View Full Version : IE redirects to unwanted sites
I have issues with IE. Everytime I use Google with it, it redirects me to unwanted sites.
Here are the Kaspersky report and the HJT report.
Please advise. Thx
__________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:29:05, on 2007-09-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\SKDAEMON.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Video Enhanced\MSNVE.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1940A399-B471-4469-A00B-60080EEC1453} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: (no name) - {98EF9A9A-C35D-414C-A68D-37506AE6CC65} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\rpdvlkuw.dll (file missing)
O2 - BHO: (no name) - {FBF08E88-7CCB-4B3C-A5D4-B43CF7063DAC} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6600 Series sur NETVISTA80] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P46 "Auto EPSON Stylus CX6600 Series sur NETVISTA80" /O19 "\\NETVISTA80\CX6600" /M "Stylus CX6600"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\yudrotpq.dll",forkonce
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P36 "EPSON Stylus CX6600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\NETVISTA\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P37 "\\NETVISTA\EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182641667843
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.net/xp/ScanFile.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
--
End of file - 12491 bytes
Here is the Kaspersky report
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 04, 2007 8:27:44 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 4/09/2007
Kaspersky Anti-Virus database records: 403480
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
Scan Statistics:
Total number of scanned objects: 90161
Number of viruses found: 12
Number of infected objects: 24
Number of suspicious objects: 5
Duration of the scan process: 01:27:15
Infected Object Name / Virus Name / Last Action
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0016.BIN Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0017.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0017.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0017.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0017.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0017.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0019.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0019.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\$xfer\dvdshrink\setupcdripper.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\$xfer\dvdshrink\setupcdripper.exe WiseSFX: infected - 11 skipped
C:\Backup Netvista\$xfer\tightvnc\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Backup Netvista\$xfer\tightvnc\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Backup Netvista\$xfer\tightvnc\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Backup Netvista\backup pmm\outlook backup.pst/Personal Folders/Sent Items/31 Oct 2005 04:25 to 'ggaboriault@quartz.qc.ca':Bonjour Gilberte/tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Backup Netvista\backup pmm\outlook backup.pst/Personal Folders/Sent Items/31 Oct 2005 04:25 to 'ggaboriault@quartz.qc.ca':Bonjour Gilberte/tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Backup Netvista\backup pmm\outlook backup.pst/Personal Folders/Sent Items/31 Oct 2005 04:25 to 'ggaboriault@quartz.qc.ca':Bonjour Gilberte/tightvnc-1.2.9-setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Backup Netvista\backup pmm\outlook backup.pst Mail MS Mail: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\147B72A2.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Olivia\Local Settings\Temp\kicoddxx.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\Pierre\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pierre\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Pierre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pierre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pierre\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pierre\Local Settings\Historique\History.IE5\MSHist012007090420070905\index.dat Object is locked skipped
C:\Documents and Settings\Pierre\Local Settings\Temp\Perflib_Perfdata_340.dat Object is locked skipped
C:\Documents and Settings\Pierre\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Pierre\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pierre\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pierre\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pierre\UserData\index.dat Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\RECYCLER\S-1-5-21-260636622-1521863909-2511121144-1006\Dc10\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\RECYCLER\S-1-5-21-260636622-1521863909-2511121144-1006\Dc10\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\RECYCLER\S-1-5-21-260636622-1521863909-2511121144-1006\Dc10\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\2429.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\installer.exe Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{EA554558-D1D1-41BE-9114-0D85F90C8576}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\AClient.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ipv6monr.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\system32\jcuxuhnp.dll Infected: Trojan.Win32.BHO.bd skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_570.dat Object is locked skipped
C:\WINDOWS\update2.html Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Wanted to post additional information. Everytime I run Spybot SD, I see Virtumonde as threat. I delete it but it always comes back.:eek:
Since I did not get a reply on my initial post, I read all the posts that talked about Virtumonde.
According to the posts, I went ahead and ran COM'BOFIX, ATFCleaner and HJT after renaming the program.
Here is the COMBOFIX log. Other post will follow with the HJT.
ComboFix 07-08-30.3 - "Pierre" 2007-09-06 18:02:54.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.2.1036.18.199 [GMT -4:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\1.exe -ppc_timeout=
C:\WINDOWS\144.exe
C:\WINDOWS\2.exe
C:\WINDOWS\2429.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ipv6monr.dll
C:\WINDOWS\system32\jcuxuhnp.dll
C:\WINDOWS\system32\qptorduy.ini
C:\WINDOWS\system32\qptorduy.ini2
C:\WINDOWS\system32\yudrotpq.dll
C:\WINDOWS\update.exe
C:\WINDOWS\update7.exe
((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))
2007-09-06 18:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-03 21:31 <REP> d-------- C:\Program Files\Trend Micro
2007-09-03 21:26 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-03 21:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-01 11:00 <REP> d-------- C:\DOCUME~1\Lyne\(null)
2007-08-29 07:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-29 07:51 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-29 07:37 61,952 --a------ C:\WINDOWS\system32\escwiad.dll
2007-08-29 07:33 <REP> d-------- C:\DOCUME~1\Pierre\APPLIC~1\Corel
2007-08-29 07:32 <REP> d-------- C:\DOCUME~1\Pierre\APPLIC~1\InstallShield
2007-08-28 18:23 5,642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-28 18:23 168 -r-hs---- C:\WINDOWS\system32\9C72997D3D.sys
2007-08-28 18:23 <REP> d-------- C:\DOCUME~1\Lyne\APPLIC~1\Corel
2007-08-28 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Corel
2007-08-28 18:21 <REP> d-------- C:\Program Files\Corel
2007-08-28 18:12 <REP> d-------- C:\DOCUME~1\Lyne\APPLIC~1\Leadertech
2007-08-28 11:57 423,424 --a------ C:\WINDOWS\system32\rwdx6d20.dll
2007-08-28 11:57 339,968 --a------ C:\WINDOWS\system32\rwdx8d20.dll
2007-08-28 11:57 331,776 --a------ C:\WINDOWS\system32\rwx20.dll
2007-08-28 11:57 283,648 --a------ C:\WINDOWS\uninst.exe
2007-08-28 11:57 283,648 --a------ C:\WINDOWS\unin040c.exe
2007-08-28 11:57 <REP> d-------- C:\Program Files\Hasbro
2007-08-28 11:57 <REP> d-------- C:\DOCUME~1\Lyne\WINDOWS
2007-08-27 23:52 <REP> d-------- C:\DOCUME~1\Pierre\APPLIC~1\muvee Technologies
2007-08-21 22:57 <REP> d-------- C:\Program Files\Lavasoft
2007-08-21 22:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-21 22:56 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-08-21 22:53 438,784 --a------ C:\WINDOWS\installer.exe
2007-08-21 22:53 424,960 --a------ C:\WINDOWS\system32\AClient.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-29 07:37 --------- d-------- C:\Program Files\EPSON
2007-08-29 00:02 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-08-26 21:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-21 22:59 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-21 22:59 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-21 22:57 --------- d-------- C:\DOCUME~1\Pierre\APPLIC~1\Lavasoft
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 08:46 4842 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-26 19:29 --------- d-------- C:\Program Files\MSN Messenger
2007-07-22 12:41 --------- d-------- C:\Program Files\Google
2007-07-19 23:14 --------- d-------- C:\Program Files\Fichiers communs\Nikon
2007-07-19 23:14 --------- d-------- C:\DOCUME~1\Pierre\APPLIC~1\Nikon
2007-07-19 23:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
2007-07-19 23:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
2007-07-19 23:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon
2007-07-19 23:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-19 23:12 --------- d-------- C:\Program Files\Nikon
2007-07-19 23:12 --------- d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-07-19 23:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bass
2007-07-19 02:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-19 00:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-18 21:01 --------- d-------- C:\DOCUME~1\Marie\APPLIC~1\Google
2007-07-18 16:43 --------- d-------- C:\DOCUME~1\Lyne\APPLIC~1\Talkback
2007-07-15 17:08 --------- d-------- C:\Program Files\Sonic
2007-07-15 17:08 --------- d-------- C:\Program Files\Fichiers communs\TiVo Shared
2007-07-12 19:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:24 823808 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:24 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:24 477696 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:24 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:24 1152000 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:23 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:22 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 04:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 02:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 00:11 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-19 09:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 09:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-06-13 09:22 1037312 --------- C:\WINDOWS\system32\dllcache\explorer.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1940A399-B471-4469-A00B-60080EEC1453}]
C:\WINDOWS\system32\geeda.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}]
2007-08-28 18:17 424960 --a------ C:\WINDOWS\system32\AClient.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98EF9A9A-C35D-414C-A68D-37506AE6CC65}]
C:\WINDOWS\system32\vtsqq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBF08E88-7CCB-4B3C-A5D4-B43CF7063DAC}]
C:\WINDOWS\system32\vtsqq.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-09 21:05]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 18:08 C:\WINDOWS\system32\ico.exe]
"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2004-03-29 20:02 C:\WINDOWS\system32\SKDAEMON.EXE]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-04-02 08:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-03 10:22]
"MSN Video Enhanced"="C:\Program Files\MSN Video Enhanced\MSNVE.exe" [2004-01-09 14:04]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2004-09-03 13:14]
"DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-12-18 17:39]
"Auto EPSON Stylus CX6600 Series sur NETVISTA80"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.exe" [2004-03-01 04:00]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 12:01]
"EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.exe" [2004-03-01 04:00]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 13:22]
"TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 19:36]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"EPSON Stylus CX6600 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.exe" [2004-03-01 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 20:09]
"\\NETVISTA\EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.exe" [2004-03-01 04:00]
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WAM;Wicked Access by Mark;\??\C:\Program Files\IBM\IBM Rapid Restore Ultra\WAM.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b7a6f83-e6b5-11db-a0bc-000d60dd2f59}]
AutoRun\command- G:\LaunchU3.exe -a
Contents of the 'Scheduled Tasks' folder
2007-09-01 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyse systme complte - Pierre.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 18:28:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
\\NETVISTA\EPSON Stylus CX6600 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P37 "\\NETVISTA\EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"?????????????????????????????p???g??w0??w????*??w???w????O??w2????????????????LY????w????????????????????T???????????g??w???w???????w???w?KY????????????w???????????????????????????????|?????????KY?????????????O??ws??w???w'??w2???????????L????????????? ?????????J???????4????a?w2???????????????????????????????T????b?w????????????+S??????????????h??w????????????z??w????????8???????????`??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\NETVISTA\\EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P37 \"\\\\NETVISTA\\EPSON Stylus CX6600 Series\" /M \"Stylus CX6600\" /EF \"HKCU\"\00\01\00\00\00\00\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\12\00\00\00\00\00p\12\00g\04w0w*ww\00\00\00\00Ow2\04\16\00\00\00\00\00\00\00\00\00\00\00\00\04LY\00˴w\00\00\00\00\12\00\00\00\00\00\01\00\00\00\00\00\00\00T\12\00\00\00\00\00\12\00g\04wдw˴wwKY\00\00\00\00\00\00\00\00w\00\00\00\00\00\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\0c\12\00|\12\00\18\00\00\00KY\00\00\00\00\00\00\00\00\00\00\00\00Owsww'w2\04\16\00\00\00\00\00\00\00\00\00L\04\04\00\02\02\00\00\00\00\00\00\15\00\0d\00\0c\19\00\01\00\00J\02\00\00\00\00\00\004\12\00aw2\04\16\00\00\00\00\00\01\00\00\00\00\00\00\00\0f\00\00\00\00\00\00\00\00T\12\00\08bw\00\00\00\0f\00\00\00\00\00+S\02\10\12\00\03\00\00\00\12\00hw\00\00\00\0f\00\00\00\00\00zw\0f\00\00\00\008\12\00\04\01\00\00\00\00\00\00`\12"
Completion time: 2007-09-06 18:29:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-06 18:29
--- E O F ---
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:42, on 2007-09-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\SKDAEMON.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Video Enhanced\MSNVE.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\outil.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1940A399-B471-4469-A00B-60080EEC1453} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: (no name) - {98EF9A9A-C35D-414C-A68D-37506AE6CC65} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {FBF08E88-7CCB-4B3C-A5D4-B43CF7063DAC} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6600 Series sur NETVISTA80] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P46 "Auto EPSON Stylus CX6600 Series sur NETVISTA80" /O19 "\\NETVISTA80\CX6600" /M "Stylus CX6600"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P36 "EPSON Stylus CX6600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\NETVISTA\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P37 "\\NETVISTA\EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182641667843
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.net/xp/ScanFile.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
--
End of file - 12205 bytes
I ran SPybot SD and did not find Virtumonde.
I rebooted.
I starter IE and did a google search.
DriveCleaner popup did not happen.. Good news.
However, my google search results page was redirected to OXYSearch...:red:
[LINK REMOVED]
How can I get rid of that one issue left???
Thanks
Hi and welcome to the Forums :)
I'm sorry for the delay but we've been pretty busy....
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.
==================
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {1940A399-B471-4469-A00B-60080EEC1453} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HttpGuard - {98B822AD-6BE7-49BC-B773-97240B774080} - C:\WINDOWS\system32\AClient.dll
O2 - BHO: (no name) - {98EF9A9A-C35D-414C-A68D-37506AE6CC65} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {FBF08E88-7CCB-4B3C-A5D4-B43CF7063DAC} - C:\WINDOWS\system32\vtsqq.dll (file missing)
Please run Killbox.
Select "Delete on Reboot".
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\2429.exe
C:\WINDOWS\installer.exe
C:\WINDOWS\system32\AClient.dll
C:\WINDOWS\update2.html
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Select "All Files".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
Hi, thanks for your help.
Here are the DrWeb and HJT reports:
installer.exe C:\!KillBox Trojan.Click.3614 Supprim.
update2.html C:\!KillBox Trojan.PWS.Tanspy Supprim.
backup-20070909-214419-479.dll C:\Program Files\Trend Micro\HijackThis\backups Trojan.BhoBot Supprim.
2429.exe.vir C:\qoobox\Quarantine\C\WINDOWS Trojan.PWS.Tanspy Supprim.
ipv6monr.dll.vir C:\qoobox\Quarantine\C\WINDOWS\system32 Trojan.PWS.Tanspy Supprim.
jcuxuhnp.dll.vir C:\qoobox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Supprim.
Process.exe C:\WINDOWS\system32 Tool.Prockill Irrparable.Quarantaine.
___________________________________________
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:16:56, on 2007-09-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\SKDAEMON.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Video Enhanced\MSNVE.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\HijackThis\outil.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6600 Series sur NETVISTA80] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P46 "Auto EPSON Stylus CX6600 Series sur NETVISTA80" /O19 "\\NETVISTA80\CX6600" /M "Stylus CX6600"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P36 "EPSON Stylus CX6600 Series (Copie 1)" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\NETVISTA\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P37 "\\NETVISTA\EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182641667843
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.net/xp/ScanFile.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
--
End of file - 11750 bytes
Looks pretty good.
One or more of the identified & removed infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this (http://www.dslreports.com/faq/10451) article too.
how is the computer running?
Everything runs smoothly.:bigthumb:
Thanks for your comments about the identity theft.
Can you send me a list of things to do, programs to run to make sure this situation does not happen again?
Can you recommend an antivirus SW that would be worth paying for? I currently run Norton Antivirus but obviously it does not do the most perfect job of identifying malware.
Thanks again
Hello :)
If you've paid for Norton I recommend that you continue using it. Of course there are also some good free alternatives available...
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)
Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
Hi,
I ran spybot S&D. Here is the report.
Is this Windows Secrurity disabled a problem?
--- Report generated: 2007-09-12 18:34 ---
Microsoft.WindowsSecurityCenter_disabled: Rglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-12 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-12 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-12 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-12 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-12 Includes\PUPSC.sbi (*)
2007-09-12 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-12 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-12 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-12 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
Thanks again fro your great work
Hello :)
That only means that some parts of security center has been disabled. This has propably been done by your Norton.
:bigthumb: