View Full Version : Bar888.dll
I have stumbled onto a problem in my pc and have taken the liberty of running a scan with hijack this as well as running the smitfraud fix program. The logs for each are attached.
I am hoping someone can interpret these logs for me and point me in a direction to fix any problems associated with. Further to that, is there anyone that can tell me if the security of my pc has been compromised and to what level. I do use online banking, and am obviously concerned.
Logfile of HijackThis v1.99.1
Scan saved at 2:10:27 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\{800BB8A5-063B-1033-0503-051114200001}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\VIROBOTXP\VRMONNT.EXE
C:\PROGRAM FILES\VIROBOTXP\VRRES.EXE
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\PROGRA~1\Symantec\WinFax\wfxctl32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Todd\My Documents\Software Downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globeadvisor.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 172.18.143.47 atlas
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\adlnfxhx.dll",setvm
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [VrBootScan] C:\Program Files\ViRobotXP\VRBScan.exe
O4 - HKLM\..\Run: [{800BB8A5-063B-1033-0503-051114200001}] "C:\Program Files\Common Files\{800BB8A5-063B-1033-0503-051114200001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [{800BB8A5-063C-1033-0503-051114200001}] "C:\Program Files\Common Files\{800BB8A5-063C-1033-0503-051114200001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120499856765
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images/global/activex/StorefrontUpload19.CAB
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.globalhauri.com/Eng/online_up/vrupdate.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
SmitFraudFix v2.135
Scan done at 13:53:19.18, Fri 01/26/2007
Run from C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\svchosts.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Todd\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hi ToddH
Rename HijackThis.exe to HJT.exe and post a fresh HijackThis log, please :)
Hi ToddH
Rename HijackThis.exe to HJT.exe and post a fresh HijackThis log, please :)
Thanks for your time on this.
Logfile of HijackThis v1.99.1
Scan saved at 10:01:25 PM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\Common Files\{800BB8A5-063B-1033-0503-051114200001}\Update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\Documents and Settings\Todd\My Documents\Software Downloads\hijackthis\HJT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globeadvisor.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 172.18.143.47 atlas
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: (no name) - {455956BD-4D8C-3838-BA42-08C7248B5FC4} - C:\WINDOWS\system32\cwjpcwj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\gthcwqpt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: (no name) - {D8E67A7A-9E5D-4EED-A0FA-A40E4479E5A9} - C:\WINDOWS\system32\awtqq.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\adlnfxhx.dll",setvm
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [VrBootScan] C:\Program Files\ViRobotXP\VRBScan.exe
O4 - HKLM\..\Run: [{800BB8A5-063B-1033-0503-051114200001}] "C:\Program Files\Common Files\{800BB8A5-063B-1033-0503-051114200001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120499856765
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images/global/activex/StorefrontUpload19.CAB
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.globalhauri.com/Eng/online_up/vrupdate.cab
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Hi
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Send:
- a fresh HijackThis log
- combofix report
- vundofix report
[QUOTE=Shaba;66374]Hi
Logfile of HijackThis v1.99.1
Scan saved at 4:30:30 PM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Todd\My Documents\Software Downloads\hijackthis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globeadvisor.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: (no name) - {455956BD-4D8C-3838-BA42-08C7248B5FC4} - C:\WINDOWS\system32\cwjpcwj.dll (file missing)
O2 - BHO: (no name) - {4E51351E-943A-4784-B506-19F0D887CDAC} - C:\WINDOWS\system32\awtqq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\gthcwqpt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [VrBootScan] C:\Program Files\ViRobotXP\VRBScan.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ooewubxm.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120499856765
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images/global/activex/StorefrontUpload19.CAB
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.globalhauri.com/Eng/online_up/vrupdate.cab
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
I will have to post in separate reply's due to high character count.
[QUOTE=Shaba;66374]Hi
Combo fix log:
"Todd" - 07-01-28 16:04:47 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Todd\Desktop\PC trouble shooting"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\Program Files\Common Files\{300BB~2
C:\Program Files\Common Files\{300BB~1
C:\Program Files\Common Files\{800BB~2
C:\Program Files\winupdate
C:\Program Files\Common Files\{800BB~1
((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 ))))))))))))))))))))))))))))))))))
2007-01-28 16:12 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-28 16:11 88,340 --a------ C:\WINDOWS\system32\nestdfhd.exe
2007-01-28 16:11 <DIR> d-------- C:\Program Files\VSAdd-in
2007-01-28 16:03 729,127 ---hs---- C:\WINDOWS\system32\qqtwa.bak1
2007-01-28 16:03 118,804 --a------ C:\WINDOWS\system32\ooewubxm.dll
2007-01-28 15:28 <DIR> d-------- C:\VundoFix Backups
2007-01-26 13:53 4,226 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-26 13:51 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-26 13:51 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-26 13:51 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-26 13:51 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-26 13:51 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-26 13:51 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-25 11:37 76,412 --a------ C:\WINDOWS\system32\qyeelkph.dll
2007-01-23 10:33 90,112 --a------ C:\WINDOWS\system32\vruntar.dll
2007-01-23 10:33 860,672 --a------ C:\WINDOWS\system32\VrRes.dll
2007-01-23 10:33 86,016 --a------ C:\WINDOWS\system32\vrmem.dll
2007-01-23 10:33 72,704 --a------ C:\WINDOWS\system32\vrunace.dll
2007-01-23 10:33 71,559 --a------ C:\WINDOWS\system32\vrd.exe
2007-01-23 10:33 61,440 --a------ C:\WINDOWS\system32\vrunarj.dll
2007-01-23 10:33 58,880 --a------ C:\WINDOWS\system32\vrfil.sys
2007-01-23 10:33 573,440 --a------ C:\WINDOWS\system32\VrCfg.dll
2007-01-23 10:33 57,598 --a------ C:\WINDOWS\system32\vruncab.dll
2007-01-23 10:33 48,128 --a------ C:\WINDOWS\system32\VrDate.dll
2007-01-23 10:33 44,032 --a------ C:\WINDOWS\system32\vrungzip.dll
2007-01-23 10:33 425,984 --a------ C:\WINDOWS\system32\VrExpkor.dll
2007-01-23 10:33 40,025 --a------ C:\WINDOWS\system32\drivers\vrfil.sys
2007-01-23 10:33 32,768 --a------ C:\WINDOWS\system32\diskio.dll
2007-01-23 10:33 3,240,480 --a------ C:\WINDOWS\system32\drivers\vrcore.sys
2007-01-23 10:33 26,624 --a------ C:\WINDOWS\system32\vrboot.dll
2007-01-23 10:33 254,464 --a------ C:\WINDOWS\system32\vrunlzh.dll
2007-01-23 10:33 24,065 --a------ C:\WINDOWS\system32\vrecover.dll
2007-01-23 10:33 237,632 --a------ C:\WINDOWS\system32\VrSFil.dll
2007-01-23 10:33 20,184 --a------ C:\WINDOWS\system32\diskrw.dll
2007-01-23 10:33 196,674 --a------ C:\WINDOWS\system32\VrBack.dll
2007-01-23 10:33 184,383 --a------ C:\WINDOWS\system32\VrGetEn.dll
2007-01-23 10:33 180,736 --a------ C:\WINDOWS\system32\ViRobot.dll
2007-01-23 10:33 159,744 --a------ C:\WINDOWS\system32\DZIP32.DLL
2007-01-23 10:33 155,648 --a------ C:\WINDOWS\system32\vrunzip.dll
2007-01-23 10:33 126,976 --a------ C:\WINDOWS\system32\VrBootIn.dll
2007-01-23 10:33 119,296 --a------ C:\WINDOWS\system32\vrunrar.dll
2007-01-23 10:33 110,592 --a------ C:\WINDOWS\system32\vruncom.dll
2007-01-23 10:33 103,936 --a------ C:\WINDOWS\system32\vrrepair.dll
2007-01-23 10:33 1,782,592 --a------ C:\WINDOWS\system32\vrcore.sys
2007-01-23 10:33 1,404,096 --a------ C:\WINDOWS\system32\virobot.sys
2007-01-23 10:33 <DIR> d-------- C:\Program Files\ViRobotXP
2007-01-18 11:38 76,412 --a------ C:\WINDOWS\system32\vrmircci.dll
2007-01-14 11:35 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-14 08:35 <DIR> d-------- C:\DOCUME~1\Todd\.housecall6.6
2007-01-13 18:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-09 22:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-04 11:39 277,044 --------- C:\WINDOWS\system32\awtqq.dll
2007-01-04 11:34 72,704 --a------ C:\WINDOWS\system32\drvhoc.dll
2007-01-02 11:32 <DIR> d-------- C:\Program Files\Common Files\DataViz
2007-01-02 11:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DataViz
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-27 22:09 35132 --a------ C:\Documents and Settings\Todd\Application Data\wklnhst.dat
2007-01-26 22:53 -------- d-------- C:\Documents and Settings\Todd\Application Data\adobe
2007-01-24 20:51 -------- d-------- C:\Program Files\punch! pro - platinum
2007-01-23 10:33 -------- d--h----- C:\Program Files\installshield installation information
2007-01-20 23:05 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-13 18:21 -------- d-------- C:\Documents and Settings\Todd\Application Data\adobeum
2007-01-02 13:20 46449 --a------ C:\Documents and Settings\Todd\Application Data\act! 3.x, 4.x, 2000 contact manager for windows.adr
2007-01-02 13:12 -------- d-------- C:\Program Files\act
2007-01-02 11:38 -------- d-------- C:\Program Files\palmone
2007-01-02 11:37 -------- d-------- C:\Program Files\documents to go
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-29 21:09 -------- d-------- C:\Program Files\hewlett-packard
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-20 12:29 7526 --a------ C:\Program Files\deisl7.isu
2006-10-20 12:29 73 --a------ C:\Program Files\instinfo.ini
2006-10-13 10:09 700 --a------ C:\Program Files\hys.xls
2006-10-13 09:22 54045 --ah----- C:\Program Files\hys.gid
2006-10-13 06:31 7526 --a------ C:\Program Files\deisl6.isu
2006-10-10 12:28 4266038 --a------ C:\Program Files\gis_ccb.txt
2006-10-10 12:27 58616 --a------ C:\Program Files\compdata.txt
2006-10-10 12:27 3179413 --a------ C:\Program Files\funddata.txt
2006-10-10 12:27 1223669 --a------ C:\Program Files\descdata.txt
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"WinFaxAppPortStarter"="wfxsnt40.exe"
"dwStart"="C:\\Program Files\\PCSecurityShield\\The Shield Firewall\\FireWall.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Vrmon"="C:\\Program Files\\ViRobotXP\\vrmonnt.exe Main"
"VrSchedule"="C:\\Program Files\\ViRobotXP\\Vrres.exe"
"VrBootScan"="C:\\Program Files\\ViRobotXP\\VRBScan.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\ooewubxm.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DiamondView"="\"C:\\Program Files\\Manulife Financial\\Diamond View\\Diamondview.exe\" /background"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DiamondView"="\"C:\\Program Files\\Manulife Financial\\Diamond View\\Diamondview.exe\" /background"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoo32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\{D34E1956-9D8A-494A-B44B-EC45A84E9607}_D8W1KR71_Todd.job
Completion time: 07-01-28 16:18:10
VundoFix V6.3.4
Checking Java version...
Java version is 1.4.2.3
Scan started at 3:28:59 PM 1/28/2007
Listing files found while scanning....
C:\WINDOWS\system32\adlnfxhx.dll
C:\WINDOWS\system32\aprivcfq.exe
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\cwjpcwj.dll
C:\WINDOWS\system32\efyerkbo.dll
C:\WINDOWS\system32\gthcwqpt.dll
C:\WINDOWS\system32\plotlqyr.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.ini2
C:\WINDOWS\system32\qqtwa.tmp
C:\WINDOWS\system32\svacruac.dll
C:\WINDOWS\system32\vtusqon.dll
C:\WINDOWS\system32\xhxfnlda.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adlnfxhx.dll
C:\WINDOWS\system32\adlnfxhx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\aprivcfq.exe
C:\WINDOWS\system32\aprivcfq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtqq.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\cwjpcwj.dll
C:\WINDOWS\system32\cwjpcwj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efyerkbo.dll
C:\WINDOWS\system32\efyerkbo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gthcwqpt.dll
C:\WINDOWS\system32\gthcwqpt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\plotlqyr.dll
C:\WINDOWS\system32\plotlqyr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.ini2
C:\WINDOWS\system32\qqtwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qqtwa.tmp
C:\WINDOWS\system32\qqtwa.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\svacruac.dll
C:\WINDOWS\system32\svacruac.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtusqon.dll
C:\WINDOWS\system32\vtusqon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xhxfnlda.ini
C:\WINDOWS\system32\xhxfnlda.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.4
Checking Java version...
Java version is 1.4.2.3
Scan started at 3:38:00 PM 1/28/2007
Listing files found while scanning....
C:\WINDOWS\system32\gthcwqpt.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Hi
Go to start -> run
Type this in the box:
"%userprofile%\Desktop\PC trouble shooting\combofix.exe" /v awtqq
Follow the prompts and reboot
Send a fresh HijackThis log and a fresh combofix report
Here you go. Part 1 of 2
Logfile of HijackThis v1.99.1
Scan saved at 6:56:18 AM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Todd\My Documents\Software Downloads\hijackthis\HJT.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: (no name) - {455956BD-4D8C-3838-BA42-08C7248B5FC4} - C:\WINDOWS\system32\cwjpcwj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\gthcwqpt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [VrBootScan] C:\Program Files\ViRobotXP\VRBScan.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ooewubxm.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120499856765
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images/global/activex/StorefrontUpload19.CAB
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.globalhauri.com/Eng/online_up/vrupdate.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Part 2 of 2
"Todd" - 07-01-29 6:40:26 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Todd\Desktop\PC trouble shooting"
Command switches used :: /v awtqq
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.tmp
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))
2007-01-28 16:12 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-28 16:11 88,340 --a------ C:\WINDOWS\system32\nestdfhd.exe
2007-01-28 16:03 118,804 --a------ C:\WINDOWS\system32\ooewubxm.dll
2007-01-28 15:28 <DIR> d-------- C:\VundoFix Backups
2007-01-26 13:53 4,226 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-26 13:51 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-26 13:51 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-26 13:51 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-26 13:51 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-26 13:51 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-26 13:51 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-25 11:37 76,412 --a------ C:\WINDOWS\system32\qyeelkph.dll
2007-01-23 10:33 90,112 --a------ C:\WINDOWS\system32\vruntar.dll
2007-01-23 10:33 860,672 --a------ C:\WINDOWS\system32\VrRes.dll
2007-01-23 10:33 86,016 --a------ C:\WINDOWS\system32\vrmem.dll
2007-01-23 10:33 72,704 --a------ C:\WINDOWS\system32\vrunace.dll
2007-01-23 10:33 71,559 --a------ C:\WINDOWS\system32\vrd.exe
2007-01-23 10:33 61,440 --a------ C:\WINDOWS\system32\vrunarj.dll
2007-01-23 10:33 58,880 --a------ C:\WINDOWS\system32\vrfil.sys
2007-01-23 10:33 573,440 --a------ C:\WINDOWS\system32\VrCfg.dll
2007-01-23 10:33 57,598 --a------ C:\WINDOWS\system32\vruncab.dll
2007-01-23 10:33 48,128 --a------ C:\WINDOWS\system32\VrDate.dll
2007-01-23 10:33 44,032 --a------ C:\WINDOWS\system32\vrungzip.dll
2007-01-23 10:33 425,984 --a------ C:\WINDOWS\system32\VrExpkor.dll
2007-01-23 10:33 40,025 --a------ C:\WINDOWS\system32\drivers\vrfil.sys
2007-01-23 10:33 32,768 --a------ C:\WINDOWS\system32\diskio.dll
2007-01-23 10:33 3,238,496 --a------ C:\WINDOWS\system32\drivers\vrcore.sys
2007-01-23 10:33 26,624 --a------ C:\WINDOWS\system32\vrboot.dll
2007-01-23 10:33 254,464 --a------ C:\WINDOWS\system32\vrunlzh.dll
2007-01-23 10:33 24,065 --a------ C:\WINDOWS\system32\vrecover.dll
2007-01-23 10:33 237,632 --a------ C:\WINDOWS\system32\VrSFil.dll
2007-01-23 10:33 20,184 --a------ C:\WINDOWS\system32\diskrw.dll
2007-01-23 10:33 196,674 --a------ C:\WINDOWS\system32\VrBack.dll
2007-01-23 10:33 184,383 --a------ C:\WINDOWS\system32\VrGetEn.dll
2007-01-23 10:33 180,736 --a------ C:\WINDOWS\system32\ViRobot.dll
2007-01-23 10:33 159,744 --a------ C:\WINDOWS\system32\DZIP32.DLL
2007-01-23 10:33 155,648 --a------ C:\WINDOWS\system32\vrunzip.dll
2007-01-23 10:33 126,976 --a------ C:\WINDOWS\system32\VrBootIn.dll
2007-01-23 10:33 119,296 --a------ C:\WINDOWS\system32\vrunrar.dll
2007-01-23 10:33 110,592 --a------ C:\WINDOWS\system32\vruncom.dll
2007-01-23 10:33 103,936 --a------ C:\WINDOWS\system32\vrrepair.dll
2007-01-23 10:33 1,782,592 --a------ C:\WINDOWS\system32\vrcore.sys
2007-01-23 10:33 1,404,096 --a------ C:\WINDOWS\system32\virobot.sys
2007-01-23 10:33 <DIR> d-------- C:\Program Files\ViRobotXP
2007-01-18 11:38 76,412 --a------ C:\WINDOWS\system32\vrmircci.dll
2007-01-14 11:35 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-14 08:35 <DIR> d-------- C:\DOCUME~1\Todd\.housecall6.6
2007-01-13 18:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-09 22:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-04 11:34 72,704 --a------ C:\WINDOWS\system32\drvhoc.dll
2007-01-02 11:32 <DIR> d-------- C:\Program Files\Common Files\DataViz
2007-01-02 11:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DataViz
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-27 22:09 35132 --a------ C:\Documents and Settings\Todd\Application Data\wklnhst.dat
2007-01-26 22:53 -------- d-------- C:\Documents and Settings\Todd\Application Data\adobe
2007-01-24 20:51 -------- d-------- C:\Program Files\punch! pro - platinum
2007-01-23 10:33 -------- d--h----- C:\Program Files\installshield installation information
2007-01-20 23:05 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-13 18:21 -------- d-------- C:\Documents and Settings\Todd\Application Data\adobeum
2007-01-02 13:20 46449 --a------ C:\Documents and Settings\Todd\Application Data\act! 3.x, 4.x, 2000 contact manager for windows.adr
2007-01-02 13:12 -------- d-------- C:\Program Files\act
2007-01-02 11:38 -------- d-------- C:\Program Files\palmone
2007-01-02 11:37 -------- d-------- C:\Program Files\documents to go
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-29 21:09 -------- d-------- C:\Program Files\hewlett-packard
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-20 12:29 7526 --a------ C:\Program Files\deisl7.isu
2006-10-20 12:29 73 --a------ C:\Program Files\instinfo.ini
2006-10-13 10:09 700 --a------ C:\Program Files\hys.xls
2006-10-13 09:22 54045 --ah----- C:\Program Files\hys.gid
2006-10-13 06:31 7526 --a------ C:\Program Files\deisl6.isu
2006-10-10 12:28 4266038 --a------ C:\Program Files\gis_ccb.txt
2006-10-10 12:27 58616 --a------ C:\Program Files\compdata.txt
2006-10-10 12:27 3179413 --a------ C:\Program Files\funddata.txt
2006-10-10 12:27 1223669 --a------ C:\Program Files\descdata.txt
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"WinFaxAppPortStarter"="wfxsnt40.exe"
"dwStart"="C:\\Program Files\\PCSecurityShield\\The Shield Firewall\\FireWall.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Vrmon"="C:\\Program Files\\ViRobotXP\\vrmonnt.exe Main"
"VrSchedule"="C:\\Program Files\\ViRobotXP\\Vrres.exe"
"VrBootScan"="C:\\Program Files\\ViRobotXP\\VRBScan.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\ooewubxm.dll\",setvm"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DiamondView"="\"C:\\Program Files\\Manulife Financial\\Diamond View\\Diamondview.exe\" /background"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DiamondView"="\"C:\\Program Files\\Manulife Financial\\Diamond View\\Diamondview.exe\" /background"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoo32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VRFIL
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\{D34E1956-9D8A-494A-B44B-EC45A84E9607}_D8W1KR71_Todd.job
Completion time: 07-01-29 6:50:55
C:\ComboFix2.txt ... 07-01-28 16:18
Hi
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {455956BD-4D8C-3838-BA42-08C7248B5FC4} - C:\WINDOWS\system32\cwjpcwj.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\gthcwqpt.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ooewubxm.dll",setvm
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
Close all windows including browser and press fix checked.
Please download the Killbox (http://download.bleepingcomputer.com/spyware/KillBox.zip).
Unzip it to the desktop.
Please run Killbox.
Select "Delete on Reboot" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\nestdfhd.exe
C:\WINDOWS\system32\ooewubxm.dll
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..
If your computer does not restart automatically, please restart it manually.
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Re-run combofix (normally)
Send:
- a fresh HijackThis log
- combofix report
- kaspersky report
"Todd" - 07-01-29 17:39:13 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Todd\Desktop\PC trouble shooting"
((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))
2007-01-29 13:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-29 13:50 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-29 13:38 <DIR> d-------- C:\!KillBox
2007-01-29 13:07 1,694,992 --a------ C:\WINDOWS\system32\vba6.dll
2007-01-29 13:07 <DIR> d-------- C:\Program Files\Intuit
2007-01-29 12:47 <DIR> d-------- C:\QuickTax 2006
2007-01-28 16:12 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-28 15:28 <DIR> d-------- C:\VundoFix Backups
2007-01-26 13:53 4,226 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-26 13:51 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-26 13:51 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-26 13:51 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-26 13:51 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-26 13:51 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-26 13:51 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-25 11:37 76,412 --a------ C:\WINDOWS\system32\qyeelkph.dll
2007-01-23 10:33 90,112 --a------ C:\WINDOWS\system32\vruntar.dll
2007-01-23 10:33 860,672 --a------ C:\WINDOWS\system32\VrRes.dll
2007-01-23 10:33 86,016 --a------ C:\WINDOWS\system32\vrmem.dll
2007-01-23 10:33 72,704 --a------ C:\WINDOWS\system32\vrunace.dll
2007-01-23 10:33 71,559 --a------ C:\WINDOWS\system32\vrd.exe
2007-01-23 10:33 61,440 --a------ C:\WINDOWS\system32\vrunarj.dll
2007-01-23 10:33 58,880 --a------ C:\WINDOWS\system32\vrfil.sys
2007-01-23 10:33 573,440 --a------ C:\WINDOWS\system32\VrCfg.dll
2007-01-23 10:33 57,598 --a------ C:\WINDOWS\system32\vruncab.dll
2007-01-23 10:33 48,128 --a------ C:\WINDOWS\system32\VrDate.dll
2007-01-23 10:33 44,032 --a------ C:\WINDOWS\system32\vrungzip.dll
2007-01-23 10:33 425,984 --a------ C:\WINDOWS\system32\VrExpkor.dll
2007-01-23 10:33 40,025 --a------ C:\WINDOWS\system32\drivers\vrfil.sys
2007-01-23 10:33 32,768 --a------ C:\WINDOWS\system32\diskio.dll
2007-01-23 10:33 3,238,496 --a------ C:\WINDOWS\system32\drivers\vrcore.sys
2007-01-23 10:33 26,624 --a------ C:\WINDOWS\system32\vrboot.dll
2007-01-23 10:33 254,464 --a------ C:\WINDOWS\system32\vrunlzh.dll
2007-01-23 10:33 24,065 --a------ C:\WINDOWS\system32\vrecover.dll
2007-01-23 10:33 237,632 --a------ C:\WINDOWS\system32\VrSFil.dll
2007-01-23 10:33 20,184 --a------ C:\WINDOWS\system32\diskrw.dll
2007-01-23 10:33 196,674 --a------ C:\WINDOWS\system32\VrBack.dll
2007-01-23 10:33 184,383 --a------ C:\WINDOWS\system32\VrGetEn.dll
2007-01-23 10:33 180,736 --a------ C:\WINDOWS\system32\ViRobot.dll
2007-01-23 10:33 159,744 --a------ C:\WINDOWS\system32\DZIP32.DLL
2007-01-23 10:33 155,648 --a------ C:\WINDOWS\system32\vrunzip.dll
2007-01-23 10:33 126,976 --a------ C:\WINDOWS\system32\VrBootIn.dll
2007-01-23 10:33 119,296 --a------ C:\WINDOWS\system32\vrunrar.dll
2007-01-23 10:33 110,592 --a------ C:\WINDOWS\system32\vruncom.dll
2007-01-23 10:33 103,936 --a------ C:\WINDOWS\system32\vrrepair.dll
2007-01-23 10:33 1,782,592 --a------ C:\WINDOWS\system32\vrcore.sys
2007-01-23 10:33 1,404,096 --a------ C:\WINDOWS\system32\virobot.sys
2007-01-23 10:33 <DIR> d-------- C:\Program Files\ViRobotXP
2007-01-18 11:38 76,412 --a------ C:\WINDOWS\system32\vrmircci.dll
2007-01-14 11:35 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-14 08:35 <DIR> d-------- C:\DOCUME~1\Todd\.housecall6.6
2007-01-13 18:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-09 22:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-04 11:34 72,704 --a------ C:\WINDOWS\system32\drvhoc.dll
2007-01-02 11:32 <DIR> d-------- C:\Program Files\Common Files\DataViz
2007-01-02 11:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DataViz
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-29 13:09 -------- d--h----- C:\Program Files\installshield installation information
2007-01-29 13:08 -------- d-------- C:\Program Files\Common Files\intuit
2007-01-29 13:08 -------- d-------- C:\Program Files\Common Files\answerworks 4.0
2007-01-27 22:09 35132 --a------ C:\DOCUME~1\Todd\Application Data\wklnhst.dat
2007-01-26 22:53 -------- d-------- C:\DOCUME~1\Todd\Application Data\adobe
2007-01-24 20:51 -------- d-------- C:\Program Files\punch! pro - platinum
2007-01-20 23:05 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-13 18:21 -------- d-------- C:\DOCUME~1\Todd\Application Data\adobeum
2007-01-02 13:20 46449 --a------ C:\DOCUME~1\Todd\Application Data\act! 3.x, 4.x, 2000 contact manager for windows.adr
2007-01-02 13:12 -------- d-------- C:\Program Files\act
2007-01-02 11:38 -------- d-------- C:\Program Files\palmone
2007-01-02 11:37 -------- d-------- C:\Program Files\documents to go
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-29 21:09 -------- d-------- C:\Program Files\hewlett-packard
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-20 12:29 7526 --a------ C:\Program Files\deisl7.isu
2006-10-20 12:29 73 --a------ C:\Program Files\instinfo.ini
2006-10-13 10:09 700 --a------ C:\Program Files\hys.xls
2006-10-13 09:22 54045 --ah----- C:\Program Files\hys.gid
2006-10-13 06:31 7526 --a------ C:\Program Files\deisl6.isu
2006-10-10 12:28 4266038 --a------ C:\Program Files\gis_ccb.txt
2006-10-10 12:27 58616 --a------ C:\Program Files\compdata.txt
2006-10-10 12:27 3179413 --a------ C:\Program Files\funddata.txt
2006-10-10 12:27 1223669 --a------ C:\Program Files\descdata.txt
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"WinFaxAppPortStarter"="wfxsnt40.exe"
"dwStart"="C:\\Program Files\\PCSecurityShield\\The Shield Firewall\\FireWall.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Vrmon"="C:\\Program Files\\ViRobotXP\\vrmonnt.exe Main"
"VrSchedule"="C:\\Program Files\\ViRobotXP\\Vrres.exe"
"VrBootScan"="C:\\Program Files\\ViRobotXP\\VRBScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DiamondView"="\"C:\\Program Files\\Manulife Financial\\Diamond View\\Diamondview.exe\" /background"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DiamondView"="\"C:\\Program Files\\Manulife Financial\\Diamond View\\Diamondview.exe\" /background"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VRFIL
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\{D34E1956-9D8A-494A-B44B-EC45A84E9607}_D8W1KR71_Todd.job
Completion time: 07-01-29 17:44:24
C:\ComboFix2.txt ... 07-01-29 06:50
C:\ComboFix3.txt ... 07-01-28 16:18
Logfile of HijackThis v1.99.1
Scan saved at 5:46:40 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Todd\My Documents\Software Downloads\hijackthis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globeadvisor.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [VrBootScan] C:\Program Files\ViRobotXP\VRBScan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120499856765
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images/global/activex/StorefrontUpload19.CAB
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.globalhauri.com/Eng/online_up/vrupdate.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
KASPERSKY ONLINE SCANNER REPORT **Part 1 of 2**
Monday, January 29, 2007 5:37:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/01/2007
Kaspersky Anti-Virus database records: 263047
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 109488
Number of viruses found: 23
Number of infected objects: 69 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:42:33
Infected Object Name / Virus Name / Last Action
C:\!KillBox\nestdfhd.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\!KillBox\ooewubxm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\fyguvcjb.exe.bac_a02188 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.exe.bac_a02188/td.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.exe.bac_a02188/zgo.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.exe.bac_a02188 ZIP: infected - 2 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.exe.bac_a02188 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.zip.bac_a02188/Monopoly with serial - For Palm OS.exe/td.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.zip.bac_a02188/Monopoly with serial - For Palm OS.exe/zgo.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.zip.bac_a02188/Monopoly with serial - For Palm OS.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.zip.bac_a02188 ZIP: infected - 3 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\Monopoly with serial - For Palm OS.zip.bac_a02188 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\svchosts.exe.bac_a02188 Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\win396.tmp.exe.bac_a02188/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\win396.tmp.exe.bac_a02188 NSIS: infected - 1 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\win396.tmp.exe.bac_a02188 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\win79.tmp.exe.bac_a02188/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\win79.tmp.exe.bac_a02188 NSIS: infected - 1 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\win79.tmp.exe.bac_a02188 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\winC37.tmp.exe.bac_a02188/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\winC37.tmp.exe.bac_a02188 NSIS: infected - 1 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\winC37.tmp.exe.bac_a02188 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\winupdate.exe.bac_a02188 Infected: Trojan.Win32.Crypt.e skipped
C:\Documents and Settings\Todd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\~DF4842.tmp Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\~DF484D.tmp Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\~DFA33D.tmp Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\@@NUKED-Dataviz.Documents.To.Go.Premium.v9.000.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA.zip/@@NUKED-Dataviz.Documents.To.Go.Premium.v9.000.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA/Dataviz.Documents.To.Go.Premium.v9.001.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\@@NUKED-Dataviz.Documents.To.Go.Premium.v9.000.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\Astraware Yahtzee-Palm 1.20 serial keygen\Astraware Yahtzee-Palm 1.20.exe Infected: Trojan-Dropper.Win32.Small skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\Astraware Yahtzee-Palm 1.20 serial keygen.zip/Astraware Yahtzee-Palm 1.20.exe Infected: Trojan-Dropper.Win32.Small skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\Astraware Yahtzee-Palm 1.20 serial keygen.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\Docs to go 9\@@NUKED-Dataviz.Documents.To.Go.Premium.v9.000.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA\Dataviz.Documents.To.Go.Premium.v9.001.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Todd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Todd\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\PCSecurityShield\The Shield Firewall\files\NetTime.dat Object is locked skipped
C:\Program Files\PCSecurityShield\The Shield Firewall\files\UserPrivacy.dat Object is locked skipped
C:\Program Files\PCSecurityShield\The Shield Firewall\Run.bin Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFF Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFR Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFX Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP467\A0064424.dll Infected: not-a-virus:AdWare.Win32.PrintView.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP475\A0064972.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP540\A0071882.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072916.exe Infected: Trojan-Dropper.Win32.Agent.azk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP544\A0074227.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077264.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077265.dll Infected: Trojan-Spy.Win32.VBStat.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077266.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077267.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077269.dll Infected: Trojan-Spy.Win32.VBStat.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077290.exe Infected: Trojan-Downloader.Win32.PurityScan.dy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077292.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077293.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077336.exe Infected: Trojan.Win32.Agent.aap skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0077479.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0077491.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0077501.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0077526.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077596.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077597.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\change.log Object is locked skipped
C:\VundoFix Backups\adlnfxhx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\VundoFix Backups\awtqq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\cwjpcwj.dll.bad Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\VundoFix Backups\efyerkbo.dll.bad Infected: Trojan-Spy.Win32.VBStat.j skipped
C:\VundoFix Backups\gthcwqpt.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\plotlqyr.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\svacruac.dll.bad Infected: Trojan-Spy.Win32.VBStat.j skipped
Kaspersky report **Part 2 of 2**
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{983FCE45-4F87-4AC8-BCDD-4A78C710ECF7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3101.sys Object is locked skipped
C:\WINDOWS\system32\drvhoc.dll Infected: not-virus:Hoax.Win32.Renos.gi skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ksocsbk.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\WINDOWS\system32\qyeelkph.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\sfbsmbrk.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\WINDOWS\system32\vrmircci.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\tmp00001f58\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hi
Empty these folders:
C:\!KillBox
C:\Documents and Settings\Todd\.housecall6.6\Quarantine\
C:\VundoFix Backups\
Delete these:
C:\WINDOWS\system32\drvhoc.dll
C:\WINDOWS\system32\ksocsbk.dll
C:\WINDOWS\system32\qyeelkph.dll
C:\WINDOWS\system32\sfbsmbrk.exe
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\@@NUKED-Dataviz.Documents.To.Go.Premium.v9.000.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA.zip
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\Astraware Yahtzee-Palm 1.20 serial keygen.zip
C:\Documents and Settings\Todd\My Documents\Software Downloads\Palm Downloads\Docs to go 9\@@NUKED-Dataviz.Documents.To.Go.Premium.v9.000.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA\Dataviz.Documents.To.Go.Premium.v9.001.WinALL.PalmOS5.Regged.Read.NFO-BiNPDA.exe
Empty Recycle Bin
Re-scan with kaspersky
Send:
- a fresh HijackThis log
- kaspersky report
I have removed all but the following:
C:\WINDOWS\system32\drvhoc.dll
C:\WINDOWS\system32\ksocsbk.dll
C:\WINDOWS\system32\qyeelkph.dll
C:\WINDOWS\system32\sfbsmbrk.exe
I cannot find this location on my pc. I have asked the search engine to find system32 and it returned with 6 items although none were in C:\Windows folder.
I also searched:
drvhoc.dll - system didn't find it.
ksocsbk.dll - system didn't find it.
qyeelkph.dll - system didn't find it.
sfbsmbrk.exe - system didn't find it.
Suggestions??
Hi
Those might be hidden, KillBox will delete them.
Please run Killbox.
Select "Delete on Reboot" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\drvhoc.dll
C:\WINDOWS\system32\ksocsbk.dll
C:\WINDOWS\system32\qyeelkph.dll
C:\WINDOWS\system32\sfbsmbrk.exe
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..
If your computer does not restart automatically, please restart it manually.
Empty this folder:
C:\!KillBox
Empty Recycle Bin
Re-scan with kaspersky
Send:
- a fresh HijackThis log
- kaspersky report
Logfile of HijackThis v1.99.1
Scan saved at 12:32:19 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Todd\My Documents\Software Downloads\hijackthis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globeadvisor.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [VrBootScan] C:\Program Files\ViRobotXP\VRBScan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120499856765
O16 - DPF: {D4328549-2B43-40D5-BBF8-77D6EEA60412} (StorefrontUpload.BulkImageUpload1) - http://www.ldphotostation.com/images/global/activex/StorefrontUpload19.CAB
O16 - DPF: {D9701E87-A34D-11D4-BE29-000102598CE4} (VrUpdate Control) - http://download.globalhauri.com/Eng/online_up/vrupdate.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 30, 2007 12:31:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/01/2007
Kaspersky Anti-Virus database records: 263508
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 108267
Number of viruses found: 18
Number of infected objects: 38 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:45:22
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\History\History.IE5\MSHist012007013020070131\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\~DFECD7.tmp Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\~DFFE26.tmp Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\~DFFE31.tmp Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Todd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Todd\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\PCSecurityShield\The Shield Firewall\files\NetTime.dat Object is locked skipped
C:\Program Files\PCSecurityShield\The Shield Firewall\files\UserPrivacy.dat Object is locked skipped
C:\Program Files\PCSecurityShield\The Shield Firewall\Run.bin Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFF Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFR Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFX Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP475\A0064972.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP540\A0071882.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072907.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP541\A0072916.exe Infected: Trojan-Dropper.Win32.Agent.azk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP544\A0074227.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077264.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077265.dll Infected: Trojan-Spy.Win32.VBStat.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077266.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077267.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077269.dll Infected: Trojan-Spy.Win32.VBStat.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077290.exe Infected: Trojan-Downloader.Win32.PurityScan.dy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077292.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077293.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0077336.exe Infected: Trojan.Win32.Agent.aap skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0077491.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077596.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077597.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077614.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077633.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077664.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077665.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077668.dll Infected: not-virus:Hoax.Win32.Renos.gi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077669.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077670.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077671.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077683.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077684.dll Infected: not-virus:Hoax.Win32.Renos.gi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077685.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0077686.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{80198D23-DD3A-494D-AF22-BCCB3C34CB70}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd3101.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\vrmircci.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hi
One more left :)
Rest are in system restore and these aren't viruses:
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Todd\My Documents\Software Downloads\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
Delete this:
C:\WINDOWS\system32\vrmircci.dll
Empty Recycle Bin
If you can't find it, make you hidden and system files visible -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html and try again
How are things running now?
I have deleted C:\WINDOWS\system32\vrmircci.dll and emptied the recycle bin.
Things are running much better now thank you. Your time and help is very greatly appreciated. Please tell me how to show my thanks for your efforts.
Todd H :2thumb:
Can you also tell me how I was infected? What would you suggest for protection (ie. Kaspersky)? Is there anyway you were able to determine if someone was able to access information on my pc while infected?
Hi
If you like to thank, consired donating (http://www.spybot.info/en/donate/index.html)
There was no that kind of infections which would able to access information on my pc while infected
You're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdtion Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Go here (http://java.sun.com/javase/downloads/index.jsp) and download and install JRE 6.0. Click the link that says Download JRE 6.0 . You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-6-windows-i586.exe to start the install. Once you have it installed, click Start>Run, type in appwiz.cpl and hit Enter. From the list, uninstall J2SE Runtime Environment 4.2 Update 3.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.