RetouchPRO

Go Back   RetouchPRO > Tools > Hardware
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read


Hardware Computers, displays, tablets, scanners, cameras, printers, etc.

Virus

Reply
 
Thread Tools
  #11  
Old 12-22-2007, 06:16 AM
skydog's Avatar
skydog skydog is offline
Senior Member
 
Join Date: Jan 2006
Location: Carolina
Posts: 1,294
Re: Virus

ComboFix 07-12-21.4 - Dad 2007-12-22 7:03:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1050 [GMT -5:00]
Running from: C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\QPV9AMJN\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\rhhaiofb.dat
C:\WINDOWS\system32\dsauthg.dll
C:\WINDOWS\Tasks.\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KDARJMBC
-------\LEGACY_RXIZZUXA
-------\LEGACY_ZBKRFHCQ
-------\kdarjmbc
-------\rxizzuxa
-------\zbkrfhcq


((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-20 22:22 . 2007-12-20 22:22 <DIR> d-------- C:\Documents and Settings\Dad\Lightroom
2007-12-20 09:44 . 2007-12-21 15:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-20 09:44 . 2007-12-20 09:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-20 09:44 . 2007-12-20 09:44 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\SUPERAntiSpyware.com
2007-12-20 09:44 . 2007-12-20 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-20 09:30 . 2007-12-22 06:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-20 09:21 . 2007-12-20 09:22 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-20 09:18 . 2007-12-20 09:18 <DIR> d-------- C:\Program Files\Microsoft Easy Assist
2007-12-20 07:53 . 2007-12-20 07:53 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2007-12-20 07:38 . 2007-12-20 07:39 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\AdwareAlert
2007-12-19 19:31 . 2007-12-19 19:31 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\iolo
2007-12-19 19:31 . 2007-12-19 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-19 19:31 . 2007-12-19 19:31 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-19 19:12 . 2007-12-19 19:12 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-19 18:54 . 2007-12-19 18:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-19 18:37 . 2004-08-03 23:14 359,040 --a------ C:\WINDOWS\tcpip.sy_
2007-12-19 18:10 . 2003-04-11 05:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2007-12-19 18:10 . 2003-04-11 04:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-19 16:25 . 2007-12-19 16:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-12-19 13:29 . 2007-12-19 13:29 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-19 06:41 . 2007-12-19 06:41 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-19 06:41 . 2007-12-19 06:41 741,632 --a------ C:\WINDOWS\system32\qtijcbnr.dat
2007-12-19 06:41 . 2007-12-19 06:41 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-19 06:41 . 2007-12-19 06:41 119,552 --a------ C:\WINDOWS\system32\plqiiten.dat
2007-12-19 06:41 . 2007-12-19 06:41 42,240 --a------ C:\WINDOWS\system32\ocuygllh.dat
2007-12-19 06:41 . 2007-12-19 06:41 36,096 --a------ C:\WINDOWS\system32\wowwmiqt.dat
2007-12-19 06:41 . 2007-12-19 06:41 35,072 --a------ C:\WINDOWS\system32\yxanswll.dat
2007-12-19 06:30 . 2007-12-19 06:30 28 --a------ C:\WINDOWS\DustKleen.INI
2007-12-19 06:20 . 2007-12-19 06:20 1,396 --a------ C:\WINDOWS\system32\wpa.bak
2007-12-18 23:34 . 2004-08-04 07:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2007-12-18 23:34 . 2004-08-04 07:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2007-12-18 23:34 . 2004-08-04 07:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2007-12-18 23:34 . 2004-08-04 07:00 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime
2007-12-18 23:34 . 2004-08-04 07:00 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime
2007-12-18 23:34 . 2004-08-04 07:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2007-12-18 23:34 . 2004-08-04 07:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2007-12-18 23:32 . 2004-08-04 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-18 23:31 . 2004-08-04 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2007-12-18 23:30 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-18 23:29 . 2007-12-18 23:29 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-18 23:28 . 2007-12-18 23:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-18 23:28 . 2007-12-18 23:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-18 23:28 . 2007-12-18 23:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-18 23:28 . 2007-12-18 23:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-18 22:05 . 2004-08-03 23:04 134,912 --a------ C:\WINDOWS\ipnat.sy_
2007-12-16 11:31 . 2007-12-16 11:31 12,288 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-15 12:05 . 2007-12-15 12:05 119,552 --a------ C:\WINDOWS\system32\qhxosowh.dat
2007-12-15 11:59 . 2002-08-29 07:00 83,456 --a------ C:\WINDOWS\system32\dsauthg.dll.bak
2007-11-23 08:05 . 2007-11-24 10:11 156 --a------ C:\WINDOWS\Twunk001.MTX
2007-11-23 08:05 . 2007-11-24 10:11 4 --a------ C:\WINDOWS\Twain001.Mtx
2007-11-23 08:05 . 2007-11-23 08:05 0 --a------ C:\WINDOWS\Twunk002.MTX
2007-11-22 21:54 . 2004-08-04 02:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-11-22 21:54 . 2004-08-04 02:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 12:10 6,533,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-22 12:09 78,656 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-21 20:17 --------- d-----w C:\Documents and Settings\Dad\Application Data\LumaPix
2007-12-21 20:04 279,334 ----a-w C:\WINDOWS\FotoFusionV4 Uninstaller.exe
2007-12-21 20:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-21 13:00 --------- d-----w C:\Documents and Settings\Dad\Application Data\AVG7
2007-12-19 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-16 12:42 --------- d-----w C:\Documents and Settings\Other\Application Data\AVG7
2007-11-24 13:00 --------- d-----w C:\Documents and Settings\Dad\Application Data\Canon
2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 01:20 --------- d-----w C:\Documents and Settings\Dad\Application Data\Move Networks
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-19 19:12 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-19 19:12 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-03-03 21:44 C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 23:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 13:24]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 13:11]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 12:29]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2003-04-17 19:51]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 12:38 C:\WINDOWS\AGRSMMSG.exe]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 23:01]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-29 11:09]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 10:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 09:43]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 14:25]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 05:32]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-29 11:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [2007-07-16 17:49:52]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-07-19 21:09:11]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS [2002-12-18 10:03]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-19 18:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-11 21:19:07 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3923M2ZD7A.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet5100#MY3923M2ZD7A
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 07:12:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 7:13:47 - machine was rebooted
.
2007-12-22 08:00:49 --- E O F ---
Reply With Quote top
  #12  
Old 12-22-2007, 06:17 AM
skydog's Avatar
skydog skydog is offline
Senior Member
 
Join Date: Jan 2006
Location: Carolina
Posts: 1,294
Re: Virus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:33 AM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1184536128578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Giga Pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12236 bytes
Reply With Quote top
  #13  
Old 12-22-2007, 06:47 AM
skydog's Avatar
skydog skydog is offline
Senior Member
 
Join Date: Jan 2006
Location: Carolina
Posts: 1,294
Re: Virus

Gary...it appears the virus is gone. What exactly did combo fix do and what did it correct?

Swampy..you have an Apple...thank God I have Gary!

Actually, I need to replace my computer. It is ~ 5 years old and I'm concerned of a complete failure at some point. My concern with the apple is the cost of converting all of my software to the apple environment and how many of my applications will work in this environment. Any thoughts?

For those of you that use windows, what is the lastest on vista? Initially it received a lot of bad press like the recent launch of the Canon Mark III. Can most applications now run in this environment? Most of my friends say stick with XP.
Reply With Quote top
  #14  
Old 12-22-2007, 07:41 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: Virus

Hi Skydog,

Combofix was specifically written for removing the infection you had (plus some others) so is more effective than a general anti-virus or anti-malware programme. It does have a whole lot more functions than the simple scan and clean you used, but these are not for the use of the general public and need trained guidance to use. It is however a very powerful programme, and if used inappropriately can damage your computer. It is updated regularly to deal with the latest versions of the infections it targets, and for this reason the programme becomes inoperative after 10 days of it first being loaded to the server.

I do not recommend its use by untrained persons.

OK, most of the infection is removed, just a little cleaning up to do.

Download OTMoveIt by OldTimer to your Desktop.
  • Double click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
Quote:
C:\WINDOWS\system32\qtijcbnr.dat
C:\WINDOWS\system32\plqiiten.dat
C:\WINDOWS\system32\ocuygllh.dat
C:\WINDOWS\system32\wowwmiqt.dat
C:\WINDOWS\system32\yxanswll.dat
C:\WINDOWS\system32\qhxosowh.dat
C:\WINDOWS\system32\dsauthg.dll.bak
  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the programme.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
  • Post the log back here please.
  • Click Start > Run and type cleanmgr then click OK.
  • This will bring up the Disk Cleanup window.
  • Check the following entries.
    • Temporary Internet Files.
    • Recycle Bin.
    • Temporary Files.
  • Click OK.
  • When a prompt pops up click Yes.

I'd like you to do online scan with Kaspersky Online Scanner. Combofix is good at what it does, but it only targets certain functions, I'd like a general scan of your system to make sure there's nothing else hiding on it. Kaspersky is one of the best scanners, and has the advantage that it doesn't try to fix anything. It also gives a very good log which I'm familiar with.

Note: You must be using Internet Explorer as your browser as it will be necessary to install an Active X component to your computer.

Important If you have previously used Kaspersky Online Scanner (before 8th Aug 2006), you will have to uninstall the old version using Add/Remove Programs in Control Panel before you can use the new version.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK.
  • Now under select a target to scan select My Computer.
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

Summary of the logs I need from you in your next post:
  • OTMoveIt
  • Kaspersky


Please post each log separately to prevent them being cut off by the forum post size limiter.
Reply With Quote top
  #15  
Old 12-22-2007, 08:16 AM
Dave.Cox's Avatar
Dave.Cox Dave.Cox is offline
Senior Member
 
Join Date: Feb 2007
Location: GrandPrairie.TX
Posts: 536
Re: Virus

Post your question here.

http://forum.kaspersky.com/

Kaspersky.com specializes in protection and removals. Last time that I had a virus that I couldn't seem to remove, even with their own software, I searched this forum and found the answer in short order. You probably won't even have to ask, just search for current solutions.
Reply With Quote top
  #16  
Old 12-22-2007, 08:20 AM
skydog's Avatar
skydog skydog is offline
Senior Member
 
Join Date: Jan 2006
Location: Carolina
Posts: 1,294
Re: Virus

Gary...may be later today before I can get to this...what exactly do you do? Are computers a hobby or your job...your knowledge/experience amazes me...
Reply With Quote top
  #17  
Old 12-22-2007, 10:49 AM
skydog's Avatar
skydog skydog is offline
Senior Member
 
Join Date: Jan 2006
Location: Carolina
Posts: 1,294
Re: Virus

C:\WINDOWS\system32\qtijcbnr.dat moved successfully.
C:\WINDOWS\system32\plqiiten.dat moved successfully.
C:\WINDOWS\system32\ocuygllh.dat moved successfully.
C:\WINDOWS\system32\wowwmiqt.dat moved successfully.
C:\WINDOWS\system32\yxanswll.dat moved successfully.
C:\WINDOWS\system32\qhxosowh.dat moved successfully.
C:\WINDOWS\system32\dsauthg.dll.bak moved successfully.

Created on 12/22/2007 11:48:20
Reply With Quote top
  #18  
Old 12-22-2007, 12:45 PM
skydog's Avatar
skydog skydog is offline
Senior Member
 
Join Date: Jan 2006
Location: Carolina
Posts: 1,294
Re: Virus

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 22, 2007 1:36:23 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/12/2007
Kaspersky Anti-Virus database records: 491787
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 114551
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:24:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\Dad\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\~DF5510.tmp Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temp\~DF5544.tmp Object is locked skipped
C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dad\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dad\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Sony\Photo Server\db\vpdb.ldb Object is locked skipped
C:\Program Files\Sony\Photo Server\db\vpdb.mdb Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\rhhaiofb.dat.vir Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP19\change.log Object is locked skipped
C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP9\A0000068.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\PerfomanceOptimizerPre_Installer.exe Infected: not-a-virus:FraudTool.Win32.PerfomanceOptimizer.a skipped
C:\WINDOWS\Internet Logs\APPLE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETDC85.tmp Object is locked skipped
C:\WINDOWS\Temp\JETDDAE.tmp Object is locked skipped
C:\WINDOWS\Temp\ZLT019ca.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT019cd.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP19\change.log Object is locked skipped

Scan process completed.
Reply With Quote top
  #19  
Old 12-22-2007, 01:44 PM
plugsnpixels's Avatar
plugsnpixels plugsnpixels is offline
RetouchPRO LIVE Guest Artist
Patron
 
Join Date: Dec 2005
Location: LA area
Posts: 2,027
Re: Virus

Skydog, I run Windows on my Macs as needed, and it works just fine. Actually, it's extremely easy to keep drag-and-drop backups (the Windows environment is just a set of files whether you're using Boot Camp or Parallels), so if a virus ever did come to visit (which I haven't had happen yet), you simply replace your files with the most recent backup and continue on your way in the time it takes to copy them.

Then as time goes by, you can migrate your apps as you're able and leave this Windows virus nonsense behind!
Reply With Quote top
  #20  
Old 12-22-2007, 02:50 PM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: Virus

Hi skydog,

Quote:
Originally Posted by skydog
what exactly do you do? Are computers a hobby or your job...your knowledge/experience amazes me...
I assist at a couple of Malware Removal forums where I help people clear infections from their computers. With the increasing prevalance of Malware on the web these days we feel it's necessary for people to have somewhere to go when they need help. All helpers are volunteers, so yes, this is a kind of hobby for me. I've been doing it for about 3 years or so now.

http://malwareremoval.com
http://spywarewarrior.com
http://forums.whatthetech.com/forums.html

I was trained at the first of the sites listed above, which has a dedicated school for that kind of thing, I teach there now a little. I also moderate at the second forum. The third is just one I help out at.

OK, as far as I can see your computer looks pretty much clear now, just one more removal to make.
  • Double click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
Quote:
C:\WINDOWS\Downloaded Program Files\PerfomanceOptimizerPre_Installer.exe
  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the programme.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

No need to send me the log, have a look at the log, if the file moves OK, then do the following.
  • Double click OTMoveIt.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTMoveIt
  • Now delete OTMoveIt.exe (if present).

This will clean out the programmes we've installed for the Vundo removal, and all associated files.

If PerfomanceOptimizerPre_Installer.exe fails to be moved, let me know.
Reply With Quote top
Reply

  RetouchPRO > Tools > Hardware


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Still wondering about possible virus (What's .HQX?) Ed_L Salon 10 08-24-2004 08:45 PM
Do I have a virus? Ed_L Salon 15 07-22-2004 08:14 PM
I've got a virus! Ed_L Software 10 02-01-2003 12:31 PM
New Anti Virus Sanda Software 7 10-03-2002 04:16 PM
Virus Question jerry Salon 8 07-15-2002 02:36 PM


All times are GMT -6. The time now is 03:38 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2016 Doug Nelson. All Rights Reserved