View Full Version : Computer infected, darksma, vundo, chisynelgeneric, etc.
Please help! My EZ antivirus has detected viruses, yet I can't find anything to remove them. I am also experiencing problems with my browser while my firewall is set on its highest mode (EZ Firewall). I cannot connect to the internet at all unless I am running on a medium mode.
I also apologize beforehand because I am really clueless to most of this.
Here is the log from EZ antivirus:
2007/01/13 11:43:48.343 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\APPFKGC2\2_z[1].htm is JS/CVE-2006-3730!exploit trojan. Deleted
2007/01/13 11:43:50.671 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\APPFKGC2\2_z[1].htm is JS/CVE-2006-3730!exploit trojan.
2007/01/13 11:43:52.625 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\APPFKGC2\2_z[1].htm is JS/CVE-2006-3730!exploit trojan.
2007/01/13 11:44:17.937 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\APPFKGC2\3_z[1].htm is JS/MS05-054!exploit trojan.
2007/01/30 19:16:20.437 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\CXYFCD2Z\index[1].htm is HTML/HelpControl!exploit trojan.
2007/01/31 18:03:38.734 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\OHERM4RB\index[1].htm is HTML/HelpControl!exploit trojan.
2007/02/13 17:33:27.812 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:27.921 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:27.937 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:27.968 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:28.015 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:28.046 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:28.078 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:28.140 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:28.171 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/13 17:33:28.203 File infection: C:\DOCUME~1\Matt\LOCALS~1\Temp\nsr10.tmp\sxs.dll is Win32/Nuvens!generic trojan.
2007/02/17 02:49:09.609 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\AZ6365G7\2_z[1].htm is JS/MS05-054!exploit trojan. Deleted
2007/02/17 02:49:10.515 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\AZ6365G7\2_z[1].htm is JS/MS05-054!exploit trojan.
2007/02/17 02:49:10.531 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\AZ6365G7\2_z[1].htm is JS/MS05-054!exploit trojan.
2007/02/17 02:49:42.500 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\AZ6365G7\3_z[1].htm is JS/MS05-054!exploit trojan.
2007/05/27 03:22:31.734 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\7F15XDXY\2[2].jpg is Win32/MS07-017!exploit trojan.
2007/05/27 03:23:23.921 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\7F15XDXY\2[1].jpg is Win32/MS07-017!exploit trojan.
2007/05/27 03:23:25.328 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\7F15XDXY\2[1].jpg is Win32/MS07-017!exploit trojan.
2007/05/27 03:23:25.515 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\7F15XDXY\2[2].jpg is Win32/MS07-017!exploit trojan.
2007/05/27 03:44:56.421 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\7F15XDXY\2[1].jpg is Win32/MS07-017!exploit trojan.
2007/05/27 03:44:56.953 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\7F15XDXY\2[2].jpg is Win32/MS07-017!exploit trojan.
2007/05/27 03:44:57.281 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\7F15XDXY\2[2].jpg is Win32/MS07-017!exploit trojan.
2007/05/27 03:44:57.531 File infection: C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\7F15XDXY\2[1].jpg is Win32/MS07-017!exploit trojan.
2007/05/27 17:10:34.953 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\mshtml2.exe is Win32/Clspring!generic trojan.
2007/05/27 17:10:35.906 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\mshtml2.exe is Win32/Clspring!generic trojan.
2007/05/27 17:10:36.781 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\mshtml2.exe is Win32/Clspring!generic trojan.
2007/05/27 17:11:26.781 File infection: C:\WINDOWS\SYSTEM32\T4\d5ll.exe is Win32/Tesllar.A trojan. Deleted
2007/05/27 17:11:29.890 File infection: C:\WINDOWS\SYSTEM32\T4\d5ll.exe is Win32/Tesllar.A trojan.
2007/05/27 17:11:30.015 File infection: C:\WINDOWS\SYSTEM32\T4\d5ll.exe is Win32/Tesllar.A trojan.
2007/05/27 17:11:30.296 File infection: C:\Program Files\MSN Gaming Zone\laduxa.dll is Win32/Zquest.E trojan. Deleted
2007/05/27 17:11:31.093 File infection: C:\Program Files\MSN Gaming Zone\laduxa.dll is Win32/Zquest.E trojan.
2007/05/27 17:11:31.265 File infection: C:\Program Files\MSN Gaming Zone\laduxa.dll is Win32/Zquest.E trojan.
2007/05/27 17:11:35.562 File infection: C:\WINDOWS\uabeezc.exe is Win32/SillyDl.CTT trojan. Deleted
2007/05/27 17:11:35.765 File infection: C:\WINDOWS\uabeezc.exe is Win32/SillyDl.CTT trojan.
2007/05/27 17:11:35.843 File infection: C:\WINDOWS\uabeezc.exe is Win32/SillyDl.CTT trojan.
2007/05/27 17:11:35.843 File infection: C:\WINDOWS\uabeezc.exe is Win32/SillyDl.CTT trojan.
2007/05/27 17:11:35.859 File infection: C:\WINDOWS\uabeezc.exe is Win32/SillyDl.CTT trojan.
2007/05/27 17:11:35.953 File infection: C:\WINDOWS\uabeezc.exe is Win32/SillyDl.CTT trojan.
2007/05/27 17:11:37.218 File infection: C:\WINDOWS\uabeezc.exe is Win32/SillyDl.CTT trojan.
2007/05/27 17:11:38.718 File infection: C:\WINDOWS\offun.exe is Win32/Notiex.F trojan. Deleted
2007/05/27 17:11:38.734 File infection: C:\WINDOWS\offun.exe is Win32/Notiex.F trojan.
2007/05/28 00:55:03.593 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\npfffqnr.dll is Win32/Darksma.X trojan. Deleted
2007/05/28 00:55:03.859 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\npfffqnr.dll is Win32/Darksma.X trojan.
2007/05/28 00:55:03.968 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\npfffqnr.dll is Win32/Darksma.X trojan.
2007/05/28 11:58:31.859 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\gfvfnruj.dll is Win32/Vundo.CR trojan. Deleted
2007/05/28 11:58:33.031 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\gfvfnruj.dll is Win32/Vundo.CR trojan.
2007/05/28 11:58:36.296 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\gfvfnruj.dll is Win32/Vundo.CR trojan.
2007/05/28 12:44:42.562 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\yopmpwmh.dll is Win32/Darksma.X trojan. Deleted
2007/05/28 12:44:42.671 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\yopmpwmh.dll is Win32/Darksma.X trojan.
2007/05/28 12:44:42.765 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\yopmpwmh.dll is Win32/Darksma.X trojan.
2007/05/28 12:50:46.687 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\llamddjh.dll is Win32/Vundo.CR trojan. Deleted
2007/05/28 12:50:46.984 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\llamddjh.dll is Win32/Vundo.CR trojan.
2007/05/28 12:50:47.000 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\llamddjh.dll is Win32/Vundo.CR trojan.
2007/05/29 21:26:56.734 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\bwiypmwe.dll is Win32/Vundo.CR trojan. Deleted
2007/05/29 21:26:58.328 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\bwiypmwe.dll is Win32/Vundo.CR trojan.
2007/05/29 21:26:58.562 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\bwiypmwe.dll is Win32/Vundo.CR trojan.
2007/05/29 21:28:46.937 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\aidypyvk.dll is Win32/Darksma.X trojan. Deleted
2007/05/29 21:28:47.296 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\aidypyvk.dll is Win32/Darksma.X trojan.
2007/05/29 21:28:47.296 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\aidypyvk.dll is Win32/Darksma.X trojan.
2007/05/29 22:09:31.716 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\sgiedcbo.dll is Win32/Darksma.X trojan. Deleted
2007/05/29 22:09:31.857 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\sgiedcbo.dll is Win32/Darksma.X trojan.
2007/05/29 22:09:31.857 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\sgiedcbo.dll is Win32/Darksma.X trojan.
2007/05/29 22:10:11.341 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\onwnlibx.dll is Win32/Vundo.CR trojan. Deleted
2007/05/29 22:10:11.513 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\onwnlibx.dll is Win32/Vundo.CR trojan.
2007/05/29 22:10:11.544 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\onwnlibx.dll is Win32/Vundo.CR trojan.
2007/05/30 17:42:36.343 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\uapcljqh.dll is Win32/Darksma.X trojan. Deleted
2007/05/30 17:42:37.578 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\uapcljqh.dll is Win32/Darksma.X trojan.
2007/05/30 17:42:38.468 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\uapcljqh.dll is Win32/Darksma.X trojan.
2007/05/30 17:43:47.218 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\idigybjh.dll is Win32/Vundo.CR trojan. Deleted
2007/05/30 17:43:47.671 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\idigybjh.dll is Win32/Vundo.CR trojan.
2007/05/30 17:43:47.687 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\idigybjh.dll is Win32/Vundo.CR trojan.
2007/05/30 17:43:58.453 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\hslfdolc.dll is Win32/Vundo.CR trojan. Deleted
2007/05/30 17:43:58.468 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\hslfdolc.dll is Win32/Vundo.CR trojan.
2007/05/30 17:43:58.484 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\hslfdolc.dll is Win32/Vundo.CR trojan.
2007/05/30 17:44:03.328 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\vyxgaklh.dll is Win32/Darksma.X trojan. Deleted
2007/05/30 17:44:03.343 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\vyxgaklh.dll is Win32/Darksma.X trojan.
2007/05/30 17:44:03.359 File infection: C:\DOCUME~1\Amy\LOCALS~1\Temp\vyxgaklh.dll is Win32/Darksma.X trojan.
2007/05/30 19:04:40.156 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\mtulljes.dll is Win32/Darksma.X trojan. Deleted
2007/05/30 19:04:40.687 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\mtulljes.dll is Win32/Darksma.X trojan.
2007/05/30 19:04:40.718 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\mtulljes.dll is Win32/Darksma.X trojan.
2007/05/30 20:07:46.625 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\jruapgbm.dll is Win32/Darksma.X trojan. Deleted
2007/05/30 20:07:47.125 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\jruapgbm.dll is Win32/Darksma.X trojan.
2007/05/30 20:07:47.265 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\jruapgbm.dll is Win32/Darksma.X trojan.
2007/05/30 20:07:47.390 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\nuhlpdpk.dll is Win32/Vundo.CR trojan. Deleted
2007/05/30 20:07:47.406 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\nuhlpdpk.dll is Win32/Vundo.CR trojan.
2007/05/30 20:07:47.421 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\nuhlpdpk.dll is Win32/Vundo.CR trojan.
2007/05/31 22:49:18.281 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\hrkavuot.dll is Win32/Vundo.CR trojan. Deleted
2007/05/31 22:49:20.750 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\hrkavuot.dll is Win32/Vundo.CR trojan.
2007/05/31 22:49:22.062 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\hrkavuot.dll is Win32/Vundo.CR trojan.
2007/05/31 22:50:04.500 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\rfbeafoo.dll is Win32/Vundo.CR trojan. Deleted
2007/05/31 22:50:04.937 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\rfbeafoo.dll is Win32/Vundo.CR trojan.
2007/05/31 22:50:05.109 File infection: C:\DOCUME~1\KRISTY~1\LOCALS~1\Temp\rfbeafoo.dll is Win32/Vundo.CR trojan.
2007/05/31 23:00:33.359 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:00:38.531 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:02:47.218 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:02:48.453 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:02:50.421 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:02:56.687 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:02:58.906 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:03:00.000 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:03:03.468 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:03:09.171 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:03:09.546 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:03:14.984 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:03:21.921 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:03:31.578 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:03:36.718 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:03:46.593 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:03:50.515 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:03:53.343 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:03:54.750 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:03:57.593 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:04:02.859 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:04:04.406 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:04:08.750 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:04:08.828 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:04:11.703 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:04:22.078 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:04:38.546 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:04:40.968 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:04:41.500 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:04:46.906 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:04:47.890 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:04:50.812 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:05:09.609 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:05:14.296 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:05:19.968 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:05:27.109 File infection: C:\WINDOWS\system32\ssqnlmj.dll is Win32/Chisyne!generic trojan.
2007/05/31 23:05:27.203 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
2007/05/31 23:05:31.156 File infection: C:\WINDOWS\system32\awvtq.dll is Win32/Vundo!generic trojan.
Thanks.
Hi Mekid
Use this (http://downloads.malwareremoval.com/hijackthis_sfx.exe) link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, rename HijackThis.exe to scanner.exe and double click on the scanner.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.
Now post your HijackThis log into this topic.
Thanks so much for the reply. Here's what I've got:
Logfile of HijackThis v1.99.1
Scan saved at 6:14:55 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\Kristy V\Desktop\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ateaseweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - C:\WINDOWS\system32\ssqnlmj.dll (file missing)
O2 - BHO: 0 - {43054AE9-BCA1-4540-539B-DB2E96E03663} - C:\Program Files\MSN Gaming Zone\laduxa.dll (file missing)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\vtgqjfkh.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {E345538B-1372-458A-8725-F3BDAC3CE020} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-soft.com/xvsy_offer/HDeskSetup_A.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125438658328
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ssqnlmj - ssqnlmj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Hi
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Thanks. Here's Vundo:
VundoFix V6.4.2
Checking Java version...
Scan started at 8:09:36 PM 6/4/2007
Listing files found while scanning....
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\qtvwa.tmp
C:\WINDOWS\system32\ssqnlmj.dll
C:\WINDOWS\system32\vtgqjfkh.dll
Beginning removal...
VundoFix V6.4.2
Checking Java version...
Scan started at 7:18:48 PM 6/5/2007
Listing files found while scanning....
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\ssqnlmj.dll
C:\WINDOWS\system32\vtgqjfkh.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\qtvwa.ini2 Has been deleted!
Performing Repairs to the registry.
Done!
And here's Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 9:31:23 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kristy V\Desktop\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ateaseweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {43054AE9-BCA1-4540-539B-DB2E96E03663} - C:\Program Files\MSN Gaming Zone\laduxa.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {E345538B-1372-458A-8725-F3BDAC3CE020} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-soft.com/xvsy_offer/HDeskSetup_A.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125438658328
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ssqnlmj - ssqnlmj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Hi
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: 0 - {43054AE9-BCA1-4540-539B-DB2E96E03663} - C:\Program Files\MSN Gaming Zone\laduxa.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {E345538B-1372-458A-8725-F3BDAC3CE020} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
O20 - Winlogon Notify: ssqnlmj - ssqnlmj.dll (file missing)
Close all windows including browser and press fix checked.
Reboot.
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Post:
- a fresh HijackThis log
- kaspersky report
Here is Kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 06, 2007 10:58:36 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/06/2007
Kaspersky Anti-Virus database records: 341051
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 67339
Number of viruses found: 10
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 01:05:06
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f173021397ee43a9a62db83a4bde856c_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05302007-192018.log Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Temp\kllvskxc.dll Object is locked skipped
C:\Documents and Settings\Amy\Local Settings\Temp\roooqqpy.dll Object is locked skipped
C:\Documents and Settings\Kristy V\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Kristy V\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Kristy V\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Kristy V\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Kristy V\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CC3FCCE8-82D2-4394-925E-95D90CFC575E} Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\History\History.IE5\MSHist012007060620070607\index.dat Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Temp\JETC6A.tmp Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Temp\~DFF8AE.tmp Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kristy V\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kristy V\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\TLO2G3HV\MSpaceContentInstall[1].exe Infected: Trojan-Downloader.Win32.Zlob.bon skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Program Files\MyWay\myBar\2.bin\MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
C:\Program Files\MyWay\myBar\2.bin\NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP800\A0144178.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP800\A0144179.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP800\A0144180.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP807\A0147358.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\KRISTY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe Infected: Trojan-Downloader.Win32.VB.fn skipped
C:\WINDOWS\SYSTEM32\T3\dlltk67.exe Infected: Trojan.Win32.BHO.ab skipped
C:\WINDOWS\SYSTEM32\T6\dlwr.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\WINDOWS\SYSTEM32\TQ0\dl52.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT07120.TMP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
And here is hijack:
Logfile of HijackThis v1.99.1
Scan saved at 11:03:22 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kristy V\Desktop\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ateaseweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-soft.com/xvsy_offer/HDeskSetup_A.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125438658328
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Hi
Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit to close ATF-Cleaner.
Uninstall via add/remove programs:
MyWay or similar
Delete these:
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\MyWay\
C:\WINDOWS\SYSTEM32\T1QaSQ
C:\WINDOWS\SYSTEM32\T3
C:\WINDOWS\SYSTEM32\T6
C:\WINDOWS\SYSTEM32\TQ0
Empty Recycle Bin.
Re-scan with kaspersky.
Post:
- a fresh HijackThis log
- kaspersky report
Here is Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 5:11:04 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kristy V\Desktop\scanner.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ateaseweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-soft.com/xvsy_offer/HDeskSetup_A.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125438658328
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
And here is Kasperksy:
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 10, 2007 6:23:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 11/06/2007
Kaspersky Anti-Virus database records: 342080
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 60352
Number of viruses found 9
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 00:46:18
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f173021397ee43a9a62db83a4bde856c_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05302007-192018.log Object is locked skipped
C:\Documents and Settings\Kristy V\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Kristy V\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Kristy V\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Kristy V\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Kristy V\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B7F51BF0-B32A-4799-8BE4-B543B4025C0D} Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\History\History.IE5\MSHist012007061020070611\index.dat Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Temp\JET96F6.tmp Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Temp\~DF2F30.tmp Object is locked skipped
C:\Documents and Settings\Kristy V\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kristy V\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kristy V\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP800\A0144179.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP800\A0144180.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP810\A0150416.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP810\A0150417.DLL Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP810\A0150418.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP810\A0150419.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP810\A0150420.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP810\A0150421.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP810\A0150422.exe Infected: Trojan-Downloader.Win32.VB.fn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\KRISTY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT0465e.TMP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hi
Download the Killbox (http://download.bleepingcomputer.com/spyware/KillBox.exe).
Save it to the desktop
Double-click Killbox.exe to run it.
Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
Empty this folder:
C:\!KillBox
Empty Recycle Bin.
Re-scan with kaspersky.
Post:
- a fresh HijackThis log
- kaspersky report
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.