Virus??? Help!

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Virus??? Help!

Post by sara on Tue Dec 02, 2008 4:30 am

I was told that I might have some kind of virus....The first problem was that my computer would not connect to internet but other computers in the house do....Could not open Norton...Help and support will not open, it says system service is not running. I attempted to back up some files on disc and I am unable to do that. Device Manager shows no hardware....Can someone help me please????

This is probably a very stupid question but....How do you find a virus or malware on your computer? How do you know? Thanks!!

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Doctor Inferno on Tue Dec 02, 2008 4:43 am

Hello, welcome to GeekPolice.

Please read this topic:

[You must be registered and logged in to see this link.]

Followed by posting a HijackThis log.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Tue Dec 02, 2008 4:50 am

I did read that before I wrote the post but the problem is how to transfer to the computer with the problem????

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Tue Dec 02, 2008 5:23 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:22 AM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Application Data\U3\2845500A79C29D8F\LaunchPad.exe
G:\HiJackThis.exe
C:\WINDOWS\system32\ctfmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3566132774-2315521251-1546062107-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--
End of file - 5457 bytes

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Tue Dec 02, 2008 9:54 am

Hello, before we can do anything, we need to get an anti-virus running.

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently.¬ Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Tue Dec 02, 2008 4:06 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:35 AM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FaxTalk Communicator\FTCtrl32.exe
C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Application Data\U3\2845500A79C29D8F\LaunchPad.exe
G:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [windows defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [userfaultcheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [tkbellexe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [sigmatelsystrayapp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nvmediacenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nvcpldaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [maxtoronetouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [dla] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [callcontrol 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec RemoteAssist (symantec remoteassist) - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8897 bytes

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Tue Dec 02, 2008 4:19 pm

Thank you.
Now lets have a look around. Smile


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Wed Dec 03, 2008 1:50 am

I cannot run this program as I do not have an internet connection. The first problem I encountered was my inability to connect to the internet on my main computer. I have other computers that are online and connect without a problem.

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Wed Dec 03, 2008 1:52 am

Hello.
Lets see if this finds anything.

Please download SilentRunners from here:
[You must be registered and logged in to see this link.]
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Wed Dec 03, 2008 3:09 am

I did this and it gave me a file..DGXLCBCL...I am unable to copy and paste to post. Can you help?? Thanks

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Wed Dec 03, 2008 12:44 pm

Did it make the log file?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Wed Dec 03, 2008 5:27 pm

AF2C6D4A-330-800706a6_AF2C6D4A-508-800706a6_AF2C6D4A-330-800706a6_AF2C6D4A-508-800706a6_AF2C6D4A-330-800706a6_AF2C6D4A-508-800706a6_AF2C6D4A-330-800706a6_AF2C6D4A-508-800706a6_AF2C6D4A-330-800706a6_AF2C6D4A-508-800706a6_D446F964-542-80004005_D446F964-441-

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Wed Dec 03, 2008 5:30 pm

Darn, lets try this.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Wed Dec 03, 2008 8:27 pm

OTViewIt Extras logfile created on: 2008-12-03 15:20:31 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

958.42 Mb Total Physical Memory | 544.86 Mb Available Physical Memory | 56.85% Memory free
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.75% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.87 Gb Total Space | 128.56 Gb Free Space | 88.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.86 Gb Total Space | 1.67 Gb Free Space | 89.45% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGXLCBC1
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.reg [@ = regfile] -- regedit.exe "%1"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe"=%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe"=%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2007-10-08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1171071908\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
[2007-08-30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007-08-30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player
[2008-03-30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
[2008-08-23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\Program Files\Tams11\Games\Spades\spades.exe:*:Enabled:spades
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\[You must be registered and logged in to see this link.] Transfer Program
File not found -- C:\WINDOWS\LMI789.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
[2008-06-03 00:36:06 | 00,039,264 | ---- | M] (AOL, LLC.) -- C:\AOL 9.1\waol.exe:*:Enabled:AOL
[2007-04-02 07:33:32 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
[2005-07-11 16:35:18 | 00,011,352 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2007-09-17 08:02:47 | 00,206,176 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information
[2008-04-13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
File not found -- C:\WINDOWS\LMID58.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
[2007-01-01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
File not found -- C:\WINDOWS\LMI6B1.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
[2008-09-29 01:35:23 | 02,499,928 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\7zS6B2.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
File not found -- C:\WINDOWS\LMI31.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
[2008-04-17 18:27:00 | 09,117,696 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006-06-04 18:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
.

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Wed Dec 03, 2008 8:27 pm

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{075473F5-846A-448B-BCB3-104AA1760205}"=Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Roxio DLA
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{1EA8F972-45F7-497D-8A03-F40F1A421099}"=Hallmark Card Studio 3
"{20c53fa2-4307-4671-a93f-9463b29dfcf1}"=Symantec Technical Support Web Controls
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Roxio MyDVD LE
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}"=Maxtor OneTouch
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{55B30AF2-7331-4436-9318-D9EA45A42F79}"=The Print Shop 21
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5AF8C46D-A141-4E69-9EB5-76A43ED29281}"=Charter High Speed Internet Self-Installation Wizard
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}"=EarthLink Setup Files
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}"=HP Share-to-Web
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}"=Corel Snapfire Plus
"{91CA0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Small Business Edition 2003
"{95F9D960-C571-11D0-90F0-00001B1EFBA8}"=QuickBooks 2001
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Roxio RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B1182355-1464-4B43-8986-031A86808495}"=Event Planner
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Roxio RecordNow Copy
"{B3C7CA81-27EB-11D4-A59C-00E02C071F5C}"=Adobe ActiveShare 1.5
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}"=Digital Content Portal
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}"=Dell Support 3.2.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}"=MCU
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}"=Canon PhotoRecord
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AOL Toolbar 5.0"=
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"CANONBJ_Deinstall_CNMCP64.DLL"=Canon PIXMA iP4000
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easytoon 1.9.5"=Easytoon 1.9.5
"Easy-WebPrint"=Easy-WebPrint
"Family Feud"=Family Feud (remove only)
"FaxTalk Communicator 4.5"=FaxTalk Communicator 4.5
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"HP PrecisionScan LTX"=HP PrecisionScan LTX
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}"=Maxtor OneTouch
"iPod Copy Expert_is1"=iPod Copy Expert 3.1.2
"iPod To Computer Transfer_is1"=iPod To Computer Transfer 3.5
"kb940157"=Windows Search 4.0
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Monopoly"=Monopoly (remove only)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"MXOFX"=USB Storage Adapter FX (MXO)
"MySpaceIM"=MySpaceIM
"NAV"=Norton AntiVirus
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"RealArcade 1.2"=RealArcade
"RealPlayer 6.0"=RealPlayer
"SoftwareUpdUtility"=Download Updater (AOL LLC)
"Solitaire Master 4"=Solitaire Master 4
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6
"ViewpointMediaPlayer"=Viewpoint Media Player
"WebPost"=Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Sprint Digital Lounge"=Sprint Digital Lounge

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-11-28 18:07:08 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 2008-11-28 18:13:51 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 2008-12-02 11:49:54 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1000
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module
version.dll, version 5.1.2600.5512, fault address 0x00001e71.

Error - 2008-12-02 21:53:13 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module
version.dll, version 5.1.2600.5512, fault address 0x00001e71.

Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DGXLCBC1\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DGXLCBC1\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error
description: Catastrophic failure

Error - 2008-12-02 21:54:37 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module
version.dll, version 5.1.2600.5512, fault address 0x00001e71.

Error - 2008-12-02 21:54:41 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module
version.dll, version 5.1.2600.5512, fault address 0x00001e71.

Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DGXLCBC1\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error
description: Access is denied.

Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DGXLCBC1\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error
description: Catastrophic failure

[ System Events ]
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 2008-12-02 11:54:46 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid


< End of report >

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Wed Dec 03, 2008 8:35 pm

Hello.
Please post OTViewIt.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:28 am

Settings\saralynn\My Documents\AlbumArt_{33F3E683-224C-4070-92CD-FDB81EF5F139}_Small.jpg
[2008/11/15 10:44:29 | 00,013,072 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{D4AD2F38-834F-4600-B962-A63C3964EBC6}_Large.jpg
[2008/11/15 10:44:28 | 00,002,264 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{306CE089-5123-4787-9B6D-62FC258ACFC8}_Small.jpg
[2008/11/15 10:44:27 | 00,010,852 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{1464F194-56AC-4BB2-A3B4-FC0E940E3267}_Large.jpg
[2008/11/15 10:44:26 | 00,006,724 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ABE5B00A-3886-4243-97A5-33B1D4B7E769}_Large.jpg
[2008/11/15 10:44:25 | 00,002,677 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{17D4B09F-CBD2-422E-9187-A44ACEE00747}_Small.jpg
[2008/11/15 10:44:24 | 00,011,460 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{4A5EFBA2-D22C-4330-A50C-2F56F94DD719}_Large.jpg
[2008/11/15 10:44:23 | 00,003,094 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{D4AD2F38-834F-4600-B962-A63C3964EBC6}_Small.jpg
[2008/11/15 10:44:22 | 00,009,031 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DC427828-91E8-42AA-85C5-1CE2DAC9D47C}_Large.jpg
[2008/11/15 10:44:21 | 00,002,931 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{1464F194-56AC-4BB2-A3B4-FC0E940E3267}_Small.jpg
[2008/11/15 10:44:20 | 00,002,073 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ABE5B00A-3886-4243-97A5-33B1D4B7E769}_Small.jpg
[2008/11/15 10:44:19 | 00,014,981 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B987A266-D530-414E-8D4F-92144BD499BF}_Large.jpg
[2008/11/15 10:44:19 | 00,002,748 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{4A5EFBA2-D22C-4330-A50C-2F56F94DD719}_Small.jpg
[2008/11/15 10:44:18 | 00,016,043 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{509A6003-116F-41A9-A2A2-B65AD211E222}_Large.jpg
[2008/11/15 10:44:17 | 00,001,994 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DC427828-91E8-42AA-85C5-1CE2DAC9D47C}_Small.jpg
[2008/11/15 10:44:16 | 00,012,742 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9F431219-199B-4B1A-957B-98C38C72D761}_Large.jpg
[2008/11/15 10:44:16 | 00,010,844 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9944B742-E315-4EA9-A17D-8C637E4E5C52}_Large.jpg
[2008/11/15 10:44:15 | 00,003,132 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B987A266-D530-414E-8D4F-92144BD499BF}_Small.jpg
[2008/11/15 10:44:14 | 00,012,883 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{752992E3-4210-43CE-BB5B-E42E6037332E}_Large.jpg
[2008/11/15 10:44:14 | 00,003,604 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{509A6003-116F-41A9-A2A2-B65AD211E222}_Small.jpg
[2008/11/15 10:44:14 | 00,002,953 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9F431219-199B-4B1A-957B-98C38C72D761}_Small.jpg
[2008/11/15 10:44:13 | 00,002,734 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9944B742-E315-4EA9-A17D-8C637E4E5C52}_Small.jpg
[2008/11/15 10:41:56 | 00,009,043 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{2AD8D435-93E7-49FB-9B39-D71175FDB2D1}_Large.jpg
[2008/11/15 10:41:56 | 00,002,081 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{2AD8D435-93E7-49FB-9B39-D71175FDB2D1}_Small.jpg
[2008/11/15 10:40:09 | 02,856,053 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\green day - greenday - when i come around.mp3
[2008/11/15 10:40:08 | 04,277,322 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Green Day - American Idiot.mp3
[2008/11/15 10:40:07 | 03,815,424 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Foghat - Slow Ride.mp3
[2008/11/15 10:40:06 | 04,598,407 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Fall Out Boy - Grand Theft Autumn.mp3
[2008/11/15 10:40:03 | 03,547,134 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\DEF LEPARD ~ ROCK YOU LIKE A HURRICANE.mp3
[2008/11/15 10:40:01 | 06,315,145 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Buckcherry - Crazy b*#**.mp3
[2008/11/15 10:39:54 | 05,059,488 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\50 Cent - Candy Shop.mp3
[2008/11/15 10:39:53 | 05,572,608 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Days Grace- Pain.mp3
[2008/11/15 10:39:53 | 04,570,663 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Doors Down - Right Where I Belong.mp3
[2008/11/15 10:39:52 | 06,549,001 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\13-jim_jones-weatherman_(ft._lil_wayne_stack_bundles).mp3
[2008/11/15 10:39:52 | 05,205,254 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Days Grace - Take Me Under.mp3
[2008/11/15 10:39:52 | 03,864,248 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Days Grace - Scared.mp3
[2008/11/14 23:11:20 | 00,091,888 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/14 21:58:53 | 00,001,393 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2008/11/14 21:45:18 | 00,001,045 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\omegaplague.zip
[2008/11/14 21:21:04 | 00,000,847 | ---- | M] () -- F:\WINDOWS\disney.ini
[2008/11/14 20:46:34 | 00,008,839 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Large.jpg
[2008/11/14 20:46:25 | 00,010,582 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ECA94AE1-6C52-484B-87F1-1CCA0A755699}_Large.jpg
[2008/11/14 20:46:24 | 00,012,934 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{2B510470-2278-439A-86C1-638DDEE2896B}_Large.jpg
[2008/11/14 20:46:24 | 00,003,140 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{752992E3-4210-43CE-BB5B-E42E6037332E}_Small.jpg
[2008/11/14 20:46:23 | 00,002,611 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Small.jpg
[2008/11/14 20:46:22 | 00,011,351 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{EEE9E1F7-95CF-4366-8113-42D073C5ED5E}_Large.jpg
[2008/11/14 20:46:22 | 00,002,470 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ECA94AE1-6C52-484B-87F1-1CCA0A755699}_Small.jpg
[2008/11/14 20:46:20 | 00,014,096 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9A905385-3229-408A-981B-AE5B42E378FD}_Large.jpg
[2008/11/14 20:46:20 | 00,003,136 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{2B510470-2278-439A-86C1-638DDEE2896B}_Small.jpg
[2008/11/14 20:46:18 | 00,006,542 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Large.jpg
[2008/11/14 20:46:17 | 00,002,654 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{EEE9E1F7-95CF-4366-8113-42D073C5ED5E}_Small.jpg
[2008/11/14 20:46:11 | 00,011,018 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{75C12C02-2B77-4EBC-904E-D2301F4E6464}_Large.jpg
[2008/11/14 20:46:09 | 00,003,156 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9A905385-3229-408A-981B-AE5B42E378FD}_Small.jpg
[2008/11/14 20:46:04 | 00,002,037 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Small.jpg
[2008/11/14 20:45:55 | 00,015,033 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{27D12695-BCD7-4477-9642-CE3FBC66C3F6}_Large.jpg
[2008/11/14 20:45:53 | 00,002,648 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{75C12C02-2B77-4EBC-904E-D2301F4E6464}_Small.jpg
[2008/11/14 20:45:43 | 00,003,233 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{27D12695-BCD7-4477-9642-CE3FBC66C3F6}_Small.jpg
[2008/11/13 07:24:19 | 00,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2008/11/10 23:54:01 | 00,311,604 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2008/11/10 23:54:01 | 00,039,992 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2008/11/10 23:54:00 | 00,356,120 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
< End of report >

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:29 am

TViewIt logfile created on: 12/3/2008 8:12:55 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = I:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 55.11 Mb Available Physical Memory | 10.78% Memory free
1.22 Gb Paging File | 0.43 Gb Available in Paging File | 35.30% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536;

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 2.00 Gb Total Space | 1.93 Gb Free Space | 96.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 36.28 Gb Total Space | 18.48 Gb Free Space | 50.94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 1.86 Gb Total Space | 1.67 Gb Free Space | 89.44% Space Free | Partition Type: FAT

Computer Name: SARA
Current User Name: saralynn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- F:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- F:\Program Files\Bonjour\mDNSResponder.exe
[2005/06/13 15:45:54 | 00,827,392 | ---- | M] () -- F:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
[2008/12/02 08:12:11 | 00,115,560 | R--- | M] (Symantec Corporation) -- F:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- F:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/12/02 08:12:11 | 00,115,560 | R--- | M] (Symantec Corporation) -- F:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
[2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wuauclt.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\iexplore.exe
[2008/02/08 16:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- F:\Program Files\LimeWire\LimeWire.exe
[2008/02/08 16:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- F:\Program Files\LimeWire\LimeWire.exe
[2002/11/27 14:54:46 | 00,094,208 | ---- | M] (Microsoft Corporation) -- F:\Program Files\MSN\MSNCoreFiles\msn6.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- F:\Program Files\MSN Messenger\msnmsgr.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\MSN Messenger\usnsvc.exe
[2004/08/04 02:56:57 | 00,214,528 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows NT\Accessories\wordpad.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\iexplore.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\iexplore.exe
[2008/12/03 15:17:58 | 00,422,400 | ---- | M] (OldTimer Tools) -- I:\OTViewIt.exe

========== (O23) Win32 Services ==========

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:31 am

TViewIt logfile created on: 12/3/2008 8:12:55 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = I:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 55.11 Mb Available Physical Memory | 10.78% Memory free
1.22 Gb Paging File | 0.43 Gb Available in Paging File | 35.30% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536;

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 2.00 Gb Total Space | 1.93 Gb Free Space | 96.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 36.28 Gb Total Space | 18.48 Gb Free Space | 50.94% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 1.86 Gb Total Space | 1.67 Gb Free Space | 89.44% Space Free | Partition Type: FAT

Computer Name: SARA
Current User Name: saralynn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- F:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- F:\Program Files\Bonjour\mDNSResponder.exe
[2005/06/13 15:45:54 | 00,827,392 | ---- | M] () -- F:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
[2008/12/02 08:12:11 | 00,115,560 | R--- | M] (Symantec Corporation) -- F:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- F:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/12/02 08:12:11 | 00,115,560 | R--- | M] (Symantec Corporation) -- F:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
[2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wuauclt.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\iexplore.exe
[2008/02/08 16:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- F:\Program Files\LimeWire\LimeWire.exe
[2008/02/08 16:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- F:\Program Files\LimeWire\LimeWire.exe
[2002/11/27 14:54:46 | 00,094,208 | ---- | M] (Microsoft Corporation) -- F:\Program Files\MSN\MSNCoreFiles\msn6.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- F:\Program Files\MSN Messenger\msnmsgr.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\MSN Messenger\usnsvc.exe
[2004/08/04 02:56:57 | 00,214,528 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows NT\Accessories\wordpad.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\iexplore.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Internet Explorer\iexplore.exe
[2008/12/03 15:17:58 | 00,422,400 | ---- | M] (OldTimer Tools) -- I:\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- F:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- F:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- F:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/02 08:12:11 | 00,115,560 | R--- | M] (Symantec Corporation) -- F:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe -- (Norton AntiVirus [Auto | Running])
[2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- F:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- F:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/12/28 15:15:07 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- F:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- F:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem [On_Demand | Running])
[2008/12/02 08:12:12 | 00,255,536 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\BHDrvx86.sys -- (BHDrvx86 [System | Running])
[2003/08/28 18:58:40 | 00,004,272 | R--- | M] () -- F:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci [On_Demand | Stopped])
[2008/12/02 08:12:12 | 00,362,544 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\cchpx86.sys -- (ccHP [System | Running])
[2005/05/30 06:17:18 | 00,017,408 | ---- | M] (Dritek System Inc.) -- F:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr [On_Demand | Running])
[2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- F:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/12/02 08:12:12 | 00,371,248 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/12/02 08:12:12 | 00,099,376 | ---- | M] (Symantec Corporation) -- F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- F:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/02 08:12:12 | 00,274,808 | ---- | M] (Symantec Corporation) -- F:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081201.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
[2005/09/20 16:27:20 | 00,010,368 | ---- | M] (InterVideo, Inc.) -- F:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
[2004/08/04 00:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 08:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2008/12/01 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- F:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081203.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/12/01 04:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- F:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081203.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2003/07/16 15:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- F:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003/07/16 15:43:20 | 00,005,888 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2005/08/02 23:00:36 | 00,232,192 | ---- | M] (Ralink Technology, Corp.) -- F:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- F:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 09:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
[2005/01/27 15:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- F:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/12/02 08:12:13 | 00,306,736 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/12/02 08:12:13 | 00,043,696 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\srtspx.sys -- (SRTSPX [System | Running])
[2008/12/02 08:12:13 | 00,012,976 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/12/02 08:12:13 | 00,309,296 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\SymEFA.sys -- (SymEFA [Boot | Running])
[2008/12/02 08:12:20 | 00,124,464 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/12/02 08:12:13 | 00,089,904 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/12/02 08:12:13 | 00,034,608 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/12/02 08:12:13 | 00,035,888 | R--- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/12/02 08:12:13 | 00,035,888 | R--- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/12/02 08:12:13 | 00,037,424 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/12/02 08:12:13 | 00,024,752 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/12/02 08:12:13 | 00,198,192 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\system32\drivers\NAV\1001000.021\symtdi.sys -- (SYMTDI [System | Running])
[2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- F:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com/
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=F:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=http://www.yahoo.com/

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:32 am

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}: [You must be registered and logged in to see this link.] -- Reg Error: Key does not exist or could not be opened.
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: F:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.5.0_09
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.5.0_09
{D27CDB6E-AE6D-11CF-96B8-444553540000}: [You must be registered and logged in to see this link.] -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0776EF04-7F73-4F38-BCFD-FC79C803E4F0} (Servers: | Description: Belkin 54g Wireless USB Network Adapter)
{1E719743-460F-4257-AF0B-61A7EAB5103C} (Servers: | Description: Intel(R) PRO/100 VE Network Connection)
{A0F45B6F-DF2C-4D57-8EC2-E8FBFC295926} (Servers: | Description: Belkin 54g Wireless USB Network Adapter)
{FA44231B-9804-40C9-9C70-162E661D8C97} (Servers: | Description: Belkin 54g Wireless USB Network Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/04/09 10:11:44 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[2008/11/14 21:22:59 | 00,000,090 | ---- | M] () -- C:\AUTORUN.INF -- [ NTFS ]

autorun.inf [[AutoRun] | open=LaunchU3.exe -a | icon=LaunchU3.exe,0 | action=Run U3 Launchpad | | [Definitions] | Launchpad=LaunchPad.exe | Vtype=2 | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | | [Update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG | | | [Comment] | brand=PelicanBFG | ]
[2008/05/06 07:26:23 | 00,000,309 | R--- | M] () -- H:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8250f5c4-afac-11dd-ac9a-000cf1817b05}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8250f5c4-afac-11dd-ac9a-000cf1817b05}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8250f5c4-afac-11dd-ac9a-000cf1817b05}\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bef14c89-c7b5-11da-8539-806d6172696f}\Shell\AutoRun\command]
""=C:\setupSNK.exe -- [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 F:\WINDOWS\System32\*.tmp files]
[5 F:\WINDOWS\*.tmp files]
[2008/12/03 20:12:45 | 00,000,754 | ---- | C] () -- F:\WINDOWS\WORDPAD.INI
[2008/12/03 02:55:11 | 00,000,124 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\Control Panel.lnk
[2008/12/02 21:46:55 | 00,000,383 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\Shortcut to Administrator.DGXLCBC1.zip
[2008/12/02 21:44:31 | 00,000,852 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\Shortcut to Administrator.DGXLCBC1.zip
[2008/12/02 21:08:36 | 00,098,228 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\Silent Runners.zip
[2008/12/02 20:37:10 | 03,056,742 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\ComboFix.exe
[2008/12/02 10:49:56 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\My Documents\LimeWire
[2008/12/02 10:49:43 | 00,001,580 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\LimeWire 4.16.6.lnk
[2008/12/02 08:16:14 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\My Documents\Symantec
[2008/12/02 08:14:43 | 01,032,282 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\Cat.DB
[2008/12/02 08:14:16 | 00,035,888 | R--- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\SymIM.sys
[2008/12/02 08:12:21 | 00,060,808 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\S32EVNT1.DLL
[2008/12/02 08:12:21 | 00,010,635 | ---- | C] () -- F:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/12/02 08:12:21 | 00,000,806 | ---- | C] () -- F:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/12/02 08:12:20 | 00,124,464 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/12/02 08:12:20 | 00,000,000 | ---D | C] -- F:\Program Files\Symantec
[2008/12/02 08:12:14 | 00,001,881 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2008/12/02 08:12:13 | 00,309,296 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.sys
[2008/12/02 08:12:13 | 00,306,736 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.sys
[2008/12/02 08:12:13 | 00,198,192 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symtdi.sys
[2008/12/02 08:12:13 | 00,089,904 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symfw.sys
[2008/12/02 08:12:13 | 00,043,696 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.sys
[2008/12/02 08:12:13 | 00,040,496 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symndisv.sys
[2008/12/02 08:12:13 | 00,037,424 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symndis.sys
[2008/12/02 08:12:13 | 00,034,608 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symids.sys
[2008/12/02 08:12:13 | 00,024,752 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symredrv.sys
[2008/12/02 08:12:13 | 00,012,976 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symdns.sys
[2008/12/02 08:12:12 | 00,255,536 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:34 am

[1 F:\WINDOWS\System32\*.tmp files]
[5 F:\WINDOWS\*.tmp files]
[2008/12/03 20:12:45 | 00,000,754 | ---- | C] () -- F:\WINDOWS\WORDPAD.INI
[2008/12/03 02:55:11 | 00,000,124 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\Control Panel.lnk
[2008/12/02 21:46:55 | 00,000,383 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\Shortcut to Administrator.DGXLCBC1.zip
[2008/12/02 21:44:31 | 00,000,852 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\Shortcut to Administrator.DGXLCBC1.zip
[2008/12/02 21:08:36 | 00,098,228 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\Silent Runners.zip
[2008/12/02 20:37:10 | 03,056,742 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\ComboFix.exe
[2008/12/02 10:49:56 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\My Documents\LimeWire
[2008/12/02 10:49:43 | 00,001,580 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\LimeWire 4.16.6.lnk
[2008/12/02 08:16:14 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\My Documents\Symantec
[2008/12/02 08:14:43 | 01,032,282 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\Cat.DB
[2008/12/02 08:14:16 | 00,035,888 | R--- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\SymIM.sys
[2008/12/02 08:12:21 | 00,060,808 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\S32EVNT1.DLL
[2008/12/02 08:12:21 | 00,010,635 | ---- | C] () -- F:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/12/02 08:12:21 | 00,000,806 | ---- | C] () -- F:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/12/02 08:12:20 | 00,124,464 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/12/02 08:12:20 | 00,000,000 | ---D | C] -- F:\Program Files\Symantec
[2008/12/02 08:12:14 | 00,001,881 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2008/12/02 08:12:13 | 00,309,296 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.sys
[2008/12/02 08:12:13 | 00,306,736 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.sys
[2008/12/02 08:12:13 | 00,198,192 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symtdi.sys
[2008/12/02 08:12:13 | 00,089,904 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symfw.sys
[2008/12/02 08:12:13 | 00,043,696 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.sys
[2008/12/02 08:12:13 | 00,040,496 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symndisv.sys
[2008/12/02 08:12:13 | 00,037,424 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symndis.sys
[2008/12/02 08:12:13 | 00,034,608 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symids.sys
[2008/12/02 08:12:13 | 00,024,752 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symredrv.sys
[2008/12/02 08:12:13 | 00,012,976 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symdns.sys
[2008/12/02 08:12:12 | 00,255,536 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.sys
[2008/12/02 08:11:59 | 00,003,373 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.inf
[2008/12/02 08:11:59 | 00,001,611 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.inf
[2008/12/02 08:11:59 | 00,001,388 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.inf
[2008/12/02 08:11:59 | 00,001,382 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.inf
[2008/12/02 08:11:59 | 00,000,640 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.inf
[2008/12/02 08:11:59 | 00,000,172 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\isolate.ini
[2008/12/02 08:11:51 | 00,013,089 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.cat
[2008/12/02 08:11:51 | 00,008,428 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.cat
[2008/12/02 08:11:51 | 00,008,390 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.cat
[2008/12/02 08:11:51 | 00,008,386 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.cat
[2008/12/02 08:11:51 | 00,008,382 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.CAT
[2008/12/02 08:11:51 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\drivers\NAV\1001000.021
[2008/12/02 08:11:51 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\drivers\NAV
[2008/12/02 08:11:49 | 00,000,000 | ---D | C] -- F:\Program Files\Windows Sidebar
[2008/12/02 08:11:49 | 00,000,000 | ---D | C] -- F:\Program Files\Norton AntiVirus
[2008/12/02 08:01:51 | 56,742,296 | ---- | C] (Symantec Corporation) -- F:\Documents and Settings\saralynn\My Documents\NAV09EN.exe
[2008/12/02 00:00:29 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- F:\Documents and Settings\saralynn\My Documents\HiJackThis.exe
[2008/11/29 22:06:15 | 05,186,584 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\ikea hacker bedroom.mht
[2008/11/29 11:09:55 | 56,742,296 | ---- | C] (Symantec Corporation) -- F:\Documents and Settings\saralynn\Desktop\NAV09EN.exe
[2008/11/28 12:16:43 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Norton
[2008/11/28 12:16:36 | 00,000,000 | ---D | C] -- F:\Program Files\NortonInstaller
[2008/11/28 12:16:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008/11/28 11:15:11 | 00,000,000 | ---D | C] -- F:\Program Files\Common Files\Symantec Shared
[2008/11/28 11:15:11 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Symantec
[2008/11/22 23:12:01 | 00,002,137 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/22 23:11:34 | 00,000,000 | ---D | C] -- F:\Program Files\iPod
[2008/11/22 23:11:30 | 00,000,000 | ---D | C] -- F:\Program Files\iTunes
[2008/11/22 23:11:30 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/22 23:10:06 | 00,000,000 | ---D | C] -- F:\Program Files\QuickTime
[2008/11/22 23:07:21 | 00,000,000 | ---D | C] -- F:\Program Files\Bonjour
[2008/11/20 17:10:05 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\My Documents\MySpaceIM Pics
[2008/11/20 17:08:52 | 00,000,739 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\MySpaceIM.lnk
[2008/11/20 17:08:51 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\Application Data\MySpace
[2008/11/20 17:08:47 | 00,000,000 | ---D | C] -- F:\Program Files\MySpace
[2008/11/16 19:55:54 | 00,000,000 | ---D | C] -- F:\WINDOWS\pss
[2008/11/16 01:03:00 | 00,000,803 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\Internet Explorer.lnk
[2008/11/15 16:46:46 | 00,013,868 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Large.jpg
[2008/11/15 16:46:46 | 00,003,019 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Small.jpg
[2008/11/15 12:18:31 | 00,013,196 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Large.jpg
[2008/11/15 12:18:31 | 00,003,137 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Small.jpg
[2008/11/15 12:13:07 | 00,006,931 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Large.jpg
[2008/11/15 12:13:07 | 00,001,969 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Small.jpg
[2008/11/15 12:10:42 | 00,012,293 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B83A5979-AA5B-4190-A542-69091460DBAF}_Large.jpg
[2008/11/15 12:10:42 | 00,002,921 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B83A5979-AA5B-4190-A542-69091460DBAF}_Small.jpg
[2008/11/15 11:45:01 | 00,001,303 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{498A6704-B895-48AB-B95F-3D3EE8BB00F6}_Large.jpg
[2008/11/15 11:45:01 | 00,000,727 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{498A6704-B895-48AB-B95F-3D3EE8BB00F6}_Small.jpg
[2008/11/15 11:41:24 | 00,012,329 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{BD9B4DAF-5003-4614-B42D-933B40941B8B}_Large.jpg
[2008/11/15 11:41:24 | 00,002,728 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{BD9B4DAF-5003-4614-B42D-933B40941B8B}_Small.jpg
[2008/11/15 11:40:47 | 00,010,231 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{670595F2-1307-4779-9DDD-82FD1A8406F3}_Large.jpg
[2008/11/15 11:40:47 | 00,002,650 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{670595F2-1307-4779-9DDD-82FD1A8406F3}_Small.jpg
[2008/11/15 11:40:26 | 00,012,778 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{656ECAE6-D6F8-408F-BC2D-F167DF5405AF}_Large.jpg
[2008/11/15 11:40:26 | 00,002,913 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{656ECAE6-D6F8-408F-BC2D-F167DF5405AF}_Small.jpg
[2008/11/15 10:45:23 | 00,006,532 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{97A9E57A-B45A-4C99-B1F0-E32F4DE4F0F6}_Large.jpg
[2008/11/15 10:45:23 | 00,001,976 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{97A9E57A-B45A-4C99-B1F0-E32F4DE4F0F6}_Small.jpg
[2008/11/15 10:45:12 | 00,012,277 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{11630964-F909-455D-A1A6-5E0B3DB9CE29}_Large.jpg
[2008/11/15 10:45:12 | 00,002,963 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{11630964-F909-455D-A1A6-5E0B3DB9CE29}_Small.jpg
[2008/11/15 10:45:04 | 00,010,192 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E6FBCABB-CC3C-4039-BFDD-A953B95FF45D}_Large.jpg
[2008/11/15 10:45:04 | 00,002,897 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E6FBCABB-CC3C-4039-BFDD-A953B95FF45D}_Small.jpg
[2008/11/15 10:44:49 | 00,010,990 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{62DCE68D-B4F9-4251-9A56-6380272C997E}_Large.jpg
[2008/11/15 10:44:49 | 00,002,630 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{62DCE68D-B4F9-4251-9A56-6380272C997E}_Small.jpg
[2008/11/15 10:44:43 | 00,013,406 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{058BFF84-6FD0-4327-8EB0-9A0ADC705C06}_Large.jpg
[2008/11/15 10:44:43 | 00,003,080 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{058BFF84-6FD0-4327-8EB0-9A0ADC705C06}_Small.jpg
[2008/11/15 10:44:42 | 00,008,307 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{0A6E2A24-BD47-459C-BC1E-9460E8285156}_Large.jpg
[2008/11/15 10:44:42 | 00,002,371 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{0A6E2A24-BD47-459C-BC1E-9460E8285156}_Small.jpg
[2008/11/15 10:44:41 | 00,012,512 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
[2008/11/15 10:44:41 | 00,002,893 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
[2008/11/15 10:44:39 | 00,012,739 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{33F3E683-224C-4070-92CD-FDB81EF5F139}_Large.jpg
[2008/11/15 10:44:39 | 00,003,324 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{33F3E683-224C-4070-92CD-FDB81EF5F139}_Small.jpg
[2008/11/15 10:44:37 | 00,009,730 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{306CE089-5123-4787-9B6D-62FC258ACFC8}_Large.jpg
[2008/11/15 10:44:37 | 00,002,264 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{306CE089-5123-4787-9B6D-62FC258ACFC8}_Small.jpg
[2008/11/15 10:44:36 | 00,010,745 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{17D4B09F-CBD2-422E-9187-A44ACEE00747}_Large.jpg
[2008/11/15 10:44:36 | 00,002,677 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{17D4B09F-CBD2-422E-9187-A44ACEE00747}_Small.jpg
[2008/11/15 10:44:34 | 00,013,072 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{D4AD2F38-834F-4600-B962-A63C3964EBC6}_Large.jpg
[2008/11/15 10:44:34 | 00,003,094 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{D4AD2F38-834F-4600-B962-A63C3964EBC6}_Small.jpg
[2008/11/15 10:44:32 | 00,010,852 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{1464F194-56AC-4BB2-A3B4-FC0E940E3267}_Large.jpg
[2008/11/15 10:44:32 | 00,006,724 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ABE5B00A-3886-4243-97A5-33B1D4B7E769}_Large.jpg
[2008/11/15 10:44:32 | 00,002,931 | -HS- | C] () -- F:\Documents and

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:36 am

Thank You! [5 F:\WINDOWS\*.tmp files]
[2008/12/03 20:12:45 | 00,000,754 | ---- | C] () -- F:\WINDOWS\WORDPAD.INI
[2008/12/03 02:55:11 | 00,000,124 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\Control Panel.lnk
[2008/12/02 21:46:55 | 00,000,383 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\Shortcut to Administrator.DGXLCBC1.zip
[2008/12/02 21:44:31 | 00,000,852 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\Shortcut to Administrator.DGXLCBC1.zip
[2008/12/02 21:08:36 | 00,098,228 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\Silent Runners.zip
[2008/12/02 20:37:10 | 03,056,742 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\ComboFix.exe
[2008/12/02 10:49:56 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\My Documents\LimeWire
[2008/12/02 10:49:43 | 00,001,580 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\LimeWire 4.16.6.lnk
[2008/12/02 08:16:14 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\My Documents\Symantec
[2008/12/02 08:14:43 | 01,032,282 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\Cat.DB
[2008/12/02 08:14:16 | 00,035,888 | R--- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\SymIM.sys
[2008/12/02 08:12:21 | 00,060,808 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\S32EVNT1.DLL
[2008/12/02 08:12:21 | 00,010,635 | ---- | C] () -- F:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/12/02 08:12:21 | 00,000,806 | ---- | C] () -- F:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/12/02 08:12:20 | 00,124,464 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/12/02 08:12:20 | 00,000,000 | ---D | C] -- F:\Program Files\Symantec
[2008/12/02 08:12:14 | 00,001,881 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2008/12/02 08:12:13 | 00,309,296 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.sys
[2008/12/02 08:12:13 | 00,306,736 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.sys
[2008/12/02 08:12:13 | 00,198,192 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symtdi.sys
[2008/12/02 08:12:13 | 00,089,904 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symfw.sys
[2008/12/02 08:12:13 | 00,043,696 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.sys
[2008/12/02 08:12:13 | 00,040,496 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symndisv.sys
[2008/12/02 08:12:13 | 00,037,424 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symndis.sys
[2008/12/02 08:12:13 | 00,034,608 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symids.sys
[2008/12/02 08:12:13 | 00,024,752 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symredrv.sys
[2008/12/02 08:12:13 | 00,012,976 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symdns.sys
[2008/12/02 08:12:12 | 00,255,536 | ---- | C] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.sys
[2008/12/02 08:11:59 | 00,003,373 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.inf
[2008/12/02 08:11:59 | 00,001,611 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.inf
[2008/12/02 08:11:59 | 00,001,388 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.inf
[2008/12/02 08:11:59 | 00,001,382 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.inf
[2008/12/02 08:11:59 | 00,000,640 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.inf
[2008/12/02 08:11:59 | 00,000,172 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\isolate.ini
[2008/12/02 08:11:51 | 00,013,089 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.cat
[2008/12/02 08:11:51 | 00,008,428 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.cat
[2008/12/02 08:11:51 | 00,008,390 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.cat
[2008/12/02 08:11:51 | 00,008,386 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.cat
[2008/12/02 08:11:51 | 00,008,382 | ---- | C] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.CAT
[2008/12/02 08:11:51 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\drivers\NAV\1001000.021
[2008/12/02 08:11:51 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\drivers\NAV
[2008/12/02 08:11:49 | 00,000,000 | ---D | C] -- F:\Program Files\Windows Sidebar
[2008/12/02 08:11:49 | 00,000,000 | ---D | C] -- F:\Program Files\Norton AntiVirus
[2008/12/02 08:01:51 | 56,742,296 | ---- | C] (Symantec Corporation) -- F:\Documents and Settings\saralynn\My Documents\NAV09EN.exe
[2008/12/02 00:00:29 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- F:\Documents and Settings\saralynn\My Documents\HiJackThis.exe
[2008/11/29 22:06:15 | 05,186,584 | ---- | C] () -- F:\Documents and Settings\saralynn\My Documents\ikea hacker bedroom.mht
[2008/11/29 11:09:55 | 56,742,296 | ---- | C] (Symantec Corporation) -- F:\Documents and Settings\saralynn\Desktop\NAV09EN.exe
[2008/11/28 12:16:43 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Norton
[2008/11/28 12:16:36 | 00,000,000 | ---D | C] -- F:\Program Files\NortonInstaller
[2008/11/28 12:16:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008/11/28 11:15:11 | 00,000,000 | ---D | C] -- F:\Program Files\Common Files\Symantec Shared
[2008/11/28 11:15:11 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Symantec
[2008/11/22 23:12:01 | 00,002,137 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/22 23:11:34 | 00,000,000 | ---D | C] -- F:\Program Files\iPod
[2008/11/22 23:11:30 | 00,000,000 | ---D | C] -- F:\Program Files\iTunes
[2008/11/22 23:11:30 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/22 23:10:06 | 00,000,000 | ---D | C] -- F:\Program Files\QuickTime
[2008/11/22 23:07:21 | 00,000,000 | ---D | C] -- F:\Program Files\Bonjour
[2008/11/20 17:10:05 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\My Documents\MySpaceIM Pics
[2008/11/20 17:08:52 | 00,000,739 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\MySpaceIM.lnk
[2008/11/20 17:08:51 | 00,000,000 | ---D | C] -- F:\Documents and Settings\saralynn\Application Data\MySpace
[2008/11/20 17:08:47 | 00,000,000 | ---D | C] -- F:\Program Files\MySpace
[2008/11/16 19:55:54 | 00,000,000 | ---D | C] -- F:\WINDOWS\pss
[2008/11/16 01:03:00 | 00,000,803 | ---- | C] () -- F:\Documents and Settings\saralynn\Desktop\Internet Explorer.lnk
[2008/11/15 16:46:46 | 00,013,868 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Large.jpg
[2008/11/15 16:46:46 | 00,003,019 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Small.jpg
[2008/11/15 12:18:31 | 00,013,196 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Large.jpg
[2008/11/15 12:18:31 | 00,003,137 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Small.jpg
[2008/11/15 12:13:07 | 00,006,931 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Large.jpg
[2008/11/15 12:13:07 | 00,001,969 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Small.jpg
[2008/11/15 12:10:42 | 00,012,293 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B83A5979-AA5B-4190-A542-69091460DBAF}_Large.jpg
[2008/11/15 12:10:42 | 00,002,921 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B83A5979-AA5B-4190-A542-69091460DBAF}_Small.jpg
[2008/11/15 11:45:01 | 00,001,303 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{498A6704-B895-48AB-B95F-3D3EE8BB00F6}_Large.jpg
[2008/11/15 11:45:01 | 00,000,727 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{498A6704-B895-48AB-B95F-3D3EE8BB00F6}_Small.jpg
[2008/11/15 11:41:24 | 00,012,329 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{BD9B4DAF-5003-4614-B42D-933B40941B8B}_Large.jpg
[2008/11/15 11:41:24 | 00,002,728 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{BD9B4DAF-5003-4614-B42D-933B40941B8B}_Small.jpg
[2008/11/15 11:40:47 | 00,010,231 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{670595F2-1307-4779-9DDD-82FD1A8406F3}_Large.jpg
[2008/11/15 11:40:47 | 00,002,650 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{670595F2-1307-4779-9DDD-82FD1A8406F3}_Small.jpg
[2008/11/15 11:40:26 | 00,012,778 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{656ECAE6-D6F8-408F-BC2D-F167DF5405AF}_Large.jpg
[2008/11/15 11:40:26 | 00,002,913 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{656ECAE6-D6F8-408F-BC2D-F167DF5405AF}_Small.jpg
[2008/11/15 10:45:23 | 00,006,532 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{97A9E57A-B45A-4C99-B1F0-E32F4DE4F0F6}_Large.jpg
[2008/11/15 10:45:23 | 00,001,976 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{97A9E57A-B45A-4C99-B1F0-E32F4DE4F0F6}_Small.jpg
[2008/11/15 10:45:12 | 00,012,277 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{11630964-F909-455D-A1A6-5E0B3DB9CE29}_Large.jpg
[2008/11/15 10:45:12 | 00,002,963 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{11630964-F909-455D-A1A6-5E0B3DB9CE29}_Small.jpg
[2008/11/15 10:45:04 | 00,010,192 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E6FBCABB-CC3C-4039-BFDD-A953B95FF45D}_Large.jpg
[2008/11/15 10:45:04 | 00,002,897 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E6FBCABB-CC3C-4039-BFDD-A953B95FF45D}_Small.jpg
[2008/11/15 10:44:49 | 00,010,990 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{62DCE68D-B4F9-4251-9A56-6380272C997E}_Large.jpg
[2008/11/15 10:44:49 | 00,002,630 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{62DCE68D-B4F9-4251-9A56-6380272C997E}_Small.jpg
[2008/11/15 10:44:43 | 00,013,406 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{058BFF84-6FD0-4327-8EB0-9A0ADC705C06}_Large.jpg
[2008/11/15 10:44:43 | 00,003,080 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{058BFF84-6FD0-4327-8EB0-9A0ADC705C06}_Small.jpg
[2008/11/15 10:44:42 | 00,008,307 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{0A6E2A24-BD47-459C-BC1E-9460E8285156}_Large.jpg
[2008/11/15 10:44:42 | 00,002,371 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{0A6E2A24-BD47-459C-BC1E-9460E8285156}_Small.jpg
[2008/11/15 10:44:41 | 00,012,512 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
[2008/11/15 10:44:41 | 00,002,893 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
[2008/11/15 10:44:39 | 00,012,739 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{33F3E683-224C-4070-92CD-FDB81EF5F139}_Large.jpg
[2008/11/15 10:44:39 | 00,003,324 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{33F3E683-224C-4070-92CD-FDB81EF5F139}_Small.jpg
[2008/11/15 10:44:37 | 00,009,730 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{306CE089-5123-4787-9B6D-62FC258ACFC8}_Large.jpg
[2008/11/15 10:44:37 | 00,002,264 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{306CE089-5123-4787-9B6D-62FC258ACFC8}_Small.jpg
[2008/11/15 10:44:36 | 00,010,745 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{17D4B09F-CBD2-422E-9187-A44ACEE00747}_Large.jpg
[2008/11/15 10:44:36 | 00,002,677 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{17D4B09F-CBD2-422E-9187-A44ACEE00747}_Small.jpg
[2008/11/15 10:44:34 | 00,013,072 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{D4AD2F38-834F-4600-B962-A63C3964EBC6}_Large.jpg
[2008/11/15 10:44:34 | 00,003,094 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{D4AD2F38-834F-4600-B962-A63C3964EBC6}_Small.jpg
[2008/11/15 10:44:32 | 00,010,852 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{1464F194-56AC-4BB2-A3B4-FC0E940E3267}_Large.jpg
[2008/11/15 10:44:32 | 00,006,724 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ABE5B00A-3886-4243-97A5-33B1D4B7E769}_Large.jpg
[2008/11/15 10:44:32 | 00,002,931 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{1464F194-56AC-4BB2-A3B4-FC0E940E3267}_Small.jpg
[2008/11/15 10:44:32 | 00,002,073 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ABE5B00A-3886-4243-97A5-33B1D4B7E769}_Small.jpg
[2008/11/15 10:44:30 | 00,011,460 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{4A5EFBA2-D22C-4330-A50C-2F56F94DD719}_Large.jpg
[2008/11/15 10:44:30 | 00,002,748 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{4A5EFBA2-D22C-4330-A50C-2F56F94DD719}_Small.jpg
[2008/11/15 10:44:28 | 00,009,031 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DC427828-91E8-42AA-85C5-1CE2DAC9D47C}_Large.jpg
[2008/11/15 10:44:28 | 00,001,994 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DC427828-91E8-42AA-85C5-1CE2DAC9D47C}_Small.jpg
[2008/11/15 10:44:24 | 00,014,981 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B987A266-D530-414E-8D4F-92144BD499BF}_Large.jpg
[2008/11/15 10:44:24 | 00,003,132 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B987A266-D530-414E-8D4F-92144BD499BF}_Small.jpg
[2008/11/15 10:44:22 | 00,016,043 | -HS- | C] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{509A6003-116F-41A9-A2A2-B65AD211E222}_Large.jpg
[2008/11/15 10:44:22 | 00,003,604 | -HS- | C] () -- F:\Documents and

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:38 am

========== Files - Modified Within 30 Days ==========

[1 F:\WINDOWS\System32\*.tmp files]
[5 F:\WINDOWS\*.tmp files]
[2008/12/03 20:12:49 | 00,000,754 | ---- | M] () -- F:\WINDOWS\WORDPAD.INI
[2008/12/03 11:21:59 | 00,000,577 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\My Sharing Folders.lnk
[2008/12/03 03:06:03 | 00,000,127 | -HS- | M] () -- F:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/03 02:55:11 | 00,000,124 | ---- | M] () -- F:\Documents and Settings\saralynn\Desktop\Control Panel.lnk
[2008/12/02 21:53:53 | 00,000,852 | ---- | M] () -- F:\Documents and Settings\saralynn\Desktop\Shortcut to Administrator.DGXLCBC1.zip
[2008/12/02 21:44:31 | 00,000,383 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Shortcut to Administrator.DGXLCBC1.zip
[2008/12/02 21:08:37 | 00,098,228 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Silent Runners.zip
[2008/12/02 20:37:13 | 03,056,742 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\ComboFix.exe
[2008/12/02 20:01:02 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2008/12/02 20:00:58 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2008/12/02 17:26:00 | 00,002,137 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/02 10:49:43 | 00,001,580 | ---- | M] () -- F:\Documents and Settings\saralynn\Desktop\LimeWire 4.16.6.lnk
[2008/12/02 08:14:57 | 01,032,282 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\Cat.DB
[2008/12/02 08:12:20 | 00,124,464 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/12/02 08:12:20 | 00,060,808 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\S32EVNT1.DLL
[2008/12/02 08:12:20 | 00,010,635 | ---- | M] () -- F:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/12/02 08:12:20 | 00,000,806 | ---- | M] () -- F:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/12/02 08:12:14 | 00,001,881 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2008/12/02 08:12:13 | 00,309,296 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.sys
[2008/12/02 08:12:13 | 00,306,736 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.sys
[2008/12/02 08:12:13 | 00,198,192 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symtdi.sys
[2008/12/02 08:12:13 | 00,089,904 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symfw.sys
[2008/12/02 08:12:13 | 00,043,696 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.sys
[2008/12/02 08:12:13 | 00,040,496 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symndisv.sys
[2008/12/02 08:12:13 | 00,037,424 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symndis.sys
[2008/12/02 08:12:13 | 00,035,888 | R--- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\SymIM.sys
[2008/12/02 08:12:13 | 00,034,608 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symids.sys
[2008/12/02 08:12:13 | 00,024,752 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symredrv.sys
[2008/12/02 08:12:13 | 00,012,976 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\symdns.sys
[2008/12/02 08:12:12 | 00,255,536 | ---- | M] (Symantec Corporation) -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.sys
[2008/12/02 08:12:00 | 00,000,172 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\isolate.ini
[2008/12/02 08:11:59 | 00,003,373 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.inf
[2008/12/02 08:11:59 | 00,001,611 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.inf
[2008/12/02 08:11:59 | 00,001,388 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.inf
[2008/12/02 08:11:59 | 00,001,382 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.inf
[2008/12/02 08:11:59 | 00,000,640 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.inf
[2008/12/02 08:11:51 | 00,013,089 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.cat
[2008/12/02 08:11:51 | 00,008,428 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.cat
[2008/12/02 08:11:51 | 00,008,390 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.cat
[2008/12/02 08:11:51 | 00,008,386 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.cat
[2008/12/02 08:11:51 | 00,008,382 | ---- | M] () -- F:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.CAT
[2008/12/02 08:02:06 | 56,742,296 | ---- | M] (Symantec Corporation) -- F:\Documents and Settings\saralynn\My Documents\NAV09EN.exe
[2008/12/02 07:42:55 | 00,000,517 | ---- | M] () -- F:\WINDOWS\win.ini
[2008/12/02 07:42:55 | 00,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
[2008/12/02 01:16:01 | 04,819,930 | -H-- | M] () -- F:\Documents and Settings\saralynn\Local Settings\Application Data\IconCache.db
[2008/12/02 00:00:41 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- F:\Documents and Settings\saralynn\My Documents\HiJackThis.exe
[2008/11/29 22:59:06 | 00,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/29 22:06:26 | 05,186,584 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\ikea hacker bedroom.mht
[2008/11/29 11:10:13 | 56,742,296 | ---- | M] (Symantec Corporation) -- F:\Documents and Settings\saralynn\Desktop\NAV09EN.exe
[2008/11/28 13:45:56 | 00,005,632 | ---- | M] () -- F:\Documents and Settings\saralynn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 17:08:52 | 00,000,739 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\MySpaceIM.lnk
[2008/11/15 17:05:47 | 05,013,575 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Pink - Who Knew.mp3
[2008/11/15 16:46:46 | 00,000,355 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\desktop.ini
[2008/11/15 16:46:32 | 00,013,868 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\Folder.jpg
[2008/11/15 16:46:32 | 00,013,868 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Large.jpg
[2008/11/15 16:46:30 | 00,003,019 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArtSmall.jpg
[2008/11/15 16:46:30 | 00,003,019 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Small.jpg
[2008/11/15 12:20:37 | 04,948,357 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\My Chemical Romance - Welcome To The Black Parade (Studio).mp3
[2008/11/15 12:20:26 | 04,711,442 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Lincoln Park-Breaking The Habit.mp3
[2008/11/15 12:18:12 | 00,013,196 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Large.jpg
[2008/11/15 12:17:52 | 00,003,137 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Small.jpg
[2008/11/15 12:13:04 | 00,006,931 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Large.jpg
[2008/11/15 12:13:01 | 00,001,969 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E819938E-EEA7-4097-8957-84C1F7EAFFF1}_Small.jpg
[2008/11/15 12:11:52 | 04,940,942 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Korn - All My Hate.mp3
[2008/11/15 12:10:37 | 00,012,293 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B83A5979-AA5B-4190-A542-69091460DBAF}_Large.jpg
[2008/11/15 12:10:37 | 00,002,921 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B83A5979-AA5B-4190-A542-69091460DBAF}_Small.jpg
[2008/11/15 11:45:29 | 04,784,830 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Creed - My Own Prison.mp3
[2008/11/15 11:45:01 | 00,001,303 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{498A6704-B895-48AB-B95F-3D3EE8BB00F6}_Large.jpg
[2008/11/15 11:45:01 | 00,000,727 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{498A6704-B895-48AB-B95F-3D3EE8BB00F6}_Small.jpg
[2008/11/15 11:42:32 | 09,633,144 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Baby Bash feat T-Pain- Cyclone.mp3
[2008/11/15 11:42:32 | 02,723,840 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Blink 182 - Emo.mp3
[2008/11/15 11:42:31 | 05,179,520 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Avril Lavigne - Girlfriend.mp3
[2008/11/15 11:41:24 | 00,012,329 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{BD9B4DAF-5003-4614-B42D-933B40941B8B}_Large.jpg
[2008/11/15 11:41:23 | 00,002,728 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{BD9B4DAF-5003-4614-B42D-933B40941B8B}_Small.jpg
[2008/11/15 11:40:46 | 00,010,231 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{670595F2-1307-4779-9DDD-82FD1A8406F3}_Large.jpg
[2008/11/15 11:40:44 | 00,002,650 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{670595F2-1307-4779-9DDD-82FD1A8406F3}_Small.jpg
[2008/11/15 11:40:23 | 00,012,778 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{656ECAE6-D6F8-408F-BC2D-F167DF5405AF}_Large.jpg
[2008/11/15 11:40:20 | 00,002,913 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{656ECAE6-D6F8-408F-BC2D-F167DF5405AF}_Small.jpg
[2008/11/15 11:36:50 | 07,073,939 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Young Bloodz Feat. Lil Jon, Ludacris & Bone Crusher - If You Don't Give A Damn (We Don't Give A f*#*) (Remix).mp3
[2008/11/15 11:36:49 | 04,878,088 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Three Six Mafia & Fiend - Bring Sally Up Remix.mp3
[2008/11/15 11:36:49 | 04,422,888 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\U2 - one.mp3
[2008/11/15 11:36:49 | 02,915,727 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\U2 - The Sweetest Thing.mp3
[2008/11/15 11:29:01 | 03,489,167 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Prince - Party Like it's 1999.mp3
[2008/11/15 11:23:35 | 03,991,552 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Mercy Me - I Can Only Imagine.mp3
[2008/11/15 11:21:49 | 04,665,662 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Linkin Park - Bleed It Out.mp3
[2008/11/15 11:20:50 | 06,458,880 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Lil Jon ft Mystikal Krayzie Bone - I Dont Give A f*#*.mp3
[2008/11/15 11:20:50 | 05,822,842 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Lil Webbie - Bounce That Ass Like That.mp3
[2008/11/15 11:18:55 | 08,944,411 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Kirk Franklin - The Fight of My Life - 08 - Jesus.mp3
[2008/11/15 11:18:55 | 07,583,872 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Kanye West - Stronger.mp3
[2008/11/15 11:18:54 | 04,701,902 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Kanye West - Jesus Walks With Me (Jarhead Soundtrack).mp3
[2008/11/15 11:18:53 | 03,590,569 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Johhny Cash - A Boy Named Sue.mp3
[2008/11/15 11:18:52 | 02,273,280 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\I Am Sam Soundtrack- Blackbird- Sarah McLaughlin.mp3
[2008/11/15 11:10:44 | 07,938,027 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Green Day - Wake Me Up When September Ends.mp3
[2008/11/15 11:10:44 | 02,471,575 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Green Day - Time of Your Life.mp3
[2008/11/15 11:10:33 | 07,961,258 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Green Day - Holiday.mp3
[2008/11/15 11:10:32 | 06,260,864 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Green Day - Boulevard Of Broken Dreams.mp3
[2008/11/15 11:10:31 | 02,935,779 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Green Day - Basket Case.mp3
[2008/11/15 11:10:29 | 03,659,424 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Fort Minor - Remember The Name(1).mp3
[2008/11/15 11:10:26 | 05,163,150 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Disney-Phil Collins - Tarzan - You'll Be In My Heart.mp3
[2008/11/15 11:03:20 | 02,349,810 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Blink 182 - What's My Age Again.mp3
[2008/11/15 11:03:19 | 04,035,920 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Blink 182 - All The Small Things.mp3
[2008/11/15 11:03:19 | 03,285,841 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Aly & AJ - The Potential Break Up Song.mp3
[2008/11/15 10:59:42 | 06,678,616 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hawthorne Heights - This Is Who We Are.mp3
[2008/11/15 10:59:42 | 05,886,589 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hawthorne Heights - Saying Sorry.mp3
[2008/11/15 10:59:40 | 06,228,491 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hawthorne Heights - Pens And Needles.mp3
[2008/11/15 10:59:39 | 06,605,808 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hawthorne Heights - If Only You Were Lonely - 08 - Breathing In Sequence.mp3
[2008/11/15 10:59:37 | 05,636,480 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Doors Down - Kryptonite.mp3
[2008/11/15 10:59:36 | 05,730,938 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Doors Down - Here Without You.mp3
[2008/11/15 10:59:35 | 03,586,268 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\02 DJ Unk--Walk It Out (dirty).mp3
[2008/11/15 10:49:13 | 06,724,469 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Young Jeezy- Gansta Music.mp3
[2008/11/15 10:49:13 | 06,301,382 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\YoungBloodz - Ev'rybody Know Me - 02 - Chop Chop.mp3

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:38 am

[2008/11/15 10:49:13 | 06,064,740 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\U2 - Vertigo.mp3
[2008/11/15 10:49:12 | 05,636,581 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\T-Pain - Im In Love With A Stripper.mp3
[2008/11/15 10:49:12 | 04,799,238 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\This Is It (feat Michael McDonald).mp3
[2008/11/15 10:49:12 | 04,596,435 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\U2 - Hold Me, Thrill Me, Kiss Me, Kill Me.mp3
[2008/11/15 10:49:12 | 04,470,404 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\U2 - Sunday Bloody Sunday.mp3
[2008/11/15 10:49:12 | 01,394,688 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\The Emo Song.mp3
[2008/11/15 10:49:11 | 03,975,499 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Poision - Talk Dirty to Me.mp3
[2008/11/15 10:49:11 | 03,475,699 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Saliva - Ladies and Gentlemen.mp3
[2008/11/15 10:49:10 | 03,834,402 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Pastor Troy- Who Do I Trust.mp3
[2008/11/15 10:49:09 | 09,740,824 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Mysterious Ways.mp3
[2008/11/15 10:49:08 | 05,286,339 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Ludachris ft. Field mob - Georgia.mp3
[2008/11/15 10:49:07 | 03,383,296 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Lil Kim feat. 50 Cent - Magic Stick.mp3
[2008/11/15 10:49:06 | 07,243,531 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Lil Jon And The Eastside Boyz - Bia Bia (Remix) (feat. Ludacris, Big Kap, Too Short & Chyna Whyte).mp3
[2008/11/15 10:49:05 | 05,018,480 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Justin Timberlake - Sexy Back.mp3
[2008/11/15 10:49:04 | 03,186,655 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Journey - Open Arms.mp3
[2008/11/15 10:49:01 | 04,006,778 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Journey - Don't Stop Believing.mp3
[2008/11/15 10:48:58 | 05,764,829 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\jim_jones-we_fly_high.mp3
[2008/11/15 10:48:52 | 06,675,208 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hawthorne Heights-Wake Up Call.mp3
[2008/11/15 10:48:41 | 05,193,652 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hawthorne Heights - We Are So Last Year.mp3
[2008/11/15 10:48:27 | 05,464,745 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hawthorne Heights - Screenwriting An Apology.mp3
[2008/11/15 10:48:16 | 03,919,630 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hawthorne Heights - Ohio Is For Lovers.mp3
[2008/11/15 10:48:00 | 04,545,575 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Hannah Montana - Best Of Both Worlds.mp3
[2008/11/15 10:44:57 | 00,006,532 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{97A9E57A-B45A-4C99-B1F0-E32F4DE4F0F6}_Large.jpg
[2008/11/15 10:44:45 | 00,012,277 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{11630964-F909-455D-A1A6-5E0B3DB9CE29}_Large.jpg
[2008/11/15 10:44:42 | 00,010,192 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E6FBCABB-CC3C-4039-BFDD-A953B95FF45D}_Large.jpg
[2008/11/15 10:44:41 | 00,001,976 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{97A9E57A-B45A-4C99-B1F0-E32F4DE4F0F6}_Small.jpg
[2008/11/15 10:44:40 | 00,010,990 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{62DCE68D-B4F9-4251-9A56-6380272C997E}_Large.jpg
[2008/11/15 10:44:40 | 00,002,963 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{11630964-F909-455D-A1A6-5E0B3DB9CE29}_Small.jpg
[2008/11/15 10:44:39 | 00,013,406 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{058BFF84-6FD0-4327-8EB0-9A0ADC705C06}_Large.jpg
[2008/11/15 10:44:38 | 00,008,307 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{0A6E2A24-BD47-459C-BC1E-9460E8285156}_Large.jpg
[2008/11/15 10:44:38 | 00,002,897 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{E6FBCABB-CC3C-4039-BFDD-A953B95FF45D}_Small.jpg
[2008/11/15 10:44:37 | 00,012,512 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
[2008/11/15 10:44:36 | 00,002,630 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{62DCE68D-B4F9-4251-9A56-6380272C997E}_Small.jpg
[2008/11/15 10:44:35 | 00,012,739 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{33F3E683-224C-4070-92CD-FDB81EF5F139}_Large.jpg
[2008/11/15 10:44:35 | 00,003,080 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{058BFF84-6FD0-4327-8EB0-9A0ADC705C06}_Small.jpg
[2008/11/15 10:44:34 | 00,009,730 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{306CE089-5123-4787-9B6D-62FC258ACFC8}_Large.jpg
[2008/11/15 10:44:34 | 00,002,371 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{0A6E2A24-BD47-459C-BC1E-9460E8285156}_Small.jpg
[2008/11/15 10:44:33 | 00,002,893 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
[2008/11/15 10:44:31 | 00,010,745 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{17D4B09F-CBD2-422E-9187-A44ACEE00747}_Large.jpg
[2008/11/15 10:44:31 | 00,003,324 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{33F3E683-224C-4070-92CD-FDB81EF5F139}_Small.jpg
[2008/11/15 10:44:29 | 00,013,072 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{D4AD2F38-834F-4600-B962-A63C3964EBC6}_Large.jpg
[2008/11/15 10:44:28 | 00,002,264 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{306CE089-5123-4787-9B6D-62FC258ACFC8}_Small.jpg
[2008/11/15 10:44:27 | 00,010,852 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{1464F194-56AC-4BB2-A3B4-FC0E940E3267}_Large.jpg
[2008/11/15 10:44:26 | 00,006,724 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ABE5B00A-3886-4243-97A5-33B1D4B7E769}_Large.jpg
[2008/11/15 10:44:25 | 00,002,677 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{17D4B09F-CBD2-422E-9187-A44ACEE00747}_Small.jpg
[2008/11/15 10:44:24 | 00,011,460 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{4A5EFBA2-D22C-4330-A50C-2F56F94DD719}_Large.jpg
[2008/11/15 10:44:23 | 00,003,094 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{D4AD2F38-834F-4600-B962-A63C3964EBC6}_Small.jpg
[2008/11/15 10:44:22 | 00,009,031 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DC427828-91E8-42AA-85C5-1CE2DAC9D47C}_Large.jpg
[2008/11/15 10:44:21 | 00,002,931 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{1464F194-56AC-4BB2-A3B4-FC0E940E3267}_Small.jpg
[2008/11/15 10:44:20 | 00,002,073 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ABE5B00A-3886-4243-97A5-33B1D4B7E769}_Small.jpg
[2008/11/15 10:44:19 | 00,014,981 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B987A266-D530-414E-8D4F-92144BD499BF}_Large.jpg
[2008/11/15 10:44:19 | 00,002,748 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{4A5EFBA2-D22C-4330-A50C-2F56F94DD719}_Small.jpg
[2008/11/15 10:44:18 | 00,016,043 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{509A6003-116F-41A9-A2A2-B65AD211E222}_Large.jpg
[2008/11/15 10:44:17 | 00,001,994 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DC427828-91E8-42AA-85C5-1CE2DAC9D47C}_Small.jpg
[2008/11/15 10:44:16 | 00,012,742 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9F431219-199B-4B1A-957B-98C38C72D761}_Large.jpg
[2008/11/15 10:44:16 | 00,010,844 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9944B742-E315-4EA9-A17D-8C637E4E5C52}_Large.jpg
[2008/11/15 10:44:15 | 00,003,132 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{B987A266-D530-414E-8D4F-92144BD499BF}_Small.jpg
[2008/11/15 10:44:14 | 00,012,883 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{752992E3-4210-43CE-BB5B-E42E6037332E}_Large.jpg
[2008/11/15 10:44:14 | 00,003,604 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{509A6003-116F-41A9-A2A2-B65AD211E222}_Small.jpg
[2008/11/15 10:44:14 | 00,002,953 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9F431219-199B-4B1A-957B-98C38C72D761}_Small.jpg
[2008/11/15 10:44:13 | 00,002,734 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9944B742-E315-4EA9-A17D-8C637E4E5C52}_Small.jpg
[2008/11/15 10:41:56 | 00,009,043 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{2AD8D435-93E7-49FB-9B39-D71175FDB2D1}_Large.jpg
[2008/11/15 10:41:56 | 00,002,081 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{2AD8D435-93E7-49FB-9B39-D71175FDB2D1}_Small.jpg
[2008/11/15 10:40:09 | 02,856,053 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\green day - greenday - when i come around.mp3
[2008/11/15 10:40:08 | 04,277,322 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Green Day - American Idiot.mp3
[2008/11/15 10:40:07 | 03,815,424 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Foghat - Slow Ride.mp3
[2008/11/15 10:40:06 | 04,598,407 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Fall Out Boy - Grand Theft Autumn.mp3
[2008/11/15 10:40:03 | 03,547,134 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\DEF LEPARD ~ ROCK YOU LIKE A HURRICANE.mp3
[2008/11/15 10:40:01 | 06,315,145 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\Buckcherry - Crazy b*#**.mp3
[2008/11/15 10:39:54 | 05,059,488 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\50 Cent - Candy Shop.mp3
[2008/11/15 10:39:53 | 05,572,608 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Days Grace- Pain.mp3
[2008/11/15 10:39:53 | 04,570,663 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Doors Down - Right Where I Belong.mp3
[2008/11/15 10:39:52 | 06,549,001 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\13-jim_jones-weatherman_(ft._lil_wayne_stack_bundles).mp3
[2008/11/15 10:39:52 | 05,205,254 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Days Grace - Take Me Under.mp3
[2008/11/15 10:39:52 | 03,864,248 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\3 Days Grace - Scared.mp3
[2008/11/14 23:11:20 | 00,091,888 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/14 21:58:53 | 00,001,393 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2008/11/14 21:45:18 | 00,001,045 | ---- | M] () -- F:\Documents and Settings\saralynn\My Documents\omegaplague.zip
[2008/11/14 21:21:04 | 00,000,847 | ---- | M] () -- F:\WINDOWS\disney.ini
[2008/11/14 20:46:34 | 00,008,839 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Large.jpg
[2008/11/14 20:46:25 | 00,010,582 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ECA94AE1-6C52-484B-87F1-1CCA0A755699}_Large.jpg
[2008/11/14 20:46:24 | 00,012,934 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{2B510470-2278-439A-86C1-638DDEE2896B}_Large.jpg
[2008/11/14 20:46:24 | 00,003,140 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{752992E3-4210-43CE-BB5B-E42E6037332E}_Small.jpg
[2008/11/14 20:46:23 | 00,002,611 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DEE2F966-6F11-4EB9-8FE2-385A92B24890}_Small.jpg
[2008/11/14 20:46:22 | 00,011,351 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{EEE9E1F7-95CF-4366-8113-42D073C5ED5E}_Large.jpg
[2008/11/14 20:46:22 | 00,002,470 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{ECA94AE1-6C52-484B-87F1-1CCA0A755699}_Small.jpg
[2008/11/14 20:46:20 | 00,014,096 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9A905385-3229-408A-981B-AE5B42E378FD}_Large.jpg
[2008/11/14 20:46:20 | 00,003,136 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{2B510470-2278-439A-86C1-638DDEE2896B}_Small.jpg
[2008/11/14 20:46:18 | 00,006,542 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Large.jpg
[2008/11/14 20:46:17 | 00,002,654 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{EEE9E1F7-95CF-4366-8113-42D073C5ED5E}_Small.jpg
[2008/11/14 20:46:11 | 00,011,018 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{75C12C02-2B77-4EBC-904E-D2301F4E6464}_Large.jpg
[2008/11/14 20:46:09 | 00,003,156 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{9A905385-3229-408A-981B-AE5B42E378FD}_Small.jpg
[2008/11/14 20:46:04 | 00,002,037 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Small.jpg
[2008/11/14 20:45:55 | 00,015,033 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{27D12695-BCD7-4477-9642-CE3FBC66C3F6}_Large.jpg
[2008/11/14 20:45:53 | 00,002,648 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{75C12C02-2B77-4EBC-904E-D2301F4E6464}_Small.jpg
[2008/11/14 20:45:43 | 00,003,233 | -HS- | M] () -- F:\Documents and Settings\saralynn\My Documents\AlbumArt_{27D12695-BCD7-4477-9642-CE3FBC66C3F6}_Small.jpg
[2008/11/13 07:24:19 | 00,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2008/11/10 23:54:01 | 00,311,604 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2008/11/10 23:54:01 | 00,039,992 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2008/11/10 23:54:00 | 00,356,120 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
< End of report >

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Thu Dec 04, 2008 1:40 am

Hmm, that didn't show the rootkit, but I want to see what you've turned off in msconfig.

Now open a new notepad file.
Input this into the notepad file:

@echo off
echo The log can be found at %systemdrive%\startup.txt if Notepad doesn't open automatically.
if exist %systemdrive%\peek*.txt del /q %systemdrive%\peek*.txt
if exist %systemdrive%\startup.txt del /q %systemdrive%\startup.txt
regedit /e %systemdrive%\peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
regedit /e %systemdrive%\peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"
regedit /e %systemdrive%\peek3.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services"
type %systemdrive%\peek*.txt >> %systemdrive%\startup.txt
echo End >> %systemdrive%\startup.txt
del /q %systemdrive%\peek*.txt
notepad %systemdrive%\startup.txt

Save this as look.bat, save it to your desktop.
Double click look.bat and the black cmd window will open and close, this is normal.
Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 1:59 am

A black box flashes on the screen. It doesn't stay so, how do I copy?

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 6:57 am

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\froman\fcharset0 Times New Roman;}{\f1\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\sb100\sa100\f0\fs24 @echo off\line echo The log can be found at %systemdrive%\\startup.txt if Notepad doesn't open automatically.\line if exist %systemdrive%\\peek*.txt del /q %systemdrive%\\peek*.txt\line if exist %systemdrive%\\startup.txt del /q %systemdrive%\\startup.txt\line regedit /e %systemdrive%\\peek1.txt "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Shared Tools\\MSConfig\\startupreg"\line regedit /e %systemdrive%\\peek2.txt "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Shared Tools\\MSConfig\\startupfolder"\line regedit /e %systemdrive%\\peek3.txt "HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\services"\line type %systemdrive%\\peek*.txt >> %systemdrive%\\startup.txt\line echo End >> %systemdrive%\\startup.txt\line del /q %systemdrive%\\peek*.txt\line notepad %systemdrive%\\startup.txt\line\par
\pard\f1\fs20\par
}

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Thu Dec 04, 2008 2:19 pm

Hello.
That went wrong, don't know why.
OTViewIt log looks clean.

What problems still remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Thu Dec 04, 2008 10:20 pm

My original problem still remains....I cannot connect to the internet through main computer. I have been using another computer in the same house to do thie things you have asked....I've been downloading from the internet on one of my computers, saving to flashdrive and installing and running on the computer that does not connect. Now the computer i have been using is not connecting to the internet. I connected my old computer and am using now. I really need help!!! 2 computer not connecting....when i try and connect they both do the same thing....try using a dial-up.

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Thu Dec 04, 2008 10:31 pm

Okay.
Only one is able to do this, we'll scan for it in a minute.
But otherwise, the connection problem is likely to be some settings need configuring in your dialup connection. And trust me, I used to have dial-up, and one of the tech staff here still have dial-up, I know what a pain it can be.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\test.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Leave the box below it unticked.
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 2:14 am

That is a problem....I don't have dial-up...I have cable and all my computers are connected by wireless router.

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 2:17 am

I tried to restore system today on both computers. That did not solve the problem. I tired to reinstall wireless router...I had an error message that said something about network and port..

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 2:25 am

I don't have avenger I have norton installed.

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 12:36 pm

Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005
Warning: Action failed for registry key HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}: creating registry key....
Error 0x80070005
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}:409: creating registry value....
Parent registry key for value creation has not been initialized.
Rollback:
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}:409: removing registry value....
Internal error. Registry handle has not been opened.
Warning: Action failed for registry key HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}: removing registry key....
Error 0x80070005

This is what happened when tried to install avenger!! Can you please help? There is something blocking my access to the internet. Now I have 2 computers down. Isn't it strange that the computer that I was using to download all the information now can't connect to internet but another computer on the same system connects....this one.

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Fri Dec 05, 2008 3:04 pm

Hello.
The avenger doesn't install, it's standalone and runs by itself.

Can you get me a new combofix log, download and run combofix again. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 6:07 pm

ComboFix 08-12-01.03 - Owner 2008-12-05 12:44:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.498 [GMT -5:00]
Running from: G:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\FunWebProducts
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\outfit.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\register.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\zbucks.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
C:\smp.bat

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-05 12:51 . 2008-12-05 12:51 d-------- c:\documents and settings\Owner\WPDNSE
2008-12-05 12:48 . 2008-12-05 12:48 60,416 --a------ C:\Perflib_Perfdata__755.dat
2008-12-02 21:15 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 5 for Silent Runners.zip
2008-12-02 21:14 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 4 for Silent Runners.zip
2008-12-02 21:13 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 3 for Silent Runners.zip
2008-12-02 21:11 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 2 for Silent Runners.zip
2008-12-02 21:10 . 2008-12-02 21:16 d--h----- c:\documents and settings\Owner\Temporary Directory 1 for Silent Runners.zip
2008-12-02 08:14 . 2008-12-02 08:14 d-------- c:\windows\system32\drivers\NAV
2008-12-02 08:14 . 2008-12-02 08:14 d-------- c:\program files\Windows Sidebar
2008-12-02 08:14 . 2008-12-02 08:14 d-------- c:\program files\Symantec
2008-12-02 08:14 . 2008-12-02 08:14 d-------- c:\program files\Norton AntiVirus
2008-12-02 08:14 . 2008-12-02 08:14 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-02 08:14 . 2008-12-02 08:14 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-02 08:14 . 2008-12-02 08:14 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-12-02 08:14 . 2008-12-02 08:14 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-02 08:14 . 2008-12-02 08:14 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-02 08:13 . 2008-12-02 08:13 d-------- c:\program files\NortonInstaller
2008-11-29 00:44 . 2008-11-29 00:44 d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-28 13:28 . 2007-01-02 11:23 d-------- c:\documents and settings\Administrator.DGXLCBC1\Application Data\InstallShield
2008-11-28 13:28 . 2007-01-02 11:26 d--h----- c:\documents and settings\Administrator.DGXLCBC1\Application Data\Gtek
2008-11-28 13:28 . 2008-12-04 14:11 d-------- c:\documents and settings\Administrator.DGXLCBC1
2008-11-28 11:04 . 2008-12-05 12:50 2,206 --a------ c:\windows\system32\wpa.dbl
2008-11-28 10:35 . 2008-11-27 11:28 1,409 --a------ c:\windows\QTFont.for
2008-11-28 09:39 . 2008-11-28 09:39 2 --a------ c:\windows\msoffice.ini
2008-11-28 09:37 . 2008-06-03 01:08 122,880 --------- c:\documents and settings\Owner\uninst.dll
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WERf9a9.dir00
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WERa830.dir00
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WER8f4e.dir00
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WER6f07.dir00
2008-11-28 09:27 . 2008-11-28 09:27 d-------- c:\documents and settings\Owner\WER59b1.dir00
2008-11-28 09:26 . 2008-11-28 09:26 d-------- c:\documents and settings\Owner\WERc056.dir00
2008-11-28 09:25 . 2008-11-28 09:25 d-------- c:\documents and settings\Owner\WERafce.dir00
2008-11-28 09:25 . 2008-11-28 09:26 d-------- c:\documents and settings\Owner\WER4cc2.dir00
2008-11-28 09:24 . 2008-11-28 09:24 d-------- c:\documents and settings\Owner\WER28a1.dir00
2008-11-28 09:24 . 2008-11-28 09:24 d-------- c:\documents and settings\Owner\WER04e3.dir00
2008-11-27 11:28 . 2008-11-28 13:51 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-26 23:16 . 2008-11-28 10:15 d-------- c:\documents and settings\Owner\~nsu.tmp
2008-11-19 08:56 . 2008-11-19 08:56 d-------- c:\documents and settings\Owner\WER941d.dir00
2008-11-19 08:56 . 2008-11-19 08:56 d-------- c:\documents and settings\Owner\WER8fcb.dir00
2008-11-19 08:56 . 2008-11-19 08:56 d-------- c:\documents and settings\Owner\WER8bf2.dir00
2008-11-19 08:56 . 2008-11-19 08:57 d-------- c:\documents and settings\Owner\WER5c61.dir00
2008-11-19 08:55 . 2008-11-19 08:55 d-------- c:\documents and settings\Owner\WER9a7a.dir00
2008-11-19 08:55 . 2008-11-19 08:55 d-------- c:\documents and settings\Owner\WER818f.dir00
2008-11-19 08:55 . 2008-11-19 08:55 d-------- c:\documents and settings\Owner\WER7b39.dir00
2008-11-15 11:41 . 2008-12-04 14:14 54,980 --a------ C:\VETlog.dmp
2008-11-14 23:47 . 2008-11-14 23:47 d-------- c:\documents and settings\Owner\WER6ae3.dir00
2008-11-14 22:53 . 2008-11-14 22:54 d-------- c:\documents and settings\Owner\Application Data\TypingMaster7
2008-11-12 23:20 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 23:18 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:00 . 2008-11-25 07:07 4,194,310 --a------ c:\windows\pfirewall.log.old
2008-11-10 02:54 . 2008-12-04 14:14 79 --a------ c:\windows\win.ini
2008-11-10 01:25 . 2008-11-29 00:45 d-------- c:\windows\system32\%windir%
2008-11-09 21:11 . 2008-12-05 12:43 d-------- c:\documents and settings\Owner\Application Data\U3
2008-11-08 13:22 . 2008-11-08 13:22 d-------- c:\documents and settings\Owner\WERdf90.dir00
2008-11-08 13:22 . 2008-11-08 13:22 d-------- c:\documents and settings\Owner\WERd62c.dir00
2008-11-08 13:21 . 2008-11-08 13:21 d-------- c:\documents and settings\Owner\WERdff4.dir00
2008-11-08 13:21 . 2008-11-08 13:21 d-------- c:\documents and settings\Owner\WERdacc.dir00
2008-11-08 13:21 . 2008-11-08 13:21 d-------- c:\documents and settings\Owner\WER48cb.dir00
2008-11-08 13:21 . 2008-11-08 13:21 d-------- c:\documents and settings\Owner\WER41fc.dir00
2008-11-07 18:36 . 2008-11-07 18:36 d-------- c:\documents and settings\Owner\{7981fc64-5f91-49c3-91b6-3fddb8e77997}
2008-11-07 18:36 . 2008-11-07 18:36 d-------- c:\documents and settings\Owner\_tf20.tmp
2008-11-07 15:52 . 2008-11-07 16:36 d-------- c:\documents and settings\Owner\WERd6c8.dir00
2008-11-07 15:52 . 2008-11-07 16:36 d-------- c:\documents and settings\Owner\WER4354.dir00
2008-11-06 12:14 . 2008-11-06 12:14 d-------- c:\documents and settings\LocalService\SEE2B99.tmp
2008-11-06 12:14 . 2008-11-06 12:30 d-------- c:\documents and settings\LocalService\~nsu.tmp
2008-11-06 12:12 . 2008-11-06 12:12 d-------- c:\program files\Common Files\Winferno
2008-11-06 12:12 . 2006-10-09 12:28 835,584 --a------ c:\windows\system32\WINCTL4.OCX
2008-11-06 12:12 . 2006-10-09 13:06 495,616 --a------ c:\windows\system32\WINUTIL5.DLL
2008-11-06 12:12 . 2006-05-17 08:40 393,216 --a------ c:\windows\system32\WINLCTL5.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M .2008-11-13 08:04:16

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 6:09 pm

008-11-07 15:52 . 2008-11-07 16:36 d-------- c:\documents and settings\Owner\WER4354.dir00
2008-11-06 12:14 . 2008-11-06 12:14 d-------- c:\documents and settings\LocalService\SEE2B99.tmp
2008-11-06 12:14 . 2008-11-06 12:30 d-------- c:\documents and settings\LocalService\~nsu.tmp
2008-11-06 12:12 . 2008-11-06 12:12 d-------- c:\program files\Common Files\Winferno
2008-11-06 12:12 . 2006-10-09 12:28 835,584 --a------ c:\windows\system32\WINCTL4.OCX
2008-11-06 12:12 . 2006-10-09 13:06 495,616 --a------ c:\windows\system32\WINUTIL5.DLL
2008-11-06 12:12 . 2006-05-17 08:40 393,216 --a------ c:\windows\system32\WINLCTL5.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 19:34 --------- d-----w c:\program files\BAE
2008-12-02 13:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-02 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2008-11-28 14:44 --------- d-----w c:\program files\Java
2008-11-28 14:40 --------- d-----w c:\program files\Common Files\aolshare
2008-11-28 14:40 --------- d-----w c:\program files\Common Files\AOL
2008-11-28 14:40 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-27 16:32 --------- d-----w c:\documents and settings\Owner\Application Data\Corel
2008-11-27 04:16 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-11-27 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-25 21:10 1,188 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-11-07 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-07 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-06 17:59 666 ----a-w c:\documents and settings\Owner\_uninsep.bat
2008-11-03 17:43 --------- d-----w c:\program files\Google
2008-10-30 17:13 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-30 14:59 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-10-29 16:47 --------- d-----w c:\documents and settings\Owner\Application Data\Itsth
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 14:34 122,268 ----a-w c:\documents and settings\Owner\GLF2BB1.EXE
2008-10-16 15:21 30 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2008-10-09 14:56 43,879,424 ----a-w c:\documents and settings\Owner\Stp651_TMP.EXE
2008-10-09 14:54 --------- d-----w c:\program files\Common Files\Download Manager
2008-09-06 06:27 2,597,608 ----atw c:\documents and settings\Owner\ytb_7.2.2.0_1.6.1_ysp_1.2.6_mail_bts_pub_us_setup_.exe
2008-09-05 17:41 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-09-05 17:41 249,856 ------w c:\windows\Setup1.exe
2008-06-03 05:36 4,085,904 ------w c:\documents and settings\Owner\WMFDist.exe
2008-01-09 14:29 122,007 ----a-w c:\documents and settings\Owner\GLF2BBF.EXE
2007-10-11 11:20 116,096 ----a-w c:\documents and settings\Owner\AcsInstall.dll
2004-04-23 05:00 13,824 ----a-w c:\documents and settings\Owner\cnmss Canon PIXMA iP4000 (Local).exe
2004-04-23 05:00 13,824 ----a-w c:\documents and settings\LocalService\cnmss Canon PIXMA iP4000 (Local).exe
2003-10-23 18:27 22,528 ----a-w c:\documents and settings\Owner\SHFOLDER.DLL
2002-07-26 21:02 153,088 ----a-w c:\documents and settings\Owner\uninst.exe
2008-09-03 07:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090320080904\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"tkbellexe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-25 185896]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143360]
"sunjavaupdatesched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"nvcpldaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"maxtoronetouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 823296]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"dla"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"callcontrol 4.5"="c:\program files\FaxTalk Communicator\FTCtrl32.exe" [2003-03-20 122880]
"adobe reader speed launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
BJ Status Monitor Canon PIXMA iP4000.lnk - c:\documents and settings\Owner\cnmss Canon PIXMA iP4000 (Local).exe [2008-04-15 13824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^owner^start menu^programs^startup^bj status monitor canon pixma ip4000.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\BJ Status Monitor Canon PIXMA iP4000.lnk
backup=c:\windows\pss\BJ Status Monitor Canon PIXMA iP4000.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\corel photo downloader]
--a------ 2006-08-14 14:20 462336 c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\google desktop search]
--a------ 2007-08-14 23:53 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager]
--a------ 2007-10-08 16:50 41824 c:\program files\Common Files\AOL\1171071908\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isusscheduler]
--a------ 2004-07-27 16:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"MyWebSearch Email Plugin"=c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1171071908\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.]
"c:\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Owner\\7zS6B2.tmp\\SymNRT.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1001000.021\SYMEFA.SYS [2008-12-02 309296]
R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NAV\1001000.021\BHDrvx86.sys [2008-12-02 255536]
R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NAV\1001000.021\ccHPx86.sys [2008-12-02 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2008-12-02 274808]
R2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-02 99376]
S1 1864aebb;1864aebb;c:\windows\system32\drivers\1864aebb.sys []
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\Drivers\olcamudp.sys [2007-02-19 10379]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc3ae7e-b178-11db-8214-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-sigmatelsystrayapp - stsystra.exe
MSConfigStartUp-quicktime task - c:\program files\QuickTime\QTTask.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\s2l4rf8v.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [You must be registered and logged in to see this link.]
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdnu.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-05 12:51:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
c:\combofix\hidec.exe
c:\windows\stsystra.exe
c:\program files\FaxTalk Communicator\fapiexe.exe
c:\windows\system32\spool\drivers\w32x86\3\CNMSM64.EXE
c:\windows\system32\rasautou.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\combofix\Catchme.tmp
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-12-05 12:56:07 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-05 17:54:45

Pre-Run: 137,945,124,864 bytes free
Post-Run: 138,119,168,000 bytes free

289 --- E O F --- 2008-11-13 08:04:16

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 6:27 pm

I am still unable to connect to the internet. Error message 769...WAN miniport

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Fri Dec 05, 2008 6:32 pm

Seems mywebsearch got in. Lets get rid of the infections before the troubleshoot that.

Now open a new notepad file.
Input this into the notepad file:

Driver::
1864aebb

File::
c:\documents and settings\Owner\Temporary Directory 5 for Silent Runners.zip
c:\documents and settings\Owner\Temporary Directory 4 for Silent Runners.zip
c:\documents and settings\Owner\Temporary Directory 3 for Silent Runners.zip
c:\documents and settings\Owner\Temporary Directory 2 for Silent Runners.zip
c:\documents and settings\Owner\Temporary Directory 1 for Silent Runners.zip
c:\documents and settings\Owner\~nsu.tmp
c:\documents and settings\Owner\_tf20.tmp
c:\documents and settings\Owner\_uninsep.bat
c:\windows\system32\drivers\1864aebb.sys

DirLook::
c:\windows\system32\%windir%

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MyWebSearch Email Plugin"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc3ae7e-b178-11db-8214-00038a000015}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 6:59 pm

First it kept telling me that I had misspelled CFScript and would not run and now it does nothing

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 7:02 pm

Now combofix will not run. The little box comes up and then....nothing

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Fri Dec 05, 2008 7:19 pm

Maybe we can use OTMoveIt.


Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :processes
    explorer.exe

    :files
    c:\documents and settings\Owner\Temporary Directory 5 for Silent Runners.zip
    c:\documents and settings\Owner\Temporary Directory 4 for Silent Runners.zip
    c:\documents and settings\Owner\Temporary Directory 3 for Silent Runners.zip
    c:\documents and settings\Owner\Temporary Directory 2 for Silent Runners.zip
    c:\documents and settings\Owner\Temporary Directory 1 for Silent Runners.zip
    c:\documents and settings\Owner\~nsu.tmp
    c:\documents and settings\Owner\_tf20.tmp
    c:\documents and settings\Owner\_uninsep.bat
    c:\windows\system32\drivers\1864aebb.sys

    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MyWebSearchService"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MyWebSearch Email Plugin"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc3ae7e-b178-11db-8214-00038a000015}]

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 8:50 pm

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 OTViewIt Extras logfile created on: 2008-12-03 15:20:31 - Run \par
OTViewIt by OldTimer - Version 1.0.20.0 Folder = G:\\\par
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation\par
Internet Explorer (Version = 7.0.5730.11)\par
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd\par
\par
958.42 Mb Total Physical Memory | 544.86 Mb Available Physical Memory | 56.85% Memory free\par
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.75% Paging File free\par
Paging file location(s): C:\\pagefile.sys 1440 2880;\par
\par
%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files\par
Drive C: | 145.87 Gb Total Space | 128.56 Gb Free Space | 88.14% Space Free | Partition Type: NTFS\par
D: Drive not present or media not loaded\par
E: Drive not present or media not loaded\par
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
Drive G: | 1.86 Gb Total Space | 1.67 Gb Free Space | 89.45% Space Free | Partition Type: FAT\par
H: Drive not present or media not loaded\par
I: Drive not present or media not loaded\par
\par
Computer Name: DGXLCBC1\par
Current User Name: Owner\par{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 OTViewIt Extras logfile created on: 2008-12-03 15:20:31 - Run \par
OTViewIt by OldTimer - Version 1.0.20.0 Folder = G:\\\par
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation\par
Internet Explorer (Version = 7.0.5730.11)\par
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd\par
\par
958.42 Mb Total Physical Memory | 544.86 Mb Available Physical Memory | 56.85% Memory free\par
2.26 Gb Paging File | 1.89 Gb Available in Paging File | 83.75% Paging File free\par
Paging file location(s): C:\\pagefile.sys 1440 2880;\par
\par
%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files\par
Drive C: | 145.87 Gb Total Space | 128.56 Gb Free Space | 88.14% Space Free | Partition Type: NTFS\par
D: Drive not present or media not loaded\par
E: Drive not present or media not loaded\par
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
Drive G: | 1.86 Gb Total Space | 1.67 Gb Free Space | 89.45% Space Free | Partition Type: FAT\par
H: Drive not present or media not loaded\par
I: Drive not present or media not loaded\par
\par
Computer Name: DGXLCBC1\par
Current User Name: Owner\par
Logged in as Administrator.\par
\par
Current Boot Mode: Normal\par
Scan Mode: Current user\par
Whitelist: On\par
File Age = 30 Days\par
\par
========== File Associations ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\]\par
.reg [@ = regfile] -- regedit.exe "%1"\par
\par
========== Security Center Settings ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]\par
"FirstRunDisabled"=1\par
"AntiVirusDisableNotify"=0\par
"FirewallDisableNotify"=0\par
"UpdatesDisableNotify"=0\par
"AntiVirusOverride"=1\par
"FirewallOverride"=0\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\AhnlabAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ComputerAssociatesAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SophosAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecAntiVirus]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecFirewall]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TinyFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ZoneLabsFirewall]\par
\par
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\par
"EnableFirewall"=1\par
"DoNotAllowExceptions"=0\par
"DisableNotifications"=0\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications]\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts]\par
\par
========== Authorized Applications List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]\par
"%windir%\\system32\\sessmgr.exe"=%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\par
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL\par
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL\par
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\par
File not found -- C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]\par
"%windir%\\system32\\sessmgr.exe"=%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\par
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL\par
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL\par
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\par
File not found -- C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0\par
[2007-10-08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\1171071908\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\par
[2007-08-30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger\par
[2007-08-30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server\par
File not found -- C:\\Program Files\\Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody Media Player\par
[2008-03-30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes\par
File not found -- C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client\par
[2008-08-23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\par
File not found -- C:\\Program Files\\Tams11\\Games\\Spades\\spades.exe:*:Enabled:spades\par
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.] Transfer Program\par
File not found -- C:\\WINDOWS\\LMI789.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-06-03 00:36:06 | 00,039,264 | ---- | M] (AOL, LLC.) -- C:\\AOL 9.1\\waol.exe:*:Enabled:AOL\par
[2007-04-02 07:33:32 | 00,063,120 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed\par
[2005-07-11 16:35:18 | 00,011,352 | ---- | M] (America Online, Inc.) -- C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader\par
[2007-09-17 08:02:47 | 00,206,176 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information\par
[2008-04-13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console\par
File not found -- C:\\WINDOWS\\LMID58.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2007-01-01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\par
File not found -- C:\\WINDOWS\\LMI6B1.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-09-29 01:35:23 | 02,499,928 | ---- | M] (Symantec Corporation) -- C:\\Documents and Settings\\Owner\\7zS6B2.tmp\\SymNRT.exe:*:Enabled:Norton Removal Tool\par
File not found -- C:\\WINDOWS\\LMI31.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-04-17 18:27:00 | 09,117,696 | ---- | M] () -- C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM\par
\par
========== (O18) Protocol Handlers ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\]\par
ipp: [HKLM - No CLSID value]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL ipp\\0x00000001:\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAMON.BINDER]\par
msdaipp: [HKLM - No CLSID value]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\0x00000001:\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAMON.BINDER]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\oledb:\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 8:51 pm

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\oledb:\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAIPP.BINDER]\par
[2006-06-04 18:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\Information Retrieval\\msitss.dll (ms-itss:\{0A9007C0-4076-11D3-8789-0000F8105754\} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])\par
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\11\\OWC11.DLL (mso-offdap11:\{32505114-5902-49B2-880A-1F7738E5A384\} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])\par
\par
========== (O18) Protocol Filters ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\] - Protocol Filters\par
[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\MSOXMLMF.DLL text/xml:\{807553E5-5146-11D5-A672-00B0D022E945\} (HKLM) [Reg Error: Value does not exist or could not be read.]\par
\par
========== HKEY_LOCAL_MACHINE Uninstall List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"\{02DFF6B1-1654-411C-8D7B-FD6052EF016F\}"=Apple Software Update\par
"\{075473F5-846A-448B-BCB3-104AA1760205\}"=Roxio RecordNow Data\par
"\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B\}"=Microsoft Plus! Photo Story 2 LE\par
"\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6\}"=Roxio DLA\par
"\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD\}"=QuickTime\par
"\{1EA8F972-45F7-497D-8A03-F40F1A421099\}"=Hallmark Card Studio 3\par
"\{20c53fa2-4307-4671-a93f-9463b29dfcf1\}"=Symantec Technical Support Web Controls\par
"\{21657574-BD54-48A2-9450-EB03B2C7FC29\}"=Roxio MyDVD LE\par
"\{226b64e8-dc75-4eea-a6c8-abcb496320f2\}-Google Talk"=Google Talk (remove only)\par
"\{2318C2B1-4965-11d4-9B18-009027A5CD4F\}"=Google Toolbar for Internet Explorer\par
"\{231F68F4-70E4-41A6-BEDA-7E7934169B54\}"=Maxtor OneTouch\par
"\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31\}"=Rhapsody Player Engine\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160010\}"=Java(TM) SE Runtime Environment 6 Update 1\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160020\}"=Java(TM) 6 Update 2\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160030\}"=Java(TM) 6 Update 3\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160050\}"=Java(TM) 6 Update 5\par
"\{33BB4982-DC52-4886-A03B-F4C5C80BEE89\}"=Windows Media Player 10\par
"\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227\}"=WebFldrs XP\par
"\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C\}"=URL Assistant\par
"\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54\}"=Dell CinePlayer\par
"\{44734179-8A79-4DEE-BB08-73037F065543\}"=Apple Mobile Device Support\par
"\{55B30AF2-7331-4436-9318-D9EA45A42F79\}"=The Print Shop 21\par
"\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B\}"=iTunes\par
"\{5AF8C46D-A141-4E69-9EB5-76A43ED29281\}"=Charter High Speed Internet Self-Installation Wizard\par
"\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1\}"=Sonic Activation Module\par
"\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2\}"=EarthLink Setup Files\par
"\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C\}"=AOLIcon\par
"\{6D52C408-B09A-4520-9B18-475B81D393F1\}"=Microsoft Works\par
"\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7\}"=Microsoft Plus! Digital Media Edition Installer\par
"\{7299052b-02a4-4627-81f2-1818da5d550d\}"=Microsoft Visual C++ 2005 Redistributable\par
"\{748F4870-8350-11D3-B0BF-080009FB4A19\}"=HP Share-to-Web\par
"\{74F7662C-B1DB-489E-A8AC-07A06B24978B\}"=Dell System Restore\par
"\{7ADE3A47-B425-45E9-8FF6-11BE2B775645\}"=Corel Snapfire Plus\par
"\{91CA0409-6000-11D3-8CFE-0150048383C9\}"=Microsoft Office Small Business Edition 2003\par
"\{95F9D960-C571-11D0-90F0-00001B1EFBA8\}"=QuickBooks 2001\par
"\{A06275F4-324B-4E85-95E6-87B2CD729401\}"=Windows Defender\par
"\{A49F249F-0C91-497F-86DF-B2585E8E76B7\}"=Microsoft Visual C++ 2005 Redistributable\par
"\{AB708C9B-97C8-4AC9-899B-DBF226AC9382\}"=Roxio RecordNow Audio\par
"\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B\}"=Dell Media Experience\par
"\{AC76BA86-7AD7-1033-7B44-A81200000003\}"=Adobe Reader 8.1.2\par
"\{B1182355-1464-4B43-8986-031A86808495\}"=Event Planner\par
"\{B12665F4-4E93-4AB4-B7FC-37053B524629\}"=Roxio RecordNow Copy\par
"\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C\}"=Adobe ActiveShare 1.5\par
"\{B702CCCE-3176-4DBF-B932-D1B8F402F330\}"=Digital Content Portal\par
"\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1\}"=Microsoft .NET Framework 1.1\par
"\{CEE2252C-4035-4B27-8EC6-0B085DD3A413\}"=Dell Support 3.2.1\par
"\{D2988E9B-C73F-422C-AD4B-A66EBE257120\}"=MCU\par
"\{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE\}"=Canon PhotoRecord\par
"\{DBEA1034-5882-4A88-8033-81C4EF0CFA29\}"=Google Toolbar for Internet Explorer\par
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX\par
"AOL Toolbar 5.0"=\par
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)\par
"CANONBJ_Deinstall_CNMCP64.DLL"=Canon PIXMA iP4000\par
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint\par
"Easytoon 1.9.5"=Easytoon 1.9.5\par
"Easy-WebPrint"=Easy-WebPrint\par
"Family Feud"=Family Feud (remove only)\par
"FaxTalk Communicator 4.5"=FaxTalk Communicator 4.5\par
"Google Desktop"=Google Desktop\par
"HijackThis"=HijackThis 2.0.2\par
"HP PrecisionScan LTX"=HP PrecisionScan LTX\par
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs\par
"ie7"=Windows Internet Explorer 7\par
"InstallShield_\{231F68F4-70E4-41A6-BEDA-7E7934169B54\}"=Maxtor OneTouch\par
"iPod Copy Expert_is1"=iPod Copy Expert 3.1.2\par
"iPod To Computer Transfer_is1"=iPod To Computer Transfer 3.5\par
"kb940157"=Windows Search 4.0\par
"Macromedia Shockwave Player"=Macromedia Shockwave Player\par
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1\par
"Monopoly"=Monopoly (remove only)\par
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP\par
"MSNINST"=MSN\par
"MXOFX"=USB Storage Adapter FX (MXO)\par
"MySpaceIM"=MySpaceIM\par
"NAV"=Norton AntiVirus\par
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs\par
"NVIDIA Drivers"=NVIDIA Drivers\par
"RealArcade 1.2"=RealArcade\par
"RealPlayer 6.0"=RealPlayer\par
"SoftwareUpdUtility"=Download Updater (AOL LLC)\par
"Solitaire Master 4"=Solitaire Master 4\par
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6\par
"ViewpointMediaPlayer"=Viewpoint Media Player\par
"WebPost"=Microsoft Web Publishing Wizard 1.52\par
"Windows Media Format Runtime"=Windows Media Format 11 runtime\par
"Windows Media Player"=Windows Media Player 11\par
"Windows XP Service Pack"=Windows XP Service Pack 3\par
"WMFDist11"=Windows Media Format 11 runtime\par
"wmp11"=Windows Media Player 11\par
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0\par
"Yahoo! Companion"=Yahoo! Toolbar\par
"Yahoo! Mail"=Yahoo! Internet Mail\par
"Yahoo! Messenger"=Yahoo! Messenger\par
"YInstHelper"=Yahoo! Install Manager\par
\par
========== HKEY_CURRENT_USER Uninstall List ==========\par
\par
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer\par
"Sprint Digital Lounge"=Sprint Digital Lounge\par
\par
========== Last 10 Event Log Errors ==========\par
\par
[ Application Events ]\par
Error - 2008-11-28 18:07:08 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512\par
Description = Windows cannot unload your registry file. The memory used by the registry\par
has not been freed. This is often caused by services running as a user account,\par
try configuring the services to run in either the LocalService or NetworkService\par
account. If this problem persists, contact your administrator. DETAIL - Insufficient\par
system resources exist to complete the requested service. \par
\par
Error - 2008-11-28 18:13:51 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512\par
Description = Windows cannot unload your registry file. The memory used by the registry\par
has not been freed. This is often caused by services running as a user account,\par
try configuring the services to run in either the LocalService or NetworkService\par
account. If this problem persists, contact your administrator. DETAIL - Insufficient\par
system resources exist to complete the requested service. \par
\par
Error - 2008-12-02 11:49:54 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1000\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:53:13 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error\par
description: Access is denied. \par
\par
Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error\par
description: Catastrophic failure \par
\par
Error - 2008-12-02 21:54:37 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:54:41 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error\par
description: Access is denied. \par
\par
Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error\par
description: Catastrophic failure \par
\par
[ System Events ]\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7011\par
Description = Timeout (30000 milliseconds) waiting for a transaction response from\par
the NVSvc service.\par
\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
Error - 2008-12-02 11:54:46 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7034\par
Description = The NVIDIA Display Driver Service service terminated unexpectedly.\par
It has done this 1 time(s).\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023\par
Description = The Help and Support service terminated with the following error: \par
%%126\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023\par
Description = The Help and Support service terminated with the following error: \par
%%126\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
\par
< End of report >\par
}

Logged in as Administrator.\par

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 8:53 pm

\par
Current Boot Mode: Normal\par
Scan Mode: Current user\par
Whitelist: On\par
File Age = 30 Days\par
\par
========== File Associations ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\]\par
.reg [@ = regfile] -- regedit.exe "%1"\par
\par
========== Security Center Settings ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]\par
"FirstRunDisabled"=1\par
"AntiVirusDisableNotify"=0\par
"FirewallDisableNotify"=0\par
"UpdatesDisableNotify"=0\par
"AntiVirusOverride"=1\par
"FirewallOverride"=0\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\AhnlabAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ComputerAssociatesAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\KasperskyAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\McAfeeFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\PandaFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SophosAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecAntiVirus]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\SymantecFirewall]\par
"DisableMonitoring"=1\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TinyFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendAntiVirus]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\TrendFirewall]\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring\\ZoneLabsFirewall]\par
\par
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\par
"EnableFirewall"=1\par
"DoNotAllowExceptions"=0\par
"DisableNotifications"=0\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications]\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts]\par
\par
========== Authorized Applications List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]\par
"%windir%\\system32\\sessmgr.exe"=%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\par
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL\par
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL\par
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\par
File not found -- C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]\par
"%windir%\\system32\\sessmgr.exe"=%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\par
[2006-10-23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL\par
[2006-10-23 07:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL\par
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\par
File not found -- C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0\par
[2007-10-08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\1171071908\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components\par
[2007-08-30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger\par
[2007-08-30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server\par
File not found -- C:\\Program Files\\Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody Media Player\par
[2008-03-30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes\par
File not found -- C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client\par
[2008-08-23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer\par
File not found -- C:\\Program Files\\Tams11\\Games\\Spades\\spades.exe:*:Enabled:spades\par
[2008-04-13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.] Transfer Program\par
File not found -- C:\\WINDOWS\\LMI789.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-06-03 00:36:06 | 00,039,264 | ---- | M] (AOL, LLC.) -- C:\\AOL 9.1\\waol.exe:*:Enabled:AOL\par
[2007-04-02 07:33:32 | 00,063,120 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed\par
[2005-07-11 16:35:18 | 00,011,352 | ---- | M] (America Online, Inc.) -- C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader\par
[2007-09-17 08:02:47 | 00,206,176 | ---- | M] (AOL LLC) -- C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information\par
[2008-04-13 19:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console\par
File not found -- C:\\WINDOWS\\LMID58.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2007-01-01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk\par
File not found -- C:\\WINDOWS\\LMI6B1.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-09-29 01:35:23 | 02,499,928 | ---- | M] (Symantec Corporation) -- C:\\Documents and Settings\\Owner\\7zS6B2.tmp\\SymNRT.exe:*:Enabled:Norton Removal Tool\par
File not found -- C:\\WINDOWS\\LMI31.tmp\\lmi_rescue.exe:*:Enabled:LogMeIn Rescue\par
[2008-04-17 18:27:00 | 09,117,696 | ---- | M] () -- C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM\par
\par
========== (O18) Protocol Handlers ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\]\par
ipp: [HKLM - No CLSID value]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL ipp\\0x00000001:\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAMON.BINDER]\par
msdaipp: [HKLM - No CLSID value]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\0x00000001:\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAMON.BINDER]\par
[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\System\\Ole DB\\MSDAIPP.DLL msdaipp\\oledb:\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61\} (HKLM) [HKLM - MSDAIPP.BINDER]\par
[2006-06-04 18:18:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\Information Retrieval\\msitss.dll (ms-itss:\{0A9007C0-4076-11D3-8789-0000F8105754\} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])\par
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\11\\OWC11.DLL (mso-offdap11:\{32505114-5902-49B2-880A-1F7738E5A384\} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])\par
\par
========== (O18) Protocol Filters ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\] - Protocol Filters\par
[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\MSOXMLMF.DLL text/xml:\{807553E5-5146-11D5-A672-00B0D022E945\} (HKLM) [Reg Error: Value does not exist or could not be read.]\par
\par
========== HKEY_LOCAL_MACHINE Uninstall List ==========\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"\{02DFF6B1-1654-411C-8D7B-FD6052EF016F\}"=Apple Software Update\par
"\{075473F5-846A-448B-BCB3-104AA1760205\}"=Roxio RecordNow Data\par
"\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B\}"=Microsoft Plus! Photo Story 2 LE\par
"\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6\}"=Roxio DLA\par
"\{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD\}"=QuickTime\par
"\{1EA8F972-45F7-497D-8A03-F40F1A421099\}"=Hallmark Card Studio 3\par
"\{20c53fa2-4307-4671-a93f-9463b29dfcf1\}"=Symantec Technical Support Web Controls\par
"\{21657574-BD54-48A2-9450-EB03B2C7FC29\}"=Roxio MyDVD LE\par
"\{226b64e8-dc75-4eea-a6c8-abcb496320f2\}-Google Talk"=Google Talk (remove only)\par
"\{2318C2B1-4965-11d4-9B18-009027A5CD4F\}"=Google Toolbar for Internet Explorer\par
"\{231F68F4-70E4-41A6-BEDA-7E7934169B54\}"=Maxtor OneTouch\par
"\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31\}"=Rhapsody Player Engine\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160010\}"=Java(TM) SE Runtime Environment 6 Update 1\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160020\}"=Java(TM) 6 Update 2\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160030\}"=Java(TM) 6 Update 3\par
"\{3248F0A8-6813-11D6-A77B-00B0D0160050\}"=Java(TM) 6 Update 5\par
"\{33BB4982-DC52-4886-A03B-F4C5C80BEE89\}"=Windows Media Player 10\par
"\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227\}"=WebFldrs XP\par
"\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C\}"=URL Assistant\par
"\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54\}"=Dell CinePlayer\par
"\{44734179-8A79-4DEE-BB08-73037F065543\}"=Apple Mobile Device Support\par
"\{55B30AF2-7331-4436-9318-D9EA45A42F79\}"=The Print Shop 21\par
"\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B\}"=iTunes\par
"\{5AF8C46D-A141-4E69-9EB5-76A43ED29281\}"=Charter High Speed Internet Self-Installation Wizard\par
"\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1\}"=Sonic Activation Module\par
"\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2\}"=EarthLink Setup Files\par
"\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C\}"=AOLIcon\par
"\{6D52C408-B09A-4520-9B18-475B81D393F1\}"=Microsoft Works\par
"\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7\}"=Microsoft Plus! Digital Media Edition Installer\par
"\{7299052b-02a4-4627-81f2-1818da5d550d\}"=Microsoft Visual C++ 2005 Redistributable\par
"\{748F4870-8350-11D3-B0BF-080009FB4A19\}"=HP Share-to-Web\par
"\{74F7662C-B1DB-489E-A8AC-07A06B24978B\}"=Dell System Restore\par
"\{7ADE3A47-B425-45E9-8FF6-11BE2B775645\}"=Corel Snapfire Plus\par
"\{91CA0409-6000-11D3-8CFE-0150048383C9\}"=Microsoft Office Small Business Edition 2003\par
"\{95F9D960-C571-11D0-90F0-00001B1EFBA8\}"=QuickBooks 2001\par
"\{A06275F4-324B-4E85-95E6-87B2CD729401\}"=Windows Defender\par
"\{A49F249F-0C91-497F-86DF-B2585E8E76B7\}"=Microsoft Visual C++ 2005 Redistributable\par
"\{AB708C9B-97C8-4AC9-899B-DBF226AC9382\}"=Roxio RecordNow Audio\par
"\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B\}"=Dell Media Experience\par
"\{AC76BA86-7AD7-1033-7B44-A81200000003\}"=Adobe Reader 8.1.2\par
"\{B1182355-1464-4B43-8986-031A86808495\}"=Event Planner\par
"\{B12665F4-4E93-4AB4-B7FC-37053B524629\}"=Roxio RecordNow Copy\par
"\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C\}"=Adobe ActiveShare 1.5\par
"\{B702CCCE-3176-4DBF-B932-D1B8F402F330\}"=Digital Content Portal\par
"\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1\}"=Microsoft .NET Framework 1.1\par
"\{CEE2252C-4035-4B27-8EC6-0B085DD3A413\}"=Dell Support 3.2.1\par
"\{D2988E9B-C73F-422C-AD4B-A66EBE257120\}"=MCU\par
"\{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE\}"=Canon PhotoRecord\par
"\{DBEA1034-5882-4A88-8033-81C4EF0CFA29\}"=Google Toolbar for Internet Explorer\par
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX\par
"AOL Toolbar 5.0"=\par
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)\

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Fri Dec 05, 2008 8:53 pm

"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint\par
"Easytoon 1.9.5"=Easytoon 1.9.5\par
"Easy-WebPrint"=Easy-WebPrint\par
"Family Feud"=Family Feud (remove only)\par
"FaxTalk Communicator 4.5"=FaxTalk Communicator 4.5\par
"Google Desktop"=Google Desktop\par
"HijackThis"=HijackThis 2.0.2\par
"HP PrecisionScan LTX"=HP PrecisionScan LTX\par
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs\par
"ie7"=Windows Internet Explorer 7\par
"InstallShield_\{231F68F4-70E4-41A6-BEDA-7E7934169B54\}"=Maxtor OneTouch\par
"iPod Copy Expert_is1"=iPod Copy Expert 3.1.2\par
"iPod To Computer Transfer_is1"=iPod To Computer Transfer 3.5\par
"kb940157"=Windows Search 4.0\par
"Macromedia Shockwave Player"=Macromedia Shockwave Player\par
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1\par
"Monopoly"=Monopoly (remove only)\par
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP\par
"MSNINST"=MSN\par
"MXOFX"=USB Storage Adapter FX (MXO)\par
"MySpaceIM"=MySpaceIM\par
"NAV"=Norton AntiVirus\par
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs\par
"NVIDIA Drivers"=NVIDIA Drivers\par
"RealArcade 1.2"=RealArcade\par
"RealPlayer 6.0"=RealPlayer\par
"SoftwareUpdUtility"=Download Updater (AOL LLC)\par
"Solitaire Master 4"=Solitaire Master 4\par
"The Weather Channel Desktop 6"=The Weather Channel Desktop 6\par
"ViewpointMediaPlayer"=Viewpoint Media Player\par
"WebPost"=Microsoft Web Publishing Wizard 1.52\par
"Windows Media Format Runtime"=Windows Media Format 11 runtime\par
"Windows Media Player"=Windows Media Player 11\par
"Windows XP Service Pack"=Windows XP Service Pack 3\par
"WMFDist11"=Windows Media Format 11 runtime\par
"wmp11"=Windows Media Player 11\par
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0\par
"Yahoo! Companion"=Yahoo! Toolbar\par
"Yahoo! Mail"=Yahoo! Internet Mail\par
"Yahoo! Messenger"=Yahoo! Messenger\par
"YInstHelper"=Yahoo! Install Manager\par
\par
========== HKEY_CURRENT_USER Uninstall List ==========\par
\par
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]\par
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer\par
"Sprint Digital Lounge"=Sprint Digital Lounge\par
\par
========== Last 10 Event Log Errors ==========\par
\par
[ Application Events ]\par
Error - 2008-11-28 18:07:08 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512\par
Description = Windows cannot unload your registry file. The memory used by the registry\par
has not been freed. This is often caused by services running as a user account,\par
try configuring the services to run in either the LocalService or NetworkService\par
account. If this problem persists, contact your administrator. DETAIL - Insufficient\par
system resources exist to complete the requested service. \par
\par
Error - 2008-11-28 18:13:51 | Computer Name = DGXLCBC1 | Source = Userenv | ID = 1512\par
Description = Windows cannot unload your registry file. The memory used by the registry\par
has not been freed. This is often caused by services running as a user account,\par
try configuring the services to run in either the LocalService or NetworkService\par
account. If this problem persists, contact your administrator. DETAIL - Insufficient\par
system resources exist to complete the requested service. \par
\par
Error - 2008-12-02 11:49:54 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1000\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:53:13 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error\par
description: Access is denied. \par
\par
Error - 2008-12-02 21:53:22 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error\par
description: Catastrophic failure \par
\par
Error - 2008-12-02 21:54:37 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-02 21:54:41 | Computer Name = DGXLCBC1 | Source = Application Error | ID = 1004\par
Description = Faulting application nvsvc32.exe, version 6.14.10.9148, faulting module\par
version.dll, version 5.1.2600.5512, fault address 0x00001e71.\par
\par
Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error\par
description: Access is denied. \par
\par
Error - 2008-12-03 12:13:41 | Computer Name = DGXLCBC1 | Source = WinDefendRtp | ID = 3003\par
Description = %%827 Real-Time Protection checkpoint has encountered an error and\par
failed to start. User: DGXLCBC1\\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error\par
description: Catastrophic failure \par
\par
[ System Events ]\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7011\par
Description = Timeout (30000 milliseconds) waiting for a transaction response from\par
the NVSvc service.\par
\par
Error - 2008-12-02 11:49:40 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
Error - 2008-12-02 11:54:46 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7034\par
Description = The NVIDIA Display Driver Service service terminated unexpectedly.\par
It has done this 1 time(s).\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023\par
Description = The Help and Support service terminated with the following error: \par
%%126\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-02 21:54:39 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7000\par
Description = The MCSTRM service failed to start due to the following error: %%2\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7023\par
Description = The Help and Support service terminated with the following error: \par
%%126\par
\par
Error - 2008-12-03 12:14:48 | Computer Name = DGXLCBC1 | Source = Service Control Manager | ID = 7026\par
Description = The following boot-start or system-start driver(s) failed to load:\par
nvatabus nvraid\par
\par
\par
< End of report >\par
}

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Fri Dec 05, 2008 8:58 pm

Why did you run OTViewIt?

But on the other hand, you may have helped us figure out why your net connection cut out.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sat Dec 06, 2008 12:59 am

So, you think you know what is wrong with computer??? Is it good or bad? Is is something I can fix?

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus??? Help!

Post by Belahzur on Sat Dec 06, 2008 1:06 am

Hello.
Maybe, we just need to figure out what's causing it.
I will ask one of our techs to take a peek at this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus??? Help!

Post by sara on Sat Dec 06, 2008 1:13 am

The computer I had been working on and downloading and transferring files started doing the same thing...I noticed during the night the computer had restarted and I could no longer connect to internet. It is trying to use a dial up connection. Also, earlier that night I downloaded security updates from microsoft. I really would appreciate any help you can give!! Thanks

sara
Novice
Novice

Posts Posts : 40
Joined Joined : 2008-12-02
OS OS : windows xp
Points Points : 29260
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum