Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware or virus issue

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Gozza » September 29th, 2007, 3:26 pm

I have carried out both scans. Here are the results. If you want I can translate the Italian for you in the filesfound report.

Combofix report:

ComboFix 07-09-21.2 - "Kite" 2007-09-29 20:56:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.208 [GMT 2:00]
* Created a new restore point

FILE::
C:\WINDOWS\1388146.exe
C:\WINDOWS\166769.exe
C:\WINDOWS\17402964.exe
C:\WINDOWS\18607596.exe
C:\WINDOWS\19812538.exe
C:\WINDOWS\21013916.exe
C:\WINDOWS\22225288.exe
C:\WINDOWS\23430621.exe
C:\WINDOWS\25854937.exe
C:\WINDOWS\2595472.exe
C:\WINDOWS\27059779.exe
C:\WINDOWS\28262509.exe
C:\WINDOWS\29464798.exe
C:\WINDOWS\30666796.exe
C:\WINDOWS\31867673.exe
C:\WINDOWS\33070312.exe
C:\WINDOWS\34272441.exe
C:\WINDOWS\35473898.exe
C:\WINDOWS\36679231.exe
C:\WINDOWS\37882271.exe
C:\WINDOWS\3797069.exe
C:\WINDOWS\39084160.exe
C:\WINDOWS\40287730.exe
C:\WINDOWS\41490390.exe
C:\WINDOWS\42693099.exe
C:\WINDOWS\43894446.exe
C:\WINDOWS\45096855.exe
C:\WINDOWS\46300907.exe
C:\WINDOWS\47503205.exe
C:\WINDOWS\48704132.exe
C:\WINDOWS\49907833.exe
C:\WINDOWS\5000940.exe
C:\WINDOWS\51111314.exe
C:\WINDOWS\52312000.exe
C:\WINDOWS\53513418.exe
C:\WINDOWS\54718280.exe
C:\WINDOWS\55927219.exe
C:\WINDOWS\57127845.exe
C:\WINDOWS\system32\AClient.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AClient.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
.

2007-09-25 23:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-19 22:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-19 22:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kaspersky Lab
2007-09-05 20:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 20:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\WholeSecurity
2007-09-29 12:45 --------- d-------- C:\Programmi\File comuni\Symantec Shared
2007-09-05 00:21 --------- d-------- C:\Programmi\Windows Defender
2007-09-05 00:14 --------- d-------- C:\Programmi\QuickTime
2007-09-05 00:13 --------- d-------- C:\Programmi\Norton SystemWorks
2007-09-05 00:13 --------- d-------- C:\Programmi\MSN Messenger
2007-09-05 00:07 --------- d-------- C:\Programmi\Google
2007-09-05 00:03 --------- d-------- C:\Programmi\Apoint
2007-08-28 16:46 --------- d-------- C:\DOCUME~1\Kite\DATIAP~1\AdobeUM
2007-08-24 09:58 --------- d-------- C:\DOCUME~1\Kite\DATIAP~1\Canon
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\WINDOWS\Temp\TMP000000169188488A7578FFC5 ----

C:\WINDOWS\Temp\TMP000000169188488A7578FFC5\


((((((((((((((((((((((((((((( snapshot_2007-09-25_234348.79 )))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 272,384 2004-08-19 13:39:28 C:\WINDOWS\system32\dllcache\sptip.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-07-01 14:02]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-07-01 13:58]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [2003-11-07 19:21]
"SonyPowerCfg"="C:\Programmi\sony\vaio power management\SPMgr.exe" [2004-06-29 21:45]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-01-19 22:25]
"eBayToolbar"="C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-08 18:53]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2002-08-19 23:22]
"ccRegVfy"="C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" [2002-08-19 23:23]
"GhostStartTrayApp"="C:\Programmi\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 16:21]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\ESECUZ~1\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-07-30 03:52:00]
SMART Board Tools.lnk - C:\Programmi\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe [2007-05-03 11:30:38]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Programmi\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
C:\Programmi\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Programmi\sony\vaio update 2\VAIOUpdt.exe" /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMConsole.exe]
C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VCI"=2 (0x2)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-AppServer"=2 (0x2)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment Task Scheduler"=3 (0x3)
"VAIO Entertainment File Import Service"=2 (0x2)
"VAIO Entertainment Aggregation and Control Service"=3 (0x3)

R1 GhPciScan;GhostPciScanner;\??\C:\Programmi\Norton SystemWorks\Norton Ghost\ghpciscan.sys
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys
R2 SMART Web Server;SMART Web Server;"C:\Programmi\SMART Technologies Inc\SMART Board Software\WebServer.exe"
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys
S2 siregsrv;siregsrv;C:\PROGRA~1\NORTON~2\SPEEDD~1\SIREGSRV.EXE
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM
S4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 19:06:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2007-09-21 22:06:27 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-08-31 16:27:55 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-09-29 19:05:33 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 21:04:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-29 21:10:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 21:09
C:\ComboFix2.txt ... 2007-09-26 22:42
.
--- E O F ---


filesfound scan report:

Il volume nell'unit… C Š VAIO
Numero di serie del volume: 20F9-456C
Il volume nell'unit… C Š VAIO
Numero di serie del volume: 20F9-456C
Gozza
Active Member
 
Posts: 12
Joined: September 7th, 2007, 2:17 pm
Advertisement
Register to Remove

Unread postby Katana » September 30th, 2007, 5:54 am

Gozza wrote: If you want I can translate the Italian for you in the filesfound report.


No problem, I get the picture :)

That is very strange, the kaspersky log shows all those files but ComboFix did not delete them.
Did you delete them already ?
If not please can you re-run Kaspersky to see if they still show.
If you did remove them, you do not need to do this scan - just post back to let me know.

Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby Gozza » October 2nd, 2007, 1:07 pm

Here is the Kaspersky log.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 02, 2007 7:06:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 1/10/2007
Kaspersky Anti-Virus database records: 426076
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 104397
Number of viruses found: 5
Number of infected objects: 13
Number of suspicious objects: 119
Duration of the scan process: 02:53:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-02122007-103419.log Object is locked skipped
C:\Documents and Settings\Kite\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Cronologia\History.IE5\MSHist012007092420071001\index.dat Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Cronologia\History.IE5\MSHist012007100120071002\index.dat Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{207DFE6A-B8F1-474D-8F45-B020D056C6CC} Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kite\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kite\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kite\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Kite\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\Quarantine\25A0193B Infected: Trojan.Win32.Tiny.e skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\Quarantine\25A34337 Infected: Trojan.Win32.Tiny.e skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\Quarantine\5D3A2D0A.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\Quarantine\5D3A2D0A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\Quarantine\5D3A2D0A.zip ZIP: infected - 2 skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\Quarantine\5D3A2D0A.zip CryptFF: infected - 2 skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\Quarantine\60990D05 Infected: Trojan.Win32.Tiny.e skipped
C:\Programmi\Norton SystemWorks\Norton AntiVirus\Quarantine\609D3701 Infected: Trojan.Win32.Tiny.e skipped
C:\Programmi\SMART Board Software\SMARTBoardService.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\1388146.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\166769.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\17402964.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\18607596.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\19812538.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\21013916.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\22225288.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\23430621.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\25854937.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\2595472.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\27059779.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\28262509.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\29464798.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\30666796.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\31867673.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\33070312.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\34272441.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\35473898.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\36679231.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\37882271.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\3797069.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\39084160.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\40287730.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\41490390.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\42693099.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\43894446.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\45096855.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\46300907.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\47503205.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\48704132.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\49907833.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\5000940.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\51111314.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\52312000.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\53513418.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\54718280.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\55927219.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\57127845.exe.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\AClient.dll.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145020.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145021.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145022.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145023.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145024.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145025.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145026.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145027.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145028.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145055.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145056.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145057.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145058.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145059.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145060.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145061.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145062.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145063.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145064.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145065.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145066.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145067.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145068.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145069.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145070.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145071.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145072.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145073.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145074.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145075.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145076.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145077.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145078.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145079.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145080.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145081.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP673\A0145110.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145118.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145200.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145201.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145202.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145307.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145309.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145313.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145317.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP674\A0145319.exe Infected: Packed.Win32.PolyCrypt.d skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148262.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148279.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148285.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148291.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148297.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148303.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148309.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148315.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148328.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148332.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148338.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148342.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148346.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148350.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148354.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148358.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148362.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148366.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148369.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148375.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148378.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148382.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148383.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148384.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148385.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148386.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148387.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148388.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148390.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148392.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148396.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148400.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148403.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148405.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148407.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148409.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148411.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP693\A0148413.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP696\A0149095.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP696\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{063D993E-5E8E-440F-854F-59F255225AD4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{04D559E1-C423-42FB-ACD6-9622DB80FC5D}\RP696\change.log Object is locked skipped

Scan process completed.
Gozza
Active Member
 
Posts: 12
Joined: September 7th, 2007, 2:17 pm

Unread postby Gozza » October 2nd, 2007, 1:12 pm

Hi Katana, I forgot to answer your question in my last post and I can't seem to find out how to edit my last forum post....unless you just can't. Anyway I haven't moved or deleated the files, but I noticed from the log above that they had been moved to somewhere called qoobox\quarantine\C\Windows\... I haven't a clue how they got there :!: :?:
Gozza
Active Member
 
Posts: 12
Joined: September 7th, 2007, 2:17 pm

Unread postby Katana » October 2nd, 2007, 6:07 pm

Gozza wrote: Anyway I haven't moved or deleated the files, but I noticed from the log above that they had been moved to somewhere called qoobox\quarantine\C\Windows\... I haven't a clue how they got there :!: :?:


It's Ok, that is exactly where I wanted them to be :)
Qoobox is ComboFix quarantine folder, so it must have got them.

If you can post a last HJT log please, and how are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby Gozza » October 4th, 2007, 1:50 pm

I have been told the laptop is running a lot better without any of the issues mentioned at the beginning, thanks for the help.
Here is the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 19:47:58, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Apoint\Apoint.exe
C:\Programmi\sony\vaio power management\SPMgr.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Programmi\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
C:\Programmi\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Programmi\SMART Technologies Inc\SMART Board Software\WebServer.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\SMART Technologies Inc\SMART Board Software\Aware.exe
C:\Programmi\SMART Technologies Inc\SMART Board Software\Marker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu.asp?l=it&u=a&h=0410
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programmi\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programmi\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [ccApp] C:\Programmi\File comuni\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmi\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Programmi\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://wanadoouk.oberon-media.com/onlin ... der_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: siregsrv - Symantec, Peter Norton Group - C:\PROGRA~1\NORTON~2\SPEEDD~1\SIREGSRV.EXE
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Programmi\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Programmi\SMART Technologies Inc\SMART Board Software\WebServer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
Gozza
Active Member
 
Posts: 12
Joined: September 7th, 2007, 2:17 pm

Unread postby Katana » October 4th, 2007, 2:46 pm

Congratulations your logs look clean :D

Let’s see if I can help you keep it that way

First lets tidy up :D
Please delete the following
ComboFix.exe
CFScript.txt
C:\Qoobox

You can also delete any logs we produced

Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK



Now you should disable System restore to purge any infected files and then re-enable it,
Reset System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.


Also PLEASE read this article

So How Did I Get Infected In The First Place

If you can see a program in the must have section that you have never seen or used then get it!

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'



Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Rogue
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 497 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware