Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Patrick Can't Do It Alone

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Patrick Can't Do It Alone

Unread postby Pg&Lee » February 24th, 2008, 9:00 am

Gentlemen:
Since at least 23 Feb 08 my PC has been infected with malware. I've been unable to clear this problem with the tool and knowledge I have available. Request your assistance. I've attached my recent HJT log for your use.

The tools I have available indicate the presence of the following malware;
- Adware.Agent.BN
- AdwareAlert
- Smitfraud-C.MSVPS
- Zlob.Downloader.vcd
- Downloader

Any help would be sincerely appreciate.

Patrick
Bethesda, MD USA
You do not have the required permissions to view the files attached to this post.
Pg&Lee
Active Member
 
Posts: 11
Joined: February 24th, 2008, 7:44 am
Advertisement
Register to Remove

Re: Patrick Can't Do It Alone

Unread postby chryssi2001 » February 28th, 2008, 3:44 am

Hello Pg&Lee,

I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Patrick Can't Do It Alone

Unread postby chryssi2001 » February 28th, 2008, 5:40 am

Hello Pg&Lee :) ,

LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
-----------------------------------------------
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
-----------------------------------------------
Post back:
Programs list.
SDFix report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Patrick Can't Do It Alone

Unread postby Pg&Lee » February 28th, 2008, 10:22 pm

chryssi2001,

Thanks in advance for your help.

I've attached the three posts you requested.

Please let me know what else I can do to help.

Regards, Patrick
You do not have the required permissions to view the files attached to this post.
Pg&Lee
Active Member
 
Posts: 11
Joined: February 24th, 2008, 7:44 am

Re: Patrick Can't Do It Alone

Unread postby chryssi2001 » February 29th, 2008, 3:32 am

Hello Pg&Lee,

I would like you to re-post all the reports propertly and not as attachments.
Please do so for all the next reports i will ask during the cleaning of your pc.
Use separate posts if needed.
Thanks :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Patrick Can't Do It Alone

Unread postby Pg&Lee » February 29th, 2008, 6:32 am

Per your request,

SDFix: Version 1.149

Run by Patrick on Thu 02/28/2008 at 20:54

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\TFTP760 - Deleted
C:\WINDOWS\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\alofkmn.dll - Deleted
C:\WINDOWS\dgtxrdfsnw.dll - Deleted
C:\WINDOWS\fkxvkns.exe - Deleted
C:\WINDOWS\rs.txt - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 21:01:59
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000ad

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Disabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\RhinoSoft.com\\FTP Voyager\\FTPVoyager.exe"="C:\\Program Files\\RhinoSoft.com\\FTP Voyager\\FTPVoyager.exe:*:Enabled:FTP Voyager, an FTP Client for Windows"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"D:\\Program Files\\WS_FTP\\WS_FTP95.exe"="D:\\Program Files\\WS_FTP\\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\\Program Files\\Kensington\\MouseWorks\\k_update.exe"="C:\\Program Files\\Kensington\\MouseWorks\\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web."
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealOne Player"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"D:\\Program Files\\AKSS-CD\\jre1.1.8\\bin\\jrew.exe"="D:\\Program Files\\AKSS-CD\\jre1.1.8\\bin\\jrew.exe:*:Enabled:jrew"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\TiVo Shared\\Beacon\\TiVoBeacon.exe"="C:\\Program Files\\Common Files\\TiVo Shared\\Beacon\\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service"
"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe"="C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service"
"C:\\Program Files\\TiVo\\Desktop\\TiVoDesktop.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 3 Aug 2004 82,944 A..HR --- "C:\Program Files\Messenger\msgsc.dll"
Tue 3 Aug 2004 180,224 A..HR --- "C:\Program Files\Messenger\msgslang.dll"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 20 Aug 2002 69,663 A..HR --- "C:\Program Files\Messenger\msmsgsin.exe"
Tue 3 Aug 2004 3,555,328 A..HR --- "C:\Program Files\Movie Maker\moviemk.exe"
Mon 31 Mar 2003 110,648 A..HR --- "C:\Program Files\Movie Maker\wmmfilt.dll"
Mon 31 Mar 2003 319,542 A..HR --- "C:\Program Files\Movie Maker\wmmres.dll"
Mon 31 Mar 2003 163,897 A..HR --- "C:\Program Files\Movie Maker\wmmutil.dll"
Tue 3 Aug 2004 385,024 A..HR --- "C:\Program Files\NetMeeting\callcont.dll"
Mon 31 Mar 2003 12,288 A..HR --- "C:\Program Files\NetMeeting\cb32.exe"
Tue 3 Aug 2004 1,032,192 A..HR --- "C:\Program Files\NetMeeting\conf.exe"
Tue 3 Aug 2004 45,056 A..HR --- "C:\Program Files\NetMeeting\confmrsl.dll"
Tue 3 Aug 2004 40,960 A..HR --- "C:\Program Files\NetMeeting\dcap32.dll"
Tue 3 Aug 2004 57,344 A..HR --- "C:\Program Files\NetMeeting\h323cc.dll"
Tue 3 Aug 2004 274,432 A..HR --- "C:\Program Files\NetMeeting\mst120.dll"
Tue 3 Aug 2004 57,344 A..HR --- "C:\Program Files\NetMeeting\mst123.dll"
Tue 3 Aug 2004 221,184 A..HR --- "C:\Program Files\NetMeeting\nac.dll"
Tue 3 Aug 2004 229,376 A..HR --- "C:\Program Files\NetMeeting\nmas.dll"
Tue 3 Aug 2004 28,672 A..HR --- "C:\Program Files\NetMeeting\nmasnt.dll"
Tue 3 Aug 2004 81,920 A..HR --- "C:\Program Files\NetMeeting\nmchat.dll"
Tue 3 Aug 2004 77,824 A..HR --- "C:\Program Files\NetMeeting\nmcom.dll"
Tue 3 Aug 2004 151,552 A..HR --- "C:\Program Files\NetMeeting\nmft.dll"
Tue 3 Aug 2004 172,032 A..HR --- "C:\Program Files\NetMeeting\nmoldwb.dll"
Tue 3 Aug 2004 188,416 A..HR --- "C:\Program Files\NetMeeting\nmwb.dll"
Tue 3 Aug 2004 61,440 A..HR --- "C:\Program Files\NetMeeting\rrcm.dll"
Mon 31 Mar 2003 12,288 A..HR --- "C:\Program Files\NetMeeting\wb32.exe"
Tue 3 Aug 2004 73,216 A..HR --- "C:\Program Files\Outlook Express\setup50.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 3 Aug 2004 539,136 A..HR --- "C:\Program Files\Windows NT\dialer.exe"
Mon 31 Mar 2003 13,312 A..HR --- "C:\Program Files\Windows NT\htrn_jis.dll"
Mon 31 Mar 2003 28,160 A..HR --- "C:\Program Files\Windows NT\hypertrm.exe"
Tue 3 Aug 2004 294,912 A..HR --- "C:\Program Files\Windows Media Player\dlimport.exe"
Mon 31 Mar 2003 403 A..HR --- "C:\Program Files\Windows Media Player\npdrmv2.zip"
Mon 31 Mar 2003 22,060 A..HR --- "C:\Program Files\Windows Media Player\npds.zip"
Tue 29 Nov 2005 364,544 A..HR --- "C:\Program Files\Windows Media Player\npdsplay.dll"
Mon 31 Mar 2003 520,192 A..HR --- "C:\Program Files\Windows Media Player\wmpvis.dll"
Sat 15 Jan 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 19 Sep 2001 720,896 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\a3d.dll"
Mon 22 Apr 2002 45,056 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\adminchk.dll"
Wed 19 Jun 2002 40,960 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\AEEnable.exe"
Fri 16 May 2003 106,496 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\DLSLdr.exe"
Thu 4 Oct 2001 36,352 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\install.exe"
Fri 16 May 2003 659,456 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\ListEnv.dll"
Fri 16 May 2003 159,744 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\MicTab.dll"
Fri 16 May 2003 28,672 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\MidiIO.dll"
Fri 16 May 2003 110,592 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\MidiSyn.dll"
Thu 19 Sep 2002 235,100 ...HR --- "C:\Program Files\Analog Devices\SoundMAX\midisyn.sys"
Wed 3 Oct 2001 381,200 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\migrate.dll"
Fri 24 Aug 2001 61,440 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\RemADI.exe"
Wed 10 Apr 2002 57,344 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\RemDev.exe"
Thu 4 Oct 2001 35,328 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\Remove.exe"
Fri 20 Sep 2002 45,056 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
Fri 7 Jun 2002 40,960 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\SMAgentI.exe"
Thu 8 Aug 2002 40,960 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\SMAgentX.exe"
Fri 30 May 2003 585,728 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe"
Thu 29 May 2003 790,528 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
Tue 18 Mar 2003 458,752 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\SMax4Wiz.exe"
Thu 13 Mar 2003 3,744 ...HR --- "C:\Program Files\Analog Devices\SoundMAX\smsens.sys"
Mon 2 Jun 2003 578,304 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\smwdm.sys"
Fri 23 May 2003 118,784 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll"
Fri 17 Jan 2003 10,880 A..HR --- "C:\Program Files\Analog Devices\SoundMAX\WDMSTUB.sys"
Tue 3 Aug 2004 249,856 A..HR --- "C:\Program Files\Common Files\System\wab32res.dll"
Wed 5 Sep 2001 56,320 A..HR --- "C:\Program Files\InstallShield Installation Information\{4ADD1150-DD68-4A20-A846-194068868B1A}\Setup.exe"
Sun 14 May 2000 134,656 A..HR --- "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Tue 3 Aug 2004 61,440 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwconn.dll"
Tue 3 Aug 2004 214,528 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe"
Tue 3 Aug 2004 86,016 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe"
Tue 3 Aug 2004 32,768 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwdl.dll"
Tue 3 Aug 2004 172,032 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwhelp.dll"
Mon 31 Mar 2003 61,440 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwres.dll"
Tue 3 Aug 2004 24,576 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe"
Mon 31 Mar 2003 73,728 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe"
Tue 3 Aug 2004 49,152 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\icwutil.dll"
Tue 3 Aug 2004 20,480 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe"
Mon 31 Mar 2003 16,384 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe"
Mon 31 Mar 2003 40,960 A..HR --- "C:\Program Files\Internet Explorer\Connection Wizard\trialoc.dll"
Mon 31 Mar 2003 82,501 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\bckg.dll"
Mon 31 Mar 2003 1,817,687 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\bckgres.dll"
Mon 31 Mar 2003 42,577 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe"
Mon 31 Mar 2003 40,515 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\chkr.dll"
Mon 31 Mar 2003 780,885 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\chkrres.dll"
Mon 31 Mar 2003 42,575 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe"
Mon 31 Mar 2003 217,160 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\Cmnclim.dll"
Mon 31 Mar 2003 1,039,955 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\Cmnresm.dll"
Mon 31 Mar 2003 57,409 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\hrtz.dll"
Mon 31 Mar 2003 1,175,635 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\Hrtzres.dll"
Mon 31 Mar 2003 42,573 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe"
Mon 31 Mar 2003 48,706 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\rvse.dll"
Mon 31 Mar 2003 753,236 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\Rvseres.dll"
Mon 31 Mar 2003 42,574 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe"
Mon 31 Mar 2003 66,113 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\shvl.dll"
Mon 31 Mar 2003 2,178,131 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\Shvlres.dll"
Mon 31 Mar 2003 42,573 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe"
Mon 31 Mar 2003 32,339 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\UniAnsi.dll"
Mon 31 Mar 2003 36,937 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe"
Mon 31 Mar 2003 41,029 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\ZCorem.dll"
Mon 31 Mar 2003 4,677 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\zeeverm.dll"
Mon 31 Mar 2003 29,760 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\ZNetM.dll"
Mon 31 Mar 2003 113,222 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\zoneclim.dll"
Mon 31 Mar 2003 13,894 A..HR --- "C:\Program Files\MSN Gaming Zone\Windows\zonelibM.dll"
Tue 3 Aug 2004 214,528 A..HR --- "C:\Program Files\Windows NT\Accessories\wordpad.exe"
Tue 3 Aug 2004 281,088 A..HR --- "C:\Program Files\Windows NT\Pinball\pinball.exe"
Tue 25 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 3 Aug 2004 561,179 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll"
Mon 31 Mar 2003 39,936 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"
Tue 3 Aug 2004 741,376 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll"
Mon 31 Mar 2003 36,864 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe"
Tue 3 Aug 2004 153,088 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll"
Sat 5 Jun 1999 122,937 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOWS409.DLL"
Mon 31 Mar 2003 235,520 A..HR --- "C:\Program Files\Common Files\MSSoap\Binaries\mssoap1.dll"
Mon 31 Mar 2003 25,088 A..HR --- "C:\Program Files\Common Files\MSSoap\Binaries\wisc10.dll"
Mon 31 Mar 2003 77,824 A..HR --- "C:\Program Files\Common Files\SpeechEngines\Microsoft\spcommon.dll"
Tue 3 Aug 2004 24,576 A..HR --- "C:\Program Files\Common Files\System\ado\msader15.dll"
Tue 26 Dec 2006 536,576 A..HR --- "C:\Program Files\Common Files\System\ado\msado15.dll"
Tue 26 Dec 2006 180,224 A..HR --- "C:\Program Files\Common Files\System\ado\msadomd.dll"
Tue 3 Aug 2004 57,344 A..HR --- "C:\Program Files\Common Files\System\ado\msador15.dll"
Tue 26 Dec 2006 200,704 A..HR --- "C:\Program Files\Common Files\System\ado\msadox.dll"
Tue 3 Aug 2004 57,344 A..HR --- "C:\Program Files\Common Files\System\ado\msadrh15.dll"
Tue 26 Dec 2006 102,400 A..HR --- "C:\Program Files\Common Files\System\ado\msjro.dll"
Mon 31 Mar 2003 518 A..HR --- "C:\Program Files\Common Files\System\msadc\handler.reg"
Mon 31 Mar 2003 588 A..HR --- "C:\Program Files\Common Files\System\msadc\handsafe.reg"
Mon 31 Mar 2003 573 A..HR --- "C:\Program Files\Common Files\System\msadc\handunsf.reg"
Tue 3 Aug 2004 331,776 A..HR --- "C:\Program Files\Common Files\System\msadc\msadce.dll"
Tue 3 Aug 2004 20,480 A..HR --- "C:\Program Files\Common Files\System\msadc\msadcer.dll"
Tue 3 Aug 2004 61,440 A..HR --- "C:\Program Files\Common Files\System\msadc\msadcf.dll"
Tue 3 Aug 2004 16,384 A..HR --- "C:\Program Files\Common Files\System\msadc\msadcfr.dll"
Thu 23 Mar 2006 143,360 A..HR --- "C:\Program Files\Common Files\System\msadc\msadco.dll"
Tue 3 Aug 2004 16,384 A..HR --- "C:\Program Files\Common Files\System\msadc\msadcor.dll"
Tue 3 Aug 2004 53,248 A..HR --- "C:\Program Files\Common Files\System\msadc\msadcs.dll"
Tue 3 Aug 2004 155,648 A..HR --- "C:\Program Files\Common Files\System\msadc\msadds.dll"
Tue 3 Aug 2004 24,576 A..HR --- "C:\Program Files\Common Files\System\msadc\msaddsr.dll"
Tue 3 Aug 2004 16,384 A..HR --- "C:\Program Files\Common Files\System\msadc\msdaprsr.dll"
Tue 3 Aug 2004 200,704 A..HR --- "C:\Program Files\Common Files\System\msadc\msdaprst.dll"
Tue 3 Aug 2004 118,784 A..HR --- "C:\Program Files\Common Files\System\msadc\msdarem.dll"
Tue 3 Aug 2004 16,384 A..HR --- "C:\Program Files\Common Files\System\msadc\msdaremr.dll"
Tue 3 Aug 2004 36,864 A..HR --- "C:\Program Files\Common Files\System\msadc\msdfmap.dll"
Tue 3 Aug 2004 4,096 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdadc.dll"
Tue 3 Aug 2004 4,096 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdaenum.dll"
Tue 3 Aug 2004 4,096 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdaer.dll"
Tue 3 Aug 2004 233,472 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdaora.dll"
Tue 3 Aug 2004 16,384 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdaorar.dll"
Tue 3 Aug 2004 77,824 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdaosp.dll"
Tue 3 Aug 2004 204,800 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdaps.dll"
Tue 3 Aug 2004 4,096 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdasc.dll"
Tue 3 Aug 2004 315,392 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"
Tue 3 Aug 2004 16,384 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll"
Tue 3 Aug 2004 94,208 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdatl3.dll"
Tue 3 Aug 2004 20,480 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdatt.dll"
Tue 3 Aug 2004 4,096 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msdaurl.dll"
Tue 3 Aug 2004 24,576 A..HR --- "C:\Program Files\Common Files\System\Ole DB\msxactps.dll"
Tue 3 Aug 2004 65,536 A..HR --- "C:\Program Files\Common Files\System\Ole DB\oledb32r.dll"
Tue 3 Aug 2004 217,088 A..HR --- "C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll"
Mon 31 Mar 2003 61,440 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\Speech\1033\spcplui.dll"
Tue 3 Aug 2004 618,605 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\fp4autl.dll"
Sat 18 Nov 2000 450,669 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\FP4AWEC.DLL"
Mon 31 Mar 2003 23,552 A..HR --- "C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033\mssoapr.dll"
Mon 31 Mar 2003 774,144 A..HR --- "C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\spttseng.dll"

Finished!



NEXT FILE:
Logfile of HijackThis v1.99.1
Scan saved at 21:09:24, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PNUpdate.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgSvr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\program files\citrix\ica client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\NetPerSec\NetPerSec.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {878CA87E-BD03-4991-A1A8-A1EBEB50578F} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [pnuprdp] C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\pnuprdp.dll,RegisterVirtualChannel
O4 - HKLM\..\Run: [pnupica] C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\pnupica6.dll,RegisterVirtualChannel
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NetPerSec.lnk = C:\Program Files\NetPerSec\NetPerSec.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://fpm.anteon.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6728570343
O16 - DPF: {8B7D2210-CC81-4F59-A486-4409FB485D4A} (RegConfig Class) - http://www2.verizon.net/help/fios_setti ... Config.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://c03.tellmemorecampus.com/bin/tol7inst.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in 1.4.2_01) -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://anteonuniversity.webex.com/clie ... eatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Provision Networks Update Service (PNUpdate) - Provision Networks - C:\WINDOWS\system32\PNUpdate.exe
O23 - Service: Promise Array Message Server (RAIDmSvr) - Unknown owner - C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)


NEXT FILE:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ActivClient 6.1 HomeUse for Air Force
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.2
AltoMP3 Maker 3.20
Apple Mobile Device Support
Apple Software Update
ASUS Probe V2.21.09
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Brother HL-5250DN
Calculator Powertoy for Windows XP
Canon Digital Camera USB WIA Driver
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Casper 4.0
Citrix Presentation Server Client
CmdHere Powertoy For Windows XP
Data Lifeguard Tools
DeductionPro 2007
DeLorme Street Atlas USA 2006
DeLorme Street Atlas USA 2006 Data
DirectShow Dump
Diskeeper Professional Edition
DivX Codec
DivX Content Uploader
DivX Player
DivX Web Player
EPSON Printer Software
EPSON Reference Guide
EPSON Scan
eXplorist Wizard
Free WMA to MP3 Converter 1.16
FTP Voyager 11.2
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Indeo® XP Software
Intel(R) PRO Network Connections Drivers
iPod for Windows 2006-01-10
iPodCopy
iTunes
Java(TM) 6 Update 3
Kensington MouseWorks
LiveUpdate 3.0 (Symantec Corporation)
Lizardtech Express View Browser Plug-in
Loan Calculator! Plus v2.5b
Macromedia Shockwave Player
MapSend DirectRoute North America
MapSend Lite
MapSend Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Outlook Web Access S/MIME
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Mozilla Firefox (2.0.0.12)
MSN
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
Nero BurnRights
Nero Digital
NeroVision Express Content
NETGEAR XE102 Powerline Ethernet Adapter
NetPerSec
News Rover
oggcodecs 0.71.0946
PaperPort Image Printer
Passwords Max
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PlexTools Professional V2.20
Print-IT Client 5.6 (Release 6)
QuickBooks Pro Edition 2004
Quicken Basic 99
QuickTime
RealPlayer
RegCure 1.3.0.2
Remove Hidden Data Tool
RssReader
SanDisk TransferMate
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic CinePlayer DVD Pack
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Spyware Doctor 5.5
Symantec Client Security
TaxCut Maryland 2007
TaxCut Premium + State 2007
TaxCut Premium 2006
TDK Digital MixMaster
TiVo Desktop 2.5
TuneUp Utilities 2006
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
User Profile Hive Cleanup Service
Verizon Online Help and Support
VideoLAN VLC media player 0.8.4a
VideoReDo TVSuite Version 3.1.4.549
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WD Diagnostics
WD Firewire HID Driver
WebEx
Windows Blaster Worm Removal Tool (KB833330)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip
XP Codec Pack
Pg&Lee
Active Member
 
Posts: 11
Joined: February 24th, 2008, 7:44 am

Re: Patrick Can't Do It Alone

Unread postby chryssi2001 » February 29th, 2008, 12:58 pm

Hello Pg&Lee :),

Thanks for the reports.
-------------------------------------
Please download ATF cleaner
Make sure that all browser windows are closed.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
-------------------------------------
OPTIONAL
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.

Please read next part about Spybot - Search & Destroy before going to Add/Remove Programs.
Let me know if you decided to remove Viewpoint.
-------------------------------------
I see 2 Spybot Search & Destroy in your programs list.
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20


Spybot - Search & Destroy 1.5.2.20 is the latest version. Did you uninstall the older one before you installed the new update?

Please check in your add/remove programs for Spybot - Search & Destroy
and uninstall it. If you find any problems with Spybot S&D not working after you do that, please uninstall newer version too, and re-install it.
-------------------------------------
Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 4.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 4 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u4-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer
-------------------------------------
Disable Spyware Doctor until the computer is clean

Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:
    Click the Spyware Doctor icon in the System Tray.
    Click Settings
    Click Startup Settings under Pick a Category.
    Uncheck Run at Windows startup.
    Click Apply and Exit Spyware Doctor
Don't forget to re-enable it, when your computer is clean.
-------------------------------------
Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.
-------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {878CA87E-BD03-4991-A1A8-A1EBEB50578F} - (no file)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in 1.4.2_01) -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -


Fix these lines too if you didn't set these restrictions yourself.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Fix these lines too if you didn't add them in your trusted zone.
O15 - Trusted Zone: http://fpm.anteon.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
-------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
-------------------------------------
Run HijackThis again.
-------------------------------------
Post back:
Did you remove Viewpoint?
Malwarebytes' Anti-Malware report.
A new HijackThis log.
Tell me how the pc behaves now.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Patrick Can't Do It Alone

Unread postby Pg&Lee » March 1st, 2008, 7:24 pm

chryssi2001,

Per your last post to me;
- Your question re Spybot - Search & Destroy 1.5.2.20 and whether or not I un-installed the older version before installing the new update; I don't think I did. As I remember, the newest version was 'pushed' to me by Spybot and didn't say anything about removing the old version. However, per you advice, I have removed Spybot - S&D ver 1.5.2.20 and reinstalled the same version.

- I have removed Viewpoint.

- FIX HIJACK THIS ENTRIES;
-- I have left in place the following because I can't remember specifically that I make the changes intentionally. I remember several years ago making some special setting in IE to accommodate software my employer provided that permitted me to connect to my companies network via VPN a connection and more recently to be able to "CITRIX" in to my at work network. If you have grave misgivings about leaving those setting in place I'll remove them. Please advise.

--- O6 - HKCU\Software\Polices\Microsoft\Internet Explorer\Restrictions present
--- O6 - HKCU\Software\Polices\Microsoft\Internet Explorer\Control point panel
--- O15 - Trusted Zone:http://fpm.anteon.com


- How does the PC behave?
-- After a short test drive, it appears to be noticeably quicker. The screens appear to 'pop' up more quickly. One problem I've noted however, is that I can't change my IE 6.0 home page to blank. All the buttons for making that change are dimmed out. I think there a setting in Spybot S&D that prevents chanhging the home page. I suspect one of the utilities you had me run change the IE home page to MSN and now I have to figure out how to change it back to blank. Any suggests as to how that is done would be appreciated.

- FYI
-- I've returned SpyBot S&D tea timer and Spyware Doctor to fully use.

- Here are the two Anti-Malware report and the updated HiJack This log.

Malwarebytes' Anti-Malware 1.05
Database version: 436

Scan type: Full Scan (A:\|C:\|D:\|F:\|H:\|I:\|J:\|K:\|X:\|Y:\|Z:\|)
Objects scanned: 367295
Time elapsed: 1 hour(s), 12 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ekvgsnw.bltm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{292547ec-9c38-4398-b336-6219b91a1634} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ekvgsnw.bltm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of HijackThis v1.99.1
Scan saved at 17:32:09, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PNUpdate.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgSvr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\program files\citrix\ica client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\NetPerSec\NetPerSec.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [pnuprdp] C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\pnuprdp.dll,RegisterVirtualChannel
O4 - HKLM\..\Run: [pnupica] C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\pnupica6.dll,RegisterVirtualChannel
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NetPerSec.lnk = C:\Program Files\NetPerSec\NetPerSec.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://fpm.anteon.com
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6728570343
O16 - DPF: {8B7D2210-CC81-4F59-A486-4409FB485D4A} (RegConfig Class) - http://www2.verizon.net/help/fios_setti ... Config.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://c03.tellmemorecampus.com/bin/tol7inst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://anteonuniversity.webex.com/clie ... eatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Provision Networks Update Service (PNUpdate) - Provision Networks - C:\WINDOWS\system32\PNUpdate.exe
O23 - Service: Promise Array Message Server (RAIDmSvr) - Unknown owner - C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
Pg&Lee
Active Member
 
Posts: 11
Joined: February 24th, 2008, 7:44 am

Re: Patrick Can't Do It Alone

Unread postby chryssi2001 » March 2nd, 2008, 6:16 am

Hello Pg&Lee :)

O6 - HKCU\Software\Polices\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Polices\Microsoft\Internet Explorer\Control point panel
O15 - Trusted Zone:http://fpm.anteon.com

You did fine keeping those.
06 lines are probably there due to Spyware Doctor presence.

Since this is a work computer keeping 015 line is fine.
---------------------------------------------------
I can't change my IE 6.0 home page to blank

Why do you want to reset it to blank?
We tend to fix the lines which shows that home page is set to blank, in malware fight.
---------------------------------------------------
I've returned SpyBot S&D tea timer and Spyware Doctor to fully use

Please keep them disabled untill we clean the pc.
We are not done yet.
Some of the tools we use, won't work properly if spyware programs are in use. There is a special note in my Combofix post below mentioning this.
---------------------------------------------------
Even though your HijackThis looks clean now, Malwarebytes' Anti-Malware report make me believe there is more infection hiding on your pc.
So i will need you to run Combofix.

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

    When the tool is finished, it will produce a report for you.
  • Please post back the C:\ComboFix.txt
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Patrick Can't Do It Alone

Unread postby Pg&Lee » March 2nd, 2008, 11:10 pm

chryssi2001,

The news is not good on this post. I'm uable to post the post-scan ComboFix.txt file you asked for.
I wasn't able to to get the ComboFix application to run as described on its host page. After disabling Spyware Doctor and Spybot S&D as you previously explained, I attempted to disable my Symantec AV by clicking the "unload service" button under the file menu. That proved to be not the thing to do. I learned this when, after attempting to load the Windows XP Recovery Console, I ran ComboFix three times. The program halted after the the first few "Stages" of the scan. I then D/Led ComboFix again and ran it w/o installing XP Recovery Console. I got the same results, never ran past Stage 8 of the scan. I then reloaded Symantec AV and then just right clicked the icon in the tray and un-checked the "Enable Auto-protect" and ran ComboFix again. ComboFix then ran thru Stage 43 (as I remember) of the scan but didn't always display the dialogs and status displays shown in the screen shots seen on the ComboFix web site. I never could find any txt or log file other than the one generated when I loaded the Windows XP Recovery Console. (see below). Bottom line, I couldn't get the ComboFix.txt file I think you're were looking for.

I never even looked at disabling anything in the 'Malwatebytes' application as I believe it to be a scanner w/o any real time protection capability.

I've since erased the two ComboFix directories (ComboFix and ComboFix(2)) directories.

Heres the only ComboFix file I could find (it was in the C:\ComboFix directory.
ComboFix 08-03-03.6 - Patrick 2008-03-02 20:17:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.430 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick\Desktop\ComboFix.exe

I'm open to suggestions about what to do know. I really think there something wrong with the ComboFix application as it execution on my PC. It just doesn't give all the displays the scereen shots on its home page leads me to believe I should see. Specifically, after the post-scan reboot I never saw any indication that a ComboFix Log file was generatation. Don't know if that means there were no fixes which would seem to be a good thing.

IRT to your question about why I use a blank page as my IE6 home page; I guess its a carryover from my dial-up days when I didn't want to waste time loading a page I never use.

Regards, Patrick
Pg&Lee
Active Member
 
Posts: 11
Joined: February 24th, 2008, 7:44 am

Re: Patrick Can't Do It Alone

Unread postby chryssi2001 » March 3rd, 2008, 1:55 am

Hello Pg&Lee,

I never could find any txt or log file other than the one generated when I loaded the Windows XP Recovery Console

Do you have that text/report which was created after you dragged Recovery Console into Combofix?
The one you posted is the heading of Combofix report, which normally would have a full report after that.

I'll ask about this problem and be back! :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Patrick Can't Do It Alone

Unread postby Pg&Lee » March 3rd, 2008, 7:38 am

No sir. What I gave you is all I could find after looking in the ComboFix directories and doing searches on both 'txt' and 'log' for 2 Mar.

Regards, PGM
Pg&Lee
Active Member
 
Posts: 11
Joined: February 24th, 2008, 7:44 am

Re: Patrick Can't Do It Alone

Unread postby chryssi2001 » March 3rd, 2008, 8:10 am

Hello Pg&Lee,

No sir. What I gave you is all I could find after looking in the ComboFix directories and doing searches on both 'txt' and 'log' for 2 Mar.


I am a lady ;)

Can you search on your C:\ drive if any folder C:\CF-RC document exists?
Just let me know no big deal :). We will run another on-line scan to see if any remainants of infections on your pc.
----------------------------------------------
I can't see any firewall in your HijackThis log, so i assume you use windows firewall.

FIREWALL
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly. It's preferable to install one of the suggested firewalls.

FREE FIREWALLS
Tutorial about Firewalls can be found [url=http://www.bleepingcomputer.com/tutorials/tutorial60.html]here[/url
----------------------------------------------
Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Patrick Can't Do It Alone

Unread postby Pg&Lee » March 4th, 2008, 6:26 am

Ma'am,

QUOTE
Can you search on your C:\ drive if any folder C:\CF-RC document exists?

I'd done a search for any & all 'txt' and 'log' files on my PC after the ComboFix incident and only found what I'd passed to you. I'm confident there are now others.

I have re-enabled my Symantec Client Firewall (and found the MS firewall turned off!).

I ran the Kaspersky scan (it was a four kettle scan) and have attached the results hereto along with my recent HJT scan results file.

BTW, Thanks again for all the help and advice. Its much appreciated.

Patrick

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-03-04 04:46
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/03/2008
Kaspersky Anti-Virus database records: 594923
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
X:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 318858
Number of viruses found: 3
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 05:24:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06812d2222a34105e0acb8efd19476be_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09a43fe7cacc2a4236088a14676672ea_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15a032e1a97458cf18ddc350ee762687_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37799ecdab16829cc46a42c387c41349_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50233ffb231b7454df98a5bf90a8d077_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\618a414737638c93fe50fab65b0e4f4f_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\649c271e7dfb240bb4708db331f32f51_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88f293a7677687b7f813fccbe6c53a14_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8af70f98f74c437bf55b2d65b44d830e_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bf4d6902d951b9e206be7fe0c948d53_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7e3235795813ca1535a295476e8b319_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4cf90232ece8f02744efcfbca19fafc_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e81e7c041e26d422a682a5ab836abc25_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e89a7c9305771f05de76ad392f6a613d_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f15fdbb1de306119036c846aa5361e17_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1bbd5422af4c56b70db375a261e7f83_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840000.VBN/backups/alofkmn.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bpc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840000.VBN/backups/dgtxrdfsnw.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bow skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840000.VBN/backups/fkxvkns.exe Infected: not-a-virus:AdWare.Win32.Vapsup.bpg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840001.VBN/backups/alofkmn.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bpc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840001.VBN/backups/dgtxrdfsnw.dll Infected: not-a-virus:AdWare.Win32.Vapsup.bow skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840001.VBN/backups/fkxvkns.exe Infected: not-a-virus:AdWare.Win32.Vapsup.bpg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840001.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16840001.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_258.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Patrick\Application Data\Microsoft\Outlook\DSL_Mail.NK2 Object is locked skipped
C:\Documents and Settings\Patrick\Application Data\Microsoft\Outlook\DSL_Mail.srs Object is locked skipped
C:\Documents and Settings\Patrick\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Patrick\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Patrick\ntuser.dat Object is locked skipped
C:\Documents and Settings\Patrick\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\profile.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_571.trc Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\Patrick\My Documents\Mail Archive\archive.pst Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06812d2222a34105e0acb8efd19476be_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09a43fe7cacc2a4236088a14676672ea_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\15a032e1a97458cf18ddc350ee762687_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37799ecdab16829cc46a42c387c41349_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50233ffb231b7454df98a5bf90a8d077_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\618a414737638c93fe50fab65b0e4f4f_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\649c271e7dfb240bb4708db331f32f51_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88f293a7677687b7f813fccbe6c53a14_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8af70f98f74c437bf55b2d65b44d830e_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bf4d6902d951b9e206be7fe0c948d53_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7e3235795813ca1535a295476e8b319_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4cf90232ece8f02744efcfbca19fafc_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e81e7c041e26d422a682a5ab836abc25_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e89a7c9305771f05de76ad392f6a613d_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f15fdbb1de306119036c846aa5361e17_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1bbd5422af4c56b70db375a261e7f83_98728054-c47c-4150-a733-5f691cfbff64 Object is locked skipped
X:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Y:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Z:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped


Logfile of HijackThis v1.99.1
Scan saved at 05:08, on 2008-03-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\program files\citrix\ica client\ssonsvr.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\vptray.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\WINDOWS\system32\PNUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgSvr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\NetPerSec\NetPerSec.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [pnuprdp] C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\pnuprdp.dll,RegisterVirtualChannel
O4 - HKLM\..\Run: [pnupica] C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\pnupica6.dll,RegisterVirtualChannel
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\\vptray.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: NetPerSec.lnk = C:\Program Files\NetPerSec\NetPerSec.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://fpm.anteon.com
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6728570343
O16 - DPF: {8B7D2210-CC81-4F59-A486-4409FB485D4A} (RegConfig Class) - http://www2.verizon.net/help/fios_setti ... Config.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://c03.tellmemorecampus.com/bin/tol7inst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://anteonuniversity.webex.com/clie ... eatgpc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A4E6ECA-DBFB-4C20-B974-A5B2BAE9BEC3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Provision Networks Update Service (PNUpdate) - Provision Networks - C:\WINDOWS\system32\PNUpdate.exe
O23 - Service: Promise Array Message Server (RAIDmSvr) - Unknown owner - C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
Pg&Lee
Active Member
 
Posts: 11
Joined: February 24th, 2008, 7:44 am

Re: Patrick Can't Do It Alone

Unread postby chryssi2001 » March 4th, 2008, 2:02 pm

Hello Pg&Lee,

I have re-enabled my Symantec Client Firewall (and found the MS firewall turned off!).

You should have only one Firewall enabled. Preferable Symantec Client Firewall, as windows firewall controls only incoming traffic.
So please be sure your windows firewall is disabled.
-------------------------------------------------
I ran the Kaspersky scan (it was a four kettle scan)
:lol:
What are all these Drives? If you know what they are, which i suppose you do, you can choose which Drives to scan.
That's why Kaspersky took so long.

A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
X:\
Y:\
Z:\
----------------------------------------------
Unfortunately the Kaspersky scan didn't finish properly. :(
We'll remove what i can see, and i'll give you another scan to run, as i need to be sure there is nothing bad left on your pc.
I don't know if it will finish in a shorter time because there are too many drives to scan. So be prepared for some more kettles. ;)
----------------------------------------------
EMPTY NORTON QUARANTEE FOLDERS
Go to this page and follow the directions for emptying Quarantine for your version of Norton Antivirus:Removing files from Norton AntiVirus Quarantine
----------------------------------------------
Please disable Spyware Doctor and SpybotSD TeaTimer as per my instructions in >>this<< post and please keep them disabled untill we finish.

They might interfere with the fixes.
----------------------------------------------
Some of the lines we removed, and were not present in your latest HijackThis log are back. I need you to remove them again.

FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
PANDA ONLINE SCAN
Place a shortcut to Panda ActiveScan on your desktop.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post back the contents of the Panda scan report.
----------------------------------------------
Run Hijackthis again.
----------------------------------------------
Post back:
Panda report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware