Trojan zlob.n

Posted 8/4/2007 10:11 PM
#51455
User avatar

drunkensoldier Member

Date Joined Nov 2016
Total Posts: 6
Hey, <br/>Downloaded trojan.zlob.n and Virusprotectpro, Virus software caught both and quarantined tham. They had already downloaded the virusprotectpro toolbar etc. Now search results are redirected to other sites, windows explorer crashes all the time, system scan crashes during scan and excel wont run. None of the reg edits associated with the viruses are in the registry. <br/> <br/>Can someone give me an idea of the best course of action? <br/> <br/>Thanks
Posted 8/4/2007 10:32 PM
#51457
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Hello. <br/>Please see this page on how to start so we can see some logs'n stuff.
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 8/4/2007 11:17 PM
#51460
User avatar

drunkensoldier Member

Date Joined Nov 2016
Total Posts: 6
[3] <br/><FONT face="Times New Roman">AVG finds about 1 virus and about 50 cookies before crahing like my antivirus software[/3] <br/> <br/>[3][/3] <br/> <br/>[3]ComboFix returns a corrupt file error and displays this; <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting DelClsid.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting FIND3M.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting FIXLSP.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting history.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting List-C.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting Look2Me.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting MoveIt.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting NTP.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting Qoo.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting Sys.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting upload.bat<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Extracting nircmd.exe<o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; COLOR: #a00000; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">CRC failed in nircmd.exe<SPAN lang=EN-US style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US"><o:p></o:p> <br/> <br/><SPAN lang=EN-US style="FONT-SIZE: 8.5pt; COLOR: #a00000; FONT-FAMILY: 'MS Sans Serif'; mso-ansi-language: EN-US">Unexpected end of archive <br/></FONT> <br/>[3][/3] <br/> <br/>[3]rootcheck and hijack follow[/3] <br/> <br/>[3][/3] <br/> <br/>[3]********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh[/3] <br/> <br/>[3]04/08/2007 23:44:49.48[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]The rootkits that are detected by this tool were not found.[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]********************************* ROOTCHK-LOG-end[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[/3] <br/> <br/>[3]Rootkit scan 2007-08-04 23:44:51[/3] <br/> <br/>[3]Windows 5.1.2600 Service Pack 2[/3] <br/> <br/>[3]detected NTDLL code modification:[/3] <br/> <br/>[3]ZwQueryDirectoryFile[/3] <br/> <br/>[3]scanning hidden processes ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]detected NTDLL code modification:[/3] <br/> <br/>[3]ZwQueryDirectoryFile[/3] <br/> <br/>[3]scanning hidden services & system hive ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]detected NTDLL code modification:[/3] <br/> <br/>[3]ZwQueryDirectoryFile[/3] <br/> <br/>[3]scanning hidden registry entries ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]detected NTDLL code modification:[/3] <br/> <br/>[3]ZwQueryDirectoryFile[/3] <br/> <br/>[3]scanning hidden files ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]hidden processes: 0[/3] <br/> <br/>[3]hidden files: 0[/3] <br/> <br/>[3][/3] <br/> <br/>[3][/3] <br/> <br/>[3] [/3] <br/> <br/>[3][/3] <br/> <br/>[3]<o:p></o:p>[/3] <br/> <br/>[3]Logfile of HijackThis v1.99.1[/3] <br/> <br/>[3]Scan saved at 00:05:43, on 05/08/2007[/3] <br/> <br/>[3]Platform: Windows XP SP2 (WinNT 5.01.2600)[/3] <br/> <br/>[3]MSIE: Internet Explorer v7.00 (7.00.6000.16473)[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]Running processes:[/3] <br/> <br/>[3]C:\WINDOWS\System32\smss.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\csrss.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\winlogon.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\services.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\lsass.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\svchost.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\svchost.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\svchost.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\svchost.exe[/3] <br/> <br/>[3]C:\WINDOWS\Explorer.EXE[/3] <br/> <br/>[3]C:\WINDOWS\system32\svchost.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/3] <br/> <br/>[3]C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\spoolsv.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[/3] <br/> <br/>[3]C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[/3] <br/> <br/>[3]C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[/3] <br/> <br/>[3]C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\wbem\wmiprvse.exe[/3] <br/> <br/>[3]C:\Program Files\Apoint\Apoint.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\hkcmd.exe[/3] <br/> <br/>[3]C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[/3] <br/> <br/>[3]C:\Program Files\Dell\QuickSet\quickset.exe[/3] <br/> <br/>[3]C:\Program Files\Apoint\Apntex.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\dla\tfswctrl.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccApp.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\alg.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[/3] <br/> <br/>[3]C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[/3] <br/> <br/>[3]C:\Program Files\Real\RealPlayer\RealPlay.exe[/3] <br/> <br/>[3]C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[/3] <br/> <br/>[3]C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[/3] <br/> <br/>[3]C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[/3] <br/> <br/>[3]C:\Program Files\iTunes\iTunesHelper.exe[/3] <br/> <br/>[3]C:\Program Files\Dell Support\DSAgnt.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\ctfmon.exe[/3] <br/> <br/>[3]C:\Program Files\Valve\Steam\Steam.exe[/3] <br/> <br/>[3]C:\Program Files\Digital Line Detect\DLG.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Teleca Shared\Generic.exe[/3] <br/> <br/>[3]C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe[/3] <br/> <br/>[3]C:\Program Files\iPod\bin\iPodService.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE[/3] <br/> <br/>[3]C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe[/3] <br/> <br/>[3]C:\Program Files\Internet Explorer\iexplore.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\NMain.exe[/3] <br/> <br/>[3]C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[/3] <br/> <br/>[3]C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[/3] <br/> <br/>[3]C:\Documents and Settings\Michael McClelland\Desktop\alternativ.exe[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK[/3] <br/> <br/>[3]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896[/3] <br/> <br/>[3]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/[/3] <br/> <br/>[3]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157[/3] <br/> <br/>[3]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896[/3] <br/> <br/>[3]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896[/3] <br/> <br/>[3]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway[/3] <br/> <br/>[3]R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway[/3] <br/> <br/>[3]O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll[/3] <br/> <br/>[3]O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL[/3] <br/> <br/>[3]O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll[/3] <br/> <br/>[3]O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll[/3] <br/> <br/>[3]O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll[/3] <br/> <br/>[3]O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll[/3] <br/> <br/>[3]O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll[/3] <br/> <br/>[3]O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll[/3] <br/> <br/>[3]O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll[/3] <br/> <br/>[3]O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"[/3] <br/> <br/>[3]O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized[/3] <br/> <br/>[3]O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup[/3] <br/> <br/>[3]O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe[/3] <br/> <br/>[3]O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent[/3] <br/> <br/>[3]O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[/3] <br/> <br/>[3]O4 - Global Startup: Digital Line Detect.lnk = ?[/3] <br/> <br/>[3]O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE[/3] <br/> <br/>[3]O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm[/3] <br/> <br/>[3]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll[/3] <br/> <br/>[3]O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll[/3] <br/> <br/>[3]O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)[/3] <br/> <br/>[3]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/3] <br/> <br/>[3]O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/3] <br/> <br/>[3]O11 - Options group: [INTERNATIONAL] International*[/3] <br/> <br/>[3]O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/3] <br/> <br/>[3]O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab[/3] <br/> <br/>[3]O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/3] <br/> <br/>[3]O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/3] <br/> <br/>[3]O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab[/3] <br/> <br/>[3]O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab[/3] <br/> <br/>[3]O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab[/3] <br/> <br/>[3]O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/3] <br/> <br/>[3]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/3] <br/> <br/>[3]O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)[/3] <br/> <br/>[3]O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll[/3] <br/> <br/>[3]O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll[/3] <br/> <br/>[3]O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll[/3] <br/> <br/>[3]O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll[/3] <br/> <br/>[3]O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll[/3] <br/> <br/>[3]O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[/3] <br/> <br/>[3]O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[/3] <br/> <br/>[3]O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[/3] <br/> <br/>[3]O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe[/3] <br/> <br/>[3]O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[/3] <br/> <br/>[3]O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe[/3] <br/> <br/>[3]O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe[/3] <br/> <br/>[3]O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE[/3] <br/> <br/>[3]O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)[/3] <br/> <br/>[3]O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe[/3] <br/> <br/>[3]O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[/3] <br/> <br/>[3]O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE[/3] <br/> <br/>[3]O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[/3] <br/> <br/>[3]O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation<SPAN style="mso-spacerun: yes"> - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[/3] <br/> <br/>[3]O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[/3] <br/> <br/>[3]O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[/3] <br/> <br/>[3]O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/3] <br/> <br/>[3]O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[/3] <br/> <br/>[3] [/3] <br/> <br/>[3]thanks<o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3]
Posted 8/5/2007 10:23 PM
#51494
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
I asked someone to take a second look to the log since I didnt notice anything suspicious in the log. <br/> <br/>Will get back to you soon.
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 8/6/2007 3:18 PM
#51546
User avatar

drunkensoldier Member

Date Joined Nov 2016
Total Posts: 6
Thanks Andrea, <br/> <br/>Had a look at the AVG website and found that the exeption error that i was getting might have been an update problem, downloaded 7.5 trial version and now when i run it finds plenty of cookies but no virus, when I run my own antivirus, an AVG msg comes up (threat detected, while opening ...system32\kddwe.dll .... trojan horse generic5.KUF). i clicked on heal the first time it came up and it said access to the file was denied. The avg log keeps on reporting this but im not sure if its just the virus. <br/> <br/>Also the file that norton always trips up on is Zoomifyer EZ v3.0, avg reports this as an exception, dont know if any of this helps. <br/> <br/><br /><br /> <br/><br /><br /> <br/><br /><br />
Posted 8/7/2007 3:35 PM
#51609
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Hello. Sorry for the late reply. There was a bug in Combofix that caused that problem, which is now solved. <br/> <br/>Please download the tool again, retry my instructions and post the Combofix log.
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
Posted 8/7/2007 8:10 PM
#51637
User avatar

drunkensoldier Member

Date Joined Nov 2016
Total Posts: 6
<H1 style="MARGIN: 0cm 0cm 0pt">[3] <br/><FONT face="Times New Roman">Ok, looks like that did the trick, rootcheck, combofix and hijack follow, [/3] <br/> <br/>Anti virus now runs, it found and removed trojan.zlob.n and found the generic trojan in ..system32\kddwe.exe but can only quarantine. <br/> <br/>Everything else seems to be working a bit better, the system is a bit unstable on shutdown/startup but i'll keep running it and see how it goes. <br/> <br/>Thanks Andrea <br/> <br/></FONT>[5][/5] <br/></H1> <br/><H1 style="MARGIN: 0cm 0cm 0pt">[5]RootCheck Log[/5]</H1> <br/>[3] <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh[/3] <br/> <br/>[3]07/08/2007 17:59:52.43[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]The rootkits that are detected by this tool were not found.[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]********************************* ROOTCHK-LOG-end[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[/3] <br/> <br/>[3]Rootkit scan 2007-08-07 17:59:54[/3] <br/> <br/>[3]Windows 5.1.2600 Service Pack 2[/3] <br/> <br/>[3]detected NTDLL code modification:[/3] <br/> <br/>[3]ZwQueryDirectoryFile[/3] <br/> <br/>[3]scanning hidden processes ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]detected NTDLL code modification:[/3] <br/> <br/>[3]ZwQueryDirectoryFile[/3] <br/> <br/>[3]scanning hidden services & system hive ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]detected NTDLL code modification:[/3] <br/> <br/>[3]ZwQueryDirectoryFile[/3] <br/> <br/>[3]scanning hidden registry entries ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]detected NTDLL code modification:[/3] <br/> <br/>[3]ZwQueryDirectoryFile[/3] <br/> <br/>[3]scanning hidden files ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]hidden processes: 0[/3] <br/> <br/>[3]hidden files: 0[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/><U><SPAN style="FONT-SIZE: 18pt; mso-bidi-font-size: 12.0pt">[3] <o:p></o:p>[/3] <br/> <br/>[3]ComboFix 07-08-04.3 - "Michael McClelland" 2007-08-07 18:05:49.1 [GMT 1:00] - NTFS [/3] <br/> <br/>[3]Microsoft Windows XP Home Edition<SPAN style="mso-spacerun: yes"> 5.1.2600.2.1252.1.1033.18.True[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-tab-count: 1"> /wow section not completed[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3](((((((((((((((((((((((((((((((((((((((<SPAN style="mso-spacerun: yes"> Other Deletions<SPAN style="mso-spacerun: yes"> )))))))))))))))))))))))))))))))))))))))))))))))))[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]C:\Program Files\video activex access[/3] <br/> <br/>[3]C:\Program Files\video activex access\iesunst.exe[/3] <br/> <br/>[3]C:\Program Files\video activex access\ot.ico[/3] <br/> <br/>[3]C:\Program Files\video activex access\ts.ico[/3] <br/> <br/>[3]C:\Program Files\video activex access\uninst.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\kddwe.exe[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3](((((((((((((((((((((((((<SPAN style="mso-spacerun: yes"> Files Created from 2007-07-07 to 2007-08-07<SPAN style="mso-spacerun: yes"> )))))))))))))))))))))))))))))))[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]2007-08-07 18:03<SPAN style="mso-tab-count: 1"> 51,200<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\nircmd.exe[/3] <br/> <br/>[3]2007-08-07 17:36<SPAN style="mso-tab-count: 1"> 10,872<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\drivers\AvgAsCln.sys[/3] <br/> <br/>[3]2007-08-05 16:10<SPAN style="mso-tab-count: 1"> 9,216<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\avgwlntf.dll[/3] <br/> <br/>[3]2007-08-05 16:10<SPAN style="mso-tab-count: 1"> 110,592<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\avgfwafu.dll[/3] <br/> <br/>[3]2007-08-05 13:54<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\AVG[/3] <br/> <br/>[3]2007-08-04 23:52<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\CCleaner[/3] <br/> <br/>[3]2007-08-04 12:16<SPAN style="mso-tab-count: 1"> 28,672<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\drivers\CO_Mon.sys[/3] <br/> <br/>[3]2007-08-04 11:34<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\MICHAE~1\APPLIC~1\WholeSecurity[/3] <br/> <br/>[3]2007-07-23 21:58<SPAN style="mso-tab-count: 1"> 684,032<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\ADMINI~1\NTUSER.DAT[/3] <br/> <br/>[3]2007-07-23 21:58<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--h-----<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek[/3] <br/> <br/>[3]2007-07-23 21:58<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver[/3] <br/> <br/>[3]2007-07-23 21:58<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec[/3] <br/> <br/>[3]2007-07-23 21:58<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc[/3] <br/> <br/>[3]2007-07-23 21:58<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel[/3] <br/> <br/>[3]2007-07-19 19:13<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d-a------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP[/3] <br/> <br/>[3]2007-07-12 19:59<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\iPod[/3] <br/> <br/>[3]2007-07-12 19:56<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Common Files\Apple[/3] <br/> <br/>[3]2007-07-12 19:56<SPAN style="mso-tab-count: 1"> <DIR><SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]((((((((((((((((((((((((((((((((((((((((<SPAN style="mso-spacerun: yes"> Find3M Report<SPAN style="mso-spacerun: yes"> ))))))))))))))))))))))))))))))))))))))))))))))))))))[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]2007-08-07 17:37<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Common Files\Symantec Shared[/3] <br/> <br/>[3]2007-07-29 09:01<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Modem Helper[/3] <br/> <br/>[3]2007-07-29 09:01<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Hewlett-Packard[/3] <br/> <br/>[3]2007-07-29 09:01<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\DivX[/3] <br/> <br/>[3]2007-07-29 09:01<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Common Files\AOL[/3] <br/> <br/>[3]2007-07-29 09:01<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Apple Software Update[/3] <br/> <br/>[3]2007-07-26 18:29<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\MICHAE~1\APPLIC~1\VideoEgg[/3] <br/> <br/>[3]2007-07-19 19:22<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Norton Internet Security[/3] <br/> <br/>[3]2007-07-19 19:18<SPAN style="mso-tab-count: 1"> 806<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\drivers\SYMEVENT.INF[/3] <br/> <br/>[3]2007-07-19 19:18<SPAN style="mso-tab-count: 1"> 8014<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\drivers\SYMEVENT.CAT[/3] <br/> <br/>[3]2007-07-19 19:18<SPAN style="mso-tab-count: 1"> 48776<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\S32EVNT1.DLL[/3] <br/> <br/>[3]2007-07-19 19:18<SPAN style="mso-tab-count: 1"> 115000<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\drivers\SYMEVENT.SYS[/3] <br/> <br/>[3]2007-07-19 19:18<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Symantec[/3] <br/> <br/>[3]2007-07-12 19:59<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\iTunes[/3] <br/> <br/>[3]2007-07-12 19:53<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\QuickTime[/3] <br/> <br/>[3]2007-06-17 20:06<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\MICHAE~1\APPLIC~1\Command & Conquer 3 Tiberium Wars[/3] <br/> <br/>[3]2007-06-09 11:19<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\SystemRequirementsLab[/3] <br/> <br/>[3]2007-06-09 00:05<SPAN style="mso-tab-count: 1"> 108144<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\CmdLineExt.dll[/3] <br/> <br/>[3]2007-06-08 21:40<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> dr-h-----<SPAN style="mso-tab-count: 1"> C:\DOCUME~1\MICHAE~1\APPLIC~1\SecuROM[/3] <br/> <br/>[3]2007-06-08 21:28<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> d--------<SPAN style="mso-tab-count: 1"> C:\Program Files\Electronic Arts[/3] <br/> <br/>[3]2007-05-31 07:45<SPAN style="mso-tab-count: 1"> 524288<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\DivXsm.exe[/3] <br/> <br/>[3]2007-05-31 07:44<SPAN style="mso-tab-count: 1"> 823296<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\divx_xx0c.dll[/3] <br/> <br/>[3]2007-05-31 07:44<SPAN style="mso-tab-count: 1"> 823296<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\divx_xx07.dll[/3] <br/> <br/>[3]2007-05-31 07:44<SPAN style="mso-tab-count: 1"> 802816<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\divx_xx11.dll[/3] <br/> <br/>[3]2007-05-31 07:44<SPAN style="mso-tab-count: 1"> 740442<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\DivX.dll[/3] <br/> <br/>[3]2007-05-16 16:12<SPAN style="mso-tab-count: 1"> 86528<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\dllcache\directdb.dll[/3] <br/> <br/>[3]2007-05-16 16:12<SPAN style="mso-tab-count: 1"> 85504<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\dllcache\wabimp.dll[/3] <br/> <br/>[3]2007-05-16 16:12<SPAN style="mso-tab-count: 1"> 683520<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\inetcomm.dll[/3] <br/> <br/>[3]2007-05-16 16:12<SPAN style="mso-tab-count: 1"> 683520<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\dllcache\inetcomm.dll[/3] <br/> <br/>[3]2007-05-16 16:12<SPAN style="mso-tab-count: 1"> 510976<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\dllcache\wab32.dll[/3] <br/> <br/>[3]2007-05-16 16:12<SPAN style="mso-tab-count: 1"> 1314816<SPAN style="mso-tab-count: 1"> ---------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\dllcache\msoe.dll[/3] <br/> <br/>[3]2007-05-08 10:24<SPAN style="mso-tab-count: 1"> 3583488<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\WINDOWS\system32\dllcache\mshtml.dll[/3] <br/> <br/>[3]2006-03-12 15:45<SPAN style="mso-tab-count: 1"> 1634<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\D2P.exe.config[/3] <br/> <br/>[3]2005-05-12 12:35<SPAN style="mso-tab-count: 1"> 913408<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\D2P.exe[/3] <br/> <br/>[3]2005-05-12 12:35<SPAN style="mso-tab-count: 1"> 53248<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\CommonUtils.dll[/3] <br/> <br/>[3]2005-05-12 12:35<SPAN style="mso-tab-count: 1"> 323584<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\CommonGUI.dll[/3] <br/> <br/>[3]2005-04-04 11:52<SPAN style="mso-tab-count: 1"> 765952<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CDDBUI.dll[/3] <br/> <br/>[3]2005-04-04 11:52<SPAN style="mso-tab-count: 1"> 589824<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CDDBControl.dll[/3] <br/> <br/>[3]2005-04-04 11:52<SPAN style="mso-tab-count: 1"> 143360<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\Interop.CDDBCONTROLLib.dll[/3] <br/> <br/>[3]2005-04-04 11:52<SPAN style="mso-tab-count: 1"> 12800<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\Interop.CDDBUICONTROLLib.dll[/3] <br/> <br/>[3]2005-03-31 12:34<SPAN style="mso-tab-count: 1"> 93148<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\D2P.chm[/3] <br/> <br/>[3]2005-03-30 17:02<SPAN style="mso-tab-count: 1"> 15360<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\Autoproxy.dll[/3] <br/> <br/>[3]2005-03-10 17:39<SPAN style="mso-tab-count: 1"> 749568<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\mp3enc.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 86016<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangJA.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 81920<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangKO.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 77824<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangZT.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 77824<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangZH.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 110592<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangPT_BR.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 110592<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangNL.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 110592<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangIT.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 110592<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangFR.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 110592<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangES.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 110592<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangDE.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 106496<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangSV.dll[/3] <br/> <br/>[3]2005-03-10 14:06<SPAN style="mso-tab-count: 1"> 102400<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\CddbLangTH.dll[/3] <br/> <br/>[3]2005-03-10 04:02<SPAN style="mso-tab-count: 1"> 49152<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\AxInterop.SHDocVw.dll[/3] <br/> <br/>[3]2005-03-10 04:02<SPAN style="mso-tab-count: 1"> 126976<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\Interop.SHDocVw.dll[/3] <br/> <br/>[3]2005-02-28 19:11<SPAN style="mso-tab-count: 1"> 53248<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\Interop.Shell32.dll[/3] <br/> <br/>[3]2004-11-09 13:07<SPAN style="mso-tab-count: 1"> 606<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\D2P.exe.manifest[/3] <br/> <br/>[3]2004-11-09 13:07<SPAN style="mso-tab-count: 1"> 118784<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\mp3dec.dll[/3] <br/> <br/>[3]2004-11-09 13:07<SPAN style="mso-tab-count: 1"> 0<SPAN style="mso-tab-count: 1"> -ra------<SPAN style="mso-tab-count: 1"> C:\Program Files\D2P.exe.local[/3] <br/> <br/>[3]2004-08-04 01:56<SPAN style="mso-tab-count: 1"> 49152<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\AxInterop.WMPLib.dll[/3] <br/> <br/>[3]2004-08-04 01:56<SPAN style="mso-tab-count: 1"> 270336<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\Interop.WMPLib.dll[/3] <br/> <br/>[3]2004-08-04 00:01<SPAN style="mso-tab-count: 1"> 49152<SPAN style="mso-tab-count: 1"> --a------<SPAN style="mso-tab-count: 1"> C:\Program Files\Interop.IWshRuntimeLibrary.dll[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3](((((((((((((((((((((((((((((((((((((<SPAN style="mso-spacerun: yes"> Reg Loading Points<SPAN style="mso-spacerun: yes"> ))))))))))))))))))))))))))))))))))))))))))))))))))[/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/><SPAN style="mso-spacerun: yes">[3] [/3] <br/> <br/>[3]*Note* empty entries & legit default entries are not shown [/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][/3] <br/> <br/>[3]"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33][/3] <br/> <br/>[3]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 15:02][/3] <br/> <br/>[3]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 15:02][/3] <br/> <br/>[3]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10][/3] <br/> <br/>[3]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59][/3] <br/> <br/>[3]"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26][/3] <br/> <br/>[3]"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50][/3] <br/> <br/>[3]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50][/3] <br/> <br/>[3]"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33][/3] <br/> <br/>[3]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19][/3] <br/> <br/>[3]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 11:08][/3] <br/> <br/>[3]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17][/3] <br/> <br/>[3]"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-11 22:16][/3] <br/> <br/>[3]"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40][/3] <br/> <br/>[3]"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19][/3] <br/> <br/>[3]"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56][/3] <br/> <br/>[3]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24][/3] <br/> <br/>[3]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18][/3] <br/> <br/>[3]"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30][/3] <br/> <br/>[3]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-05 16:10][/3] <br/> <br/>[3]"!AVG Anti-Spyware"="C:\Documents and Settings\Michael McClelland\My Documents\Downloaded Program Updates\Virus Killer\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25][/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][/3] <br/> <br/>[3]"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51][/3] <br/> <br/>[3]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00][/3] <br/> <br/>[3]"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-06-28 18:51][/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\[/3] <br/> <br/>[3]Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26][/3] <br/> <br/>[3]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-11 22:12:08][/3] <br/> <br/>[3]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54][/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system][/3] <br/> <br/>[3]"DisableRegistryTools"=0 (0x0)[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] [/3] <br/> <br/>[3]avgwlntf.dll 2007-08-05 16:10 9216 C:\WINDOWS\system32\avgwlntf.dll[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] [/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]R1 AvgMfx86;AVG Minifilter x86 Resident Driver;C:\WINDOWS\system32\Drivers\avgmfx86.sys[/3] <br/> <br/>[3]R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys[/3] <br/> <br/>[3]R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys[/3] <br/> <br/>[3]R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys[/3] <br/> <br/>[3]R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys[/3] <br/> <br/>[3]R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys[/3] <br/> <br/>[3]R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys[/3] <br/> <br/>[3]R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys[/3] <br/> <br/>[3]R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys[/3] <br/> <br/>[3]R3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys[/3] <br/> <br/>[3]R3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys[/3] <br/> <br/>[3]R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys[/3] <br/> <br/>[3]S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys[/3] <br/> <br/>[3]S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys[/3] <br/> <br/>[3]S3 EraserUtilDrv10501;EraserUtilDrv10501;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10501.sys[/3] <br/> <br/>[3]S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys[/3] <br/> <br/>[3]S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]*Newly Created Service* - COMHOST[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]Contents of the 'Scheduled Tasks' folder[/3] <br/> <br/>[3]2007-07-19 12:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe[/3] <br/> <br/>[3]2007-07-27 19:00:14 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Michael McClelland.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]**************************************************************************[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net[/3] <br/> <br/>[3]Rootkit scan 2007-08-07 19:04:34[/3] <br/> <br/>[3]Windows 5.1.2600 Service Pack 2 NTFS[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]scanning hidden processes ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]scanning hidden registry entries ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]scanning hidden files ...[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]scan completed successfully[/3] <br/> <br/>[3]hidden files: 0[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]**************************************************************************[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]Completion time: 2007-08-07 19:09:44 - machine was rebooted[/3] <br/> <br/>[3]C:\ComboFix-quarantined-files.txt ... 2007-08-07 19:09[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]<SPAN style="mso-tab-count: 1"> --- E O F ---[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/><U><SPAN style="FONT-SIZE: 18pt; mso-bidi-font-size: 12.0pt">[3] <o:p></o:p>[/3] <br/> <br/>[3]Logfile of HijackThis v1.99.1[/3] <br/> <br/>[3]Scan saved at 19:17:02, on 07/08/2007[/3] <br/> <br/>[3]Platform: Windows XP SP2 (WinNT 5.01.2600)[/3] <br/> <br/>[3]MSIE: Internet Explorer v7.00 (7.00.6000.16473)[/3] <br/> <br/>[3] <o:p></o:p>[/3] <br/> <br/>[3]Running processes:[/3] <br/> <br/>[3]C:\WINDOWS\System32\smss.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\winlogon.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\services.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\lsass.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\svchost.exe[/3] <br/> <br/>[3]C:\WINDOWS\System32\svchost.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[/3] <br/> <br/>[3]C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[/3] <br/> <br/>[3]C:\WINDOWS\Explorer.EXE[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[/3] <br/> <br/>[3]C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccProxy.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\spoolsv.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[/3] <br/> <br/>[3]C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[/3] <br/> <br/>[3]C:\Documents and Settings\Michael McClelland\My Documents\Downloaded Program Updates\Virus Killer\AVG Anti-Spyware 7.5\guard.exe[/3] <br/> <br/>[3]C:\Program Files\Apoint\Apoint.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\hkcmd.exe[/3] <br/> <br/>[3]C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[/3] <br/> <br/>[3]C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[/3] <br/> <br/>[3]C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[/3] <br/> <br/>[3]C:\Program Files\Dell\QuickSet\quickset.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[/3] <br/> <br/>[3]C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\dla\tfswctrl.exe[/3] <br/> <br/>[3]C:\Program Files\Common Files\Symantec Shared\ccApp.exe[/3] <br/> <br/>[3]C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe[/3] <br/> <br/>[3]C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[/3] <br/> <br/>[3]C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe[/3] <br/> <br/>[3]C:\Program Files\Real\RealPlayer\RealPlay.exe[/3] <br/> <br/>[3]C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[/3] <br/> <br/>[3]C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[/3]
Posted 9/7/2007 11:07 AM
#53209
User avatar

drunkensoldier Member

Date Joined Nov 2016
Total Posts: 6
Hey, looks like quarantining the trojan has really screwed the pooch. computer only starts on every third or fourth attempt and even then it is slow and unstable. <br/>Is there anything worth trying before I reformat?
Posted 9/7/2007 9:16 PM
#53247
User avatar

Andrei M Advanced member

Date Joined Nov 2016
Total Posts: 356
Sorry for the late reply. Before proceeding to a system format as you mention, you might wish to post a new FULL hijackthis log, since the last one only had the running processes and I need the full log to see stuff. <br/> <br/>Regards,
Andrei M
[blue]Microsoft Certified Professional[/blue]
BullGuard | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, December 6, 2016, 2:06 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.