|
| ||
| Cant Load Symantec Antivirus Hi Guys, I was recently Infected with the BestsellerAntivirus spyware. Since then my Symantec Norton Antivirus 10.1.6.6000 wouldn't load on start up. Please help me as I think the BestsellerAntivirus in still on my system although my AntiSpyware detects nothing. When I manually load Norton and scan my PC, halfway trough is says "Norton has detected and error and needs to be closed" . My AntiSpyware and Norton is up to date. Need Help Desperately ! ! ! ! ! Regards, gpompeus |
| ||
| Re: Cant Load Symantec Antivirus ==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected. Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera. Close ATF. ==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan? -select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan. Post the log it produces here with a hijackthis scan log.. ==download hijackthis: http://www.majorgeeks.com/download5554.html -install it to a new folder alongside your program files and then... rename hijackthis .exe to imabunny.exe -in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis. -click the Scan and Save a Logfile button. Post the log here. |
| ||
| Re: Cant Load Symantec Antivirus Dear gerbil, Thank you so much for replying, as requested I followed your Instructions and please find below results of the online scan and the hijackthis file. Activscan: Incident ------- Status ------- Location Potentially unwanted tool:application/mywebsearch ------- Not disinfected ------- hkey_current_user\software\MyWebSearch Potentially unwanted tool:application/funweb ------- Not disinfected ------- hkey_local_machine\software\Fun Web Products Potentially unwanted tool:Application/RealSpy ------- Not disinfected ------- C:\WINDOWS\system32\actskn45.ocx Virus:Trj/Hupigon.JUM ------- Disinfected ------- C:\WINDOWS\system32\windowsplug.exe Highjackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:48:06 PM, on 10/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\Manager\fdm.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\BitTorrent\bittorrent.exe C:\New Folder\imabunny.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ie/...rch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.corp.du.ae:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Manager\iefdmcks.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O2 - BHO: Flash Module - {F0CBF6F9-4471-4257-ABC4-BCE4EF2ED5ED} - btasv.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] -"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] -HDAShCut.exe O4 - HKLM\..\Run: [vptray] -C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SoundMAXPnP] -C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NI.UGA6P_0001_N115M0110] "C:\Downloads\Software\install_en.exe" -nag O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com O4 - HKLM\..\Run: [{9B-BD-DF-F9-ZN}] C:\windows\system32\kndsregq.exe OLI001 O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\BESTSE~1\ugcw.exe" -start O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [SMSystemAnalyzer] -"C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1188026698453 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188026417015 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.du.ae O17 - HKLM\Software\..\Telephony: DomainName = corp.du.ae O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.du.ae O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.du.ae O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = corp.du.ae O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Adobe LM Service - Unknown owner - --"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - --C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - --"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - --"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Unknown owner - --"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - --"C:\Program Files\Symantec AntiVirus\DefWatch.exe" (file missing) O23 - Service: FLEXnet Licensing Service - Unknown owner - --"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing) O23 - Service: hpqwmiex - Unknown owner - --C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (file missing) O23 - Service: Machine Debug Manager (MDM) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - --"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - --C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - --"C:\Program Files\CyberLink\Shared Files\RichVideo.exe" (file missing) O23 - Service: SAVRoam (SavRoam) - Unknown owner - --"C:\Program Files\Symantec AntiVirus\SavRoam.exe" (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - --"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (file missing) O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - --"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (file missing) O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - --"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" (file missing) O23 - Service: Symantec AntiVirus - Unknown owner - --"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (file missing) -- End of file - 14091 bytes Hope this information is enough to resolve the problem Thanks again gpompeus |
| ||
| Re: Cant Load Symantec Antivirus Great.... Those O17 entries have meaning for you, I assume? - DomainName = corp.du.ae? ==Check the properties of this one- C:\WINDOWS\system32\actskn45.ocx -if it is not one you want then we shall delete it below. Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked. R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Flash Module - {F0CBF6F9-4471-4257-ABC4-BCE4EF2ED5ED} - btasv.dll (file missing) O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com O4 - HKLM\..\Run: [{9B-BD-DF-F9-ZN}] C:\windows\system32\kndsregq.exe OLI001 O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\COMMON~1\BESTSE~1\ugcw.exe" -start O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - ==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe ==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way. Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner. [For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..] - Now for Combofix: to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply. A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. =Delete these files: C:\WINDOWS\system32\actskn45.ocx C:\WINDOWS\Config\lsass.exe C:\windows\system32\kndsregq.exe =Delete this folder: C:\Program Files\Common Files\BestsellerAntivirus\ Fine, now post the combofix log with a fresh hijackthis scan, please. |
| ||
| Re: Cant Load Symantec Antivirus Dear gerbil, Thanks again, did exactly as you requested... ComboFix Log: ComboFix 07-10-12.4 - IUSR_WINCLT 2007-10-15 9:34:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.500 [GMT 4:00] Running from: C:\Documents and Settings\IUSR_WINCLT\Desktop\ComboFix.exe * Created a new restore point . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\Gavin.Pompeus\Application Data\addon.dat C:\Documents and Settings\Gavin.Pompeus\Application Data\addon.dat C:\Documents and Settings\Gavin.Pompeus\Application Data\macromedia\Flash Player\iforex.com C:\Documents and Settings\Gavin.Pompeus\Application Data\macromedia\Flash Player\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Gavin.Pompeus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Gavin.Pompeus\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol . ((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))) . 2007-10-15 09:33 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-15 09:31 <DIR> d-------- C:\Program Files\CCleaner 2007-10-14 22:12 <DIR> d-------- C:\New Folder 2007-10-14 21:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-14 18:53 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2007-10-14 16:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-14 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-14 15:09 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-10-14 13:58 <DIR> d-------- C:\Program Files\uTorrent 2007-10-14 13:58 <DIR> d-------- C:\Documents and Settings\IUSR_WINCLT\Application Data\uTorrent 2007-10-14 13:50 15,647,060 --a------ C:\ZoneAlarm Pro 7.0 + Working Serials.zip 2007-10-14 10:31 <DIR> d-------- C:\Documents and Settings\IUSR_WINCLT\Application Data\BitTorrent 2007-10-14 10:30 <DIR> d-------- C:\Program Files\BitTorrent_DNA 2007-10-14 10:30 <DIR> d-------- C:\Program Files\BitTorrent 2007-10-14 10:30 <DIR> d-------- C:\Documents and Settings\IUSR_WINCLT\Application Data\BitTorrent DNA 2007-10-13 20:43 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-10-13 20:43 <DIR> d-------- C:\Documents and Settings\IUSR_WINCLT\Application Data\PC Tools 2007-10-13 20:43 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-13 20:43 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-13 20:43 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-13 20:43 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-13 20:42 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-13 18:16 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com 2007-10-13 14:43 13,894 ---hs---- C:\WINDOWS\system32\ilnmp.ini2 2007-10-13 13:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-13 13:46 <DIR> d-------- C:\Documents and Settings\IUSR_WINCLT\Application Data\SUPERAntiSpyware.com 2007-10-13 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-13 13:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-10-13 13:22 6,465 ---hs---- C:\WINDOWS\system32\ilnmp.bak2 2007-10-13 13:11 6,465 ---hs---- C:\WINDOWS\system32\ilnmp.bak1 2007-10-13 13:02 158,432 --a------ C:\WINDOWS\system32\d2d7e210.sys 2007-10-13 12:59 40,832 --a------ C:\WINDOWS\system32\conf.dat 2007-10-13 12:59 1 --a------ C:\WINDOWS\system32\rc.dat 2007-10-13 12:59 1 --a------ C:\WINDOWS\system32\ps1.dat 2007-10-13 12:59 1 --a------ C:\WINDOWS\system32\cookie1.dat 2007-10-13 12:57 <DIR> d-------- C:\WINDOWS\Web Download 2007-10-12 12:32 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-10-12 11:23 201,920 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2007-10-12 11:23 196,608 --a------ C:\WINDOWS\system32\SynCtrl.dll 2007-10-12 11:23 163,840 --a------ C:\WINDOWS\system32\SynCOM.dll 2007-10-12 11:23 143,360 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2007-10-12 11:23 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll 2007-10-11 17:05 <DIR> d-------- C:\Program Files\Google 2007-10-10 14:30 <DIR> d-------- C:\Documents and Settings\IUSR_WINCLT\dwhelper 2007-10-09 22:37 <DIR> d-------- C:\Software 2007-10-09 20:59 <DIR> d-------- C:\Documents and Settings\IUSR_WINCLT\Application Data\dvdcss 2007-10-07 13:24 <DIR> d-------- C:\Documents and Settings\Gavin.Pompeus\Application Data\vlc 2007-10-06 23:42 <DIR> d-------- C:\Documents and Settings\IUSR_WINCLT\Application Data\vlc 2007-10-05 23:07 <DIR> d-------- C:\Program Files\VideoLAN 2007-10-05 15:32 <DIR> d-------- C:\Program Files\Winamp 2007-10-05 12:29 126,976 -ra------ C:\WINDOWS\system32\V0100Vfw.dll 2007-10-05 12:29 91,155 -ra------ C:\WINDOWS\system32\drivers\V0100Vid.sys 2007-10-05 12:29 69,632 -ra------ C:\WINDOWS\system32\V0100Sti.dll 2007-10-05 12:29 65,536 -ra------ C:\WINDOWS\system32\CtCamMgr.dll 2007-10-05 12:29 49,152 -ra------ C:\WINDOWS\system32\V0100Hwx.dll 2007-10-05 12:29 36,864 -ra------ C:\WINDOWS\system32\V0100Pin.dll 2007-10-05 12:29 20,480 -ra------ C:\WINDOWS\V0100Cfg.exe 2007-10-05 12:29 20,480 -ra------ C:\WINDOWS\system32\V0100Srv.exe 2007-10-04 09:55 <DIR> d-------- C:\Program Files\DirectVobSub 2007-10-03 17:43 <DIR> d-------- C:\Program Files\ATI 2007-10-03 10:53 <DIR> d-------- C:\Program Files\Siemens Subscriber Networks 2007-10-03 10:53 50,934 --------- C:\WINDOWS\system32\drivers\vvpciusb.sys 2007-10-03 10:53 50,911 --------- C:\WINDOWS\system32\drivers\vvbususb.sys 2007-10-03 10:53 28,857 --------- C:\WINDOWS\system32\drivers\enethusb.sys 2007-10-03 10:53 15,332 --------- C:\WINDOWS\system32\drivers\vvbeth.sys 2007-10-03 10:53 15,309 --------- C:\WINDOWS\system32\drivers\vvbetht.sys 2007-10-01 11:30 120,483 --a------ C:\WINDOWS\File Renamer - Basic Uninstaller.exe 2007-09-28 20:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-09-28 20:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 20:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-09-28 20:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2007-09-28 20:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-09-24 18:00 274,432 --a------ C:\WINDOWS\TLCUninstall.exe 2007-09-21 00:06 91,392 --a------ C:\WINDOWS\system32\drivers\commsym.sys 2007-09-20 18:41 <DIR> d-------- C:\WINDOWS\A4W_DATA 2007-09-20 18:41 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-15 05:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-15 05:10 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\Free Download Manager 2007-10-14 21:19 --------- d--h--w C:\Program Files\Microsoft Private Folder 1.0 2007-10-14 21:18 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-14 21:18 --------- d-----w C:\Program Files\Manager 2007-10-14 21:15 --------- d-----w C:\Program Files\File Renamer 2007-10-14 06:30 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\Azureus 2007-10-13 19:00 --------- d-----w C:\Program Files\Symantec 2007-10-11 19:59 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-10-07 13:58 --------- d-----w C:\Program Files\Java 2007-10-07 13:47 --------- d-----w C:\Documents and Settings\Gavin.Pompeus\Application Data\Azureus 2007-10-05 09:07 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\ATI 2007-10-04 16:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-04 16:28 --------- d-----w C:\Documents and Settings\Gavin.Pompeus\Application Data\ATI 2007-10-03 13:33 --------- d-----w C:\Program Files\DivX 2007-10-01 13:27 281,600 ----a-w C:\WINDOWS\system32\drivers\ADIHdAud.sys 2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-09-16 07:20 --------- d-----w C:\Documents and Settings\Gavin.Pompeus\Application Data\Free Download Manager 2007-09-08 12:47 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\iolo 2007-09-08 06:42 --------- d-----w C:\Program Files\Microsoft.NET 2007-09-07 10:49 --------- d-----w C:\Program Files\HPQ 2007-09-06 06:02 --------- d-----w C:\Program Files\Window 2007-09-06 06:01 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\Actual Tools 2007-09-01 07:54 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\Credential Manager 2007-08-25 19:57 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\URSoft 2007-08-25 06:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-08-25 06:00 --------- d-----w C:\Program Files\Common Files\Adobe 2007-08-24 05:31 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\Download Manager 2007-08-23 13:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-08-23 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-08-22 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-08-22 11:45 --------- d-----w C:\Documents and Settings\IUSR_WINCLT\Application Data\Mobile Master 2007-08-22 11:21 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2007-08-22 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-08-21 19:18 --------- d-----w C:\Documents and Settings\Gavin.Pompeus\Application Data\iolo 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-16 18:38 --------- d-----w C:\Documents and Settings\Gavin.Pompeus\Application Data\uTorrent 2007-08-15 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo 2007-08-15 14:55 --------- d-----w C:\Program Files\iolo 2007-08-08 12:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll 2007-08-02 14:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll 2007-08-02 14:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll 2007-07-30 15:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 15:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 15:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 15:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 15:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 15:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 15:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 15:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 15:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-27 11:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll 2007-07-27 11:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll 2007-07-27 07:13 87,608 ----a-w C:\Documents and Settings\IUSR_WINCLT\Application Data\ezpinst.exe 2007-07-27 07:13 47,360 ----a-w C:\Documents and Settings\IUSR_WINCLT\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="-C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [] "High Definition Audio Property Page Shortcut"="-HDAShCut.exe" [] "vptray"="-C:\PROGRA~1\SYMANT~1\VPTray.exe" [] "SoundMAXPnP"="-C:\Program Files\Analog Devices\Core\smax4pnp.exe" [] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 00:47] "NI.UGA6P_0001_N115M0110"="C:\Downloads\Software\install_en.exe" [] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-13 21:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSystemAnalyzer"="-C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-10-14 10:30] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoAutoUpdate"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 22:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli AsWlnPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=add_admins.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4011074587-1879700149-1645015419-10098\Scripts\Logon\0\0] "Script"=net_drives.cmd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearFlix] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessMon] C:\Program Files\WirelessMon\WirelessMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzz_ImInstaller_Magentic] C:\DOCUME~1\IUSR_W~1\LOCALS~1\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product Magentic -skip_dialog language [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "IOLO_SRV"=2 (0x2) "ioloDMV"=2 (0x2) "idsvc"=3 (0x3) "Bonjour Service"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BearShare"="C:\Program Files\BearShare\BearShare.exe" /pause "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime R0 hpdskflt;HP Disk Filter Driver;C:\WINDOWS\system32\DRIVERS\hpdskflt.sys R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys R2 Wuser32;SMS Remote Control Agent;C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe R3 Accelerometer;Accelerometer;C:\WINDOWS\system32\DRIVERS\Accelerometer.sys R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500);C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys R3 kbstuff;SMS Virtual Keyboard;C:\WINDOWS\system32\DRIVERS\kbstuff5.sys R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys R3 prepdrvr;SMS Process Event Driver;\??\C:\WINDOWS\system32\CCM\prepdrv.sys R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};--\??\C:\Program Files\CyberLink\PowerDVD\000.fcl S2 LMIInfo;LogMeIn Kernel Information Provider;--\??\C:\Program Files\LogMeIn\x86\RaInfo.sys S3 COMMSYM;CommView/WiFi Driver by TamoSoft;C:\WINDOWS\system32\DRIVERS\commsym.sys S3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys S3 idisw2km;idisw2km;C:\WINDOWS\system32\DRIVERS\idisw2km.sys S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys S3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys S3 V0100VID;Creative WebCam Vista Pro;C:\WINDOWS\system32\DRIVERS\V0100Vid.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}] AutoRun\command - ntde1ect.com explore\Command - ntde1ect.com open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a7f1ece-e1d4-11db-b092-0018de3e65a7}] AutoRun\command - [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{15DA01DC-1327-AEEA-0003-020004040303}] C:\WINDOWS\wlnlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{19081054-F27C-28E3-0207-030202010102}] C:\WINDOWS\system32\windowsplug.exe . Contents of the 'Scheduled Tasks' folder "2007-10-12 13:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-15 09:36:23 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-15 9:37:17 . --- E O F --- New Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:43:04 AM, on 10/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\New Folder\imabunny.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ie/...rch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.corp.du.ae:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Manager\iefdmcks.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] -"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] -HDAShCut.exe O4 - HKLM\..\Run: [vptray] -C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SoundMAXPnP] -C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NI.UGA6P_0001_N115M0110] "C:\Downloads\Software\install_en.exe" -nag O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [SMSystemAnalyzer] -"C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1188026698453 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188026417015 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.du.ae O17 - HKLM\Software\..\Telephony: DomainName = corp.du.ae O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.du.ae O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.du.ae O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = corp.du.ae O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Adobe LM Service - Unknown owner - --"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Unknown owner - --C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - --"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - --"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Unknown owner - --"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" (file missing) O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - --"C:\Program Files\Symantec AntiVirus\DefWatch.exe" (file missing) O23 - Service: FLEXnet Licensing Service - Unknown owner - --"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing) O23 - Service: hpqwmiex - Unknown owner - --C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (file missing) O23 - Service: Machine Debug Manager (MDM) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - --"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - --"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - --C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - --"C:\Program Files\CyberLink\Shared Files\RichVideo.exe" (file missing) O23 - Service: SAVRoam (SavRoam) - Unknown owner - --"C:\Program Files\Symantec AntiVirus\SavRoam.exe" (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - --"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (file missing) O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - --"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (file missing) O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - --"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" (file missing) O23 - Service: Symantec AntiVirus - Unknown owner - --"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (file missing) -- End of file - 13056 bytes TC gpompeus |
| ||
| Re: Cant Load Symantec Antivirus ...and this?: Those O17 entries have meaning for you, I assume? - DomainName = corp.du.ae? Do you know that domain? I ask only because it is a bit rare..... Just a couple of things to tidy up, but first a query of your sys: ==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt __________________________________________________________ reg query "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}" /s >C:\showkey.txt reg query "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844}" /s >> C:\showkey.txt reg query "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{19081054-F27C-28E3-0207-030202010102}" /s >> C:\showkey.txt start C:\showkey.txt __________________________________________________________ Re Norton/Symantec, all the startup entries have disappeared... you will have to start it manually and reset the default options - I am not familiar with its interface now so you will need to explore it, but just ensure that settings for autostart with windows are selected [it may require reinstallation to achieve this?] |
| ||
| Re: Cant Load Symantec Antivirus corp.du.ae is the company I work for so thats ok. I will try to navigate through the Norton setting right now. showkey log : ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7} BaseClass REG_SZ Drive _AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F01000101EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000009060000 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell <NO NAME> REG_SZ Open HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\Autoplay MUIVerb REG_SZ @shell32.dll,-8504 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\Autoplay\DropTarget CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\AutoRun Extended REG_SZ HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\AutoRun\command <NO NAME> REG_SZ ntde1ect.com HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\explore HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\explore\Command <NO NAME> REG_SZ ntde1ect.com HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\open HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\open\Command <NO NAME> REG_SZ ntde1ect.com HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\open\Default <NO NAME> REG_SZ 1 ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844} BaseClass REG_SZ Drive _AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F01000101EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000009010000 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844}\Shell <NO NAME> REG_SZ AutoRun HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844}\Shell\Autoplay MUIVerb REG_SZ @shell32.dll,-8504 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844}\Shell\Autoplay\DropTarget CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844}\Shell\AutoRun <NO NAME> REG_SZ Auto&Play HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844}\Shell\AutoRun\command <NO NAME> REG_SZ C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{19081054-F27C-28E3-0207-030202010102} StubPath REG_SZ C:\WINDOWS\system32\windowsplug.exe |
| ||
| Re: Cant Load Symantec Antivirus Ok, thanks for that domain info. Did you run Superantispyware; did it clear a vundo infection for you? =This next removes registry traces; the first 3 are for a quite new bit of malware ntde1ect.com, the last is for that virus that Panda cleaned.... ==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as delkey.bat, as type "all files", to your desktop; dclick it to run. __________________________________________________________ reg delete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\AutoRun\command" /va /f reg delete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\explore\Command" /va /f reg delete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3704f0-604b-11dc-b1d5-0018de3e65a7}\Shell\open\Command" /va /f reg delete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef15fcc-6aa2-11dc-b1ee-001641b8e844}\Shell\AutoRun\command" /va /f reg delete "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{19081054-F27C-28E3-0207-030202010102}" /va /f __________________________________________________________ =Use msconfig to remove an old startup entry for Google Web accelerator. [go Start, run msconfig, startup tab...] ..and that is about it, but for your re-establishing startup entries for Symantec. Do let me know how that goes. |
| ||
| Re: Cant Load Symantec Antivirus Thanks gerbil for all your help, I did use Superantispyware first, it showed quit a few infected files, cant recall if anyone of those were vundo infections. Also I tried to search for the Norton Default setting option, but so far No luck. Will I be able to enable it from the gpedit.msc??? |
| ||
| Re: Cant Load Symantec Antivirus Heh! Please don't question me too closely on Norton - I have not used it in ages! If you cannot find any settings to control its startup options I think you are facing reinstalling it over itself, and then updating from the website. I use AVG AV - it gives settings to enable/disable its various components but there is no option to set it to start or not at sys startup. In msconfig and other startup control applications there is the option to select whether it does start, but there is no way to write that option in if it is missing.... apart from reinstalling it, of course. I suggest you go Start, run msconfig, startup tab and see if Norton is represented there... |
| All times are GMT -4. The time now is 6:43 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC