12-19 20:03 165610 --a------ C:\WINDOWS\fotofusion uninstaller.exe

2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"GhostStartTrayApp"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"

"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\

65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Event Reminder.lnk"

"backup"="C:\\WINDOWS\\pss\\Event Reminder.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\BRODER~1\\PRINTM~1\\pmremind.exe "

"item"="Event Reminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"

"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -h"

"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"

"backup"="C:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "

"item"="Kodak software updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"

"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "

"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Sonic CinePlayer Quick Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Sonic CinePlayer Quick Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\COMMON~1\\SONICS~1\\CineTray.exe "

"item"="Sonic CinePlayer Quick Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ashDisp"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NMBgMonitor"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="tfswctrl"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hpcmpmgr"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWuSchd"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hpztsb09"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hphmon05"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\hphmon05.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hphupd05"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="isuspm"

"hkey"="HKLM"

"command"="c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="issch"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WkUFind"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Shareaza"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfb9c42-b435-11d9-ac11-806d6172696f}]

Shell\AutoRun\command D:\NVIDIA.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10a82b7c-6527-11da-a751-806d6172696f}]

shell\play\Command "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY358130SF7I.job

C:\WINDOWS\tasks\HP Usg Daily.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

********************************************************************

Completion time: 07-02-07 16:16:12

Link to post
Share on other sites
rmurphy

rmurphy

Posted
Posted

Hi, and welcome to besttechie. I'm Ryan, and I'll be helping you.

I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

-Ryan

Link to post
Share on other sites
midnight70

midnight70

Posted
  • Author
Posted (edited)

Thanks for the quick reply!

As per your request -

ABBYY FineReader 5.0 Sprint

Ad-Aware SE Personal

Adobe Download Manager 2.0 (Remove Only)

Adobe Photoshop 7.0

Adobe Photoshop Album 2.0 Starter Edition

Adobe Photoshop Elements 3.0

Adobe Reader 7.0.5

ArcSoft DVD SlideShow (Shared Components)

avast! Antivirus

Broderbund Media Manager

Candy Wrapper Designer Pro.

CCHelp

CCScore

Collage Maker 2.03

Direct Show Ogg Vorbis Filter (remove only)

DivX 4.12 Codec

DrawPlus 3.0

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVD SlideShow

ebgcInfra

ebgcRes

ebgcSDK

EPSON Copy Utility

EPSON PERF 3170Guide

EPSON Photo Print

EPSON Scan

EPSON Smart Panel

ESSAdpt

ESSANUP

ESSCAM

ESSCDBK

ESScore

ESSgui

ESShelp

ESSini

ESSPCD

ESSSONIC

ESSvpaht

ESSvpot

FotoFusion

Google Earth

Google Toolbar for Internet Explorer

Hijackthis 1.99.1

HijackThis 1.99.1

HLPIndex

HLPRFO

HP Memories Disc

HP Photosmart Essential 2.0

HP Software Update

Image Resizer Powertoy for Windows XP

J2SE Runtime Environment 5.0 Update 6

Jasc Paint Shop Pro 9

Jasc Paint Shop Pro 9 GDI+ Patch

Juniper Terminal Services Client

Kodak EasyShare software

KSU

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

Macromedia Shockwave Player

MemoriesOnTV 3.1.8

Microsoft .NET Framework 1.1

Microsoft Office Professional Edition 2003

Microsoft Picture It! Photo 2002

Microsoft Web Publishing Wizard 1.52

Mozilla Firefox (1.5.0.9)

MP3 Workshop 1.98

MP3 Workshop XP 1.6

MSXML 4.0 SP2 (KB927978)

Nero 7 Ultra Edition

NetOp Guest

NetOp Host

Norton Ghost

Notifier

NVIDIA Drivers

OTtBP

OTtBPSDK

PCDADDIN

PCDHELP

PCDLNCH

Photosmart 140,240,7200,7600,7700,7900 Series

Picture Browser

PowerText 3D

Presto! BizCard 4.1 Eng

PrintMaster

QuickTime

ScanToWeb

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB929969)

Serif PagePlus 5.0

Serif PagePlus 5.0 Wizard Pack

Serif PhotoPlus 6.0

SFR

SFR2

Shareaza version 2.2.1.0

Shockwave

SiSoftware Sandra Professional 2004 (Jagged Online Ltd Edition)

SolSuite

Super DX-Ball v1.00

The Jongg CD

Trillian

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Visviva Animation Player

VPRINTOL

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB884020

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

WinRAR archiver

WrapCandy 7.0 Basic

Yahoo! Toolbar

Edited by midnight70
Link to post
Share on other sites
rmurphy

rmurphy

Posted
Posted

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

Link to post
Share on other sites
midnight70

midnight70

Posted
  • Author
Posted

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, February 09, 2007 8:25:13 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 10/02/2007

Kaspersky Anti-Virus database records: 266507

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

C:\

D:\

G:\

Scan Statistics:

Total number of scanned objects: 96706

Number of viruses found: 20

Number of infected objects: 65 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:15:50

Infected Object Name / Virus Name / Last Action

C:\2-22-02 and backup_12_13_03\moms backup 2_22_02\Desktop\eDonkey61.exe/data0005/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped

C:\2-22-02 and backup_12_13_03\moms backup 2_22_02\Desktop\eDonkey61.exe/data0005 Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped

C:\2-22-02 and backup_12_13_03\moms backup 2_22_02\Desktop\eDonkey61.exe NSIS: infected - 2 skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mom\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0038.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0039.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0040.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0041.BIN/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0041.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0041.BIN/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0041.BIN/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.370 skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0041.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0041.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe/WISE0042.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe WiseSFX: infected - 11 skipped

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe WiseSFX Dropper: infected - 11 skipped

C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mom\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mom\My Documents\My Pictures\religious clip art\eaglewp.exe/WISE0013.BIN/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\Documents and Settings\Mom\My Documents\My Pictures\religious clip art\eaglewp.exe/WISE0013.BIN/WISE0010.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\Documents and Settings\Mom\My Documents\My Pictures\religious clip art\eaglewp.exe/WISE0013.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\Documents and Settings\Mom\My Documents\My Pictures\religious clip art\eaglewp.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\Documents and Settings\Mom\My Documents\My Pictures\religious clip art\eaglewp.exe WiseSFX: infected - 4 skipped

C:\Documents and Settings\Mom\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mom\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP667\A0095620.exe/mwsSetup.Zwinky.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP667\A0095620.exe CAB: infected - 1 skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095630.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095631.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095632.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095635.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095638.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095640.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095641.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095643.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095644.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095645.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095646.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095647.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095648.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095649.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095652.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095654.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095656.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095657.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095659.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095660.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095661.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095662.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095669.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095670.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP668\A0095671.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP673\A0095987.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP676\A0096207.exe/mwsSetup.Zwinky.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP676\A0096207.exe CAB: infected - 1 skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP677\A0096295.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP677\A0096296.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP677\A0096299.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP677\A0096300.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP677\A0096302.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP677\A0096321.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP704\A0097789.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP704\A0097790.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP704\A0097794.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP704\A0097795.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP704\A0097797.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP714\A0098305.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ba skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP721\A0100233.exe/mwsSetup.Zwinky.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP721\A0100233.exe CAB: infected - 1 skipped

C:\System Volume Information\_restore{C0A0569E-8516-4BFF-A30A-122C6491D7D3}\RP732\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_780.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Link to post
Share on other sites
rmurphy

rmurphy

Posted
Posted

Please delete the following items:

C:\Documents and Settings\Mom\Desktop\Desktop\ezcalendarfree.exe

C:\2-22-02 and backup_12_13_03\moms backup 2_22_02\Desktop\eDonkey61.exe

Other than that, your log is clean. :thumbsup:

For information on how to protect yourself in the future, read Infection Prevention

Because your issue does not appear to be malware related, I recommend posting in the PC Support forum.

-Ryan

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing