View Full Version : Virtumonde!! possibly infected java
heavyjavadrinker
2007-12-04, 06:27
hi, i'd like to delete my old thread, but i don't know how. i'm trying my best to follow the rules here, but i thought it would be better to post this new information with updated logs.
about a week ago my computer became infected with virtumonde, virtumonde.generic and virtumonde.ddc.
i have ad-aware, spybot and spywareblaster installed. last night i installed windows defender.
Spybot has informed me that no immediate threats were found (in normal mode).
i have just run all of them and now i have run the kaspersky online virus scan.
i do not wish to use this computer until someone has looked through my kasperksy log and HJT log and advises as to what to do next. :lip:
could someone please look through my kaspersky log (it looks like my java is infected and my system volume information):
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 03, 2007 11:51:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/12/2007
Kaspersky Anti-Virus database records: 471607
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 61055
Number of viruses found: 12
Number of infected objects: 28
Number of suspicious objects: 2
Duration of the scan process: 00:49:19
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12032007-024848.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\coffee trader\Application Data\Sun\Java\Deployment\cache\6.0\57\364044f9-290163c0/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\coffee trader\Application Data\Sun\Java\Deployment\cache\6.0\57\364044f9-290163c0 ZIP: infected - 1 skipped
C:\Documents and Settings\coffee trader\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0d96-22e147e9.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\coffee trader\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0d96-22e147e9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\coffee trader\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\coffee trader\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\coffee trader\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\coffee trader\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\coffee trader\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\coffee trader\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6D7AB62E-5FC2-4566-A4BA-37EC013ACC96} Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\History\History.IE5\MSHist012007120320071204\index.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\coffee trader\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\coffee trader\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\qoobox\Quarantine\catchme2007-11-30_ 40337.03.zip/pmnll.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped
C:\qoobox\Quarantine\catchme2007-11-30_ 40337.03.zip ZIP: infected - 1 skipped
C:\qoobox\Quarantine\catchme2007-12-02_ 33909.68.zip/pmnll.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped
C:\qoobox\Quarantine\catchme2007-12-02_ 33909.68.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0089996.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0090020.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0090023.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0094444.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0094543.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP325\A0094743.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0094892.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP329\A0094924.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0096849.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0096850.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0096853.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0096856.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0096857.exe Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0096858.exe Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0096859.exe Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP341\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\hg173.exe Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DA1717CE-4135-4BCF-8D9B-48D935F51242}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_608.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
heavyjavadrinker
2007-12-04, 06:29
sorry the HJT log wouldnt fit.
and here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:35 AM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {28BF5BFB-0950-4C53-A39F-532B73EE7C59} - C:\Program Files\Internet Explorer\hokeqoC:\WINDOWS\system32\j2\ppjup83122.exe.dll (file missing)
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {D8355017-E96C-4264-A7AD-38F897D7D96F} - C:\Program Files\Internet Explorer\hokeqoC:\DOCUME~1\COFFEE~1\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\coffee trader\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\coffee trader\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O18 - Protocol: bw+0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw+0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw-0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw-0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw00 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw00s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw10 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw10s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw20 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw20s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw30 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw30s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw40 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw40s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw50 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw50s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw60 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw60s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw70 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw70s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw80 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw80s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw90 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw90s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwa0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwa0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwb0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwb0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwc0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwc0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwd0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwd0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwe0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwe0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwf0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwf0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwg0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwh0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwh0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwi0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwi0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwj0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwj0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwk0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwk0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwl0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwl0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwm0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwm0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwn0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwn0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwo0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwo0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwp0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwp0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwq0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwq0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwr0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwr0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bws0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bws0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwt0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwt0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwu0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwu0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwv0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwv0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bww0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bww0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwx0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwx0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwy0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwy0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwz0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwz0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: offline-8876480 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dmycwmig - dmycwmig.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 14006 bytes
:euro: that's it for now.
thanks !!!
Edit: Closed original topic http://forums.spybot.info/showthread.php?t=20898
pskelley
2007-12-05, 14:17
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Make sure Spybot S&D TeaTimer IS NOT enabled
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {28BF5BFB-0950-4C53-A39F-532B73EE7C59} - C:\Program Files\Internet Explorer\hokeqoC:\WINDOWS\system32\j2\ppjup83122.exe.dll (file missing)
O2 - BHO: (no name) - {D8355017-E96C-4264-A7AD-38F897D7D96F} - C:\Program Files\Internet Explorer\hokeqoC:\DOCUME~1\COFFEE~1\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\coffee trader\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\coffee trader\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O18 - Protocol: bw+0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw+0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw-0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw-0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw00 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw00s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw10 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw10s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw20 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw20s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw30 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw30s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw40 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw40s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw50 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw50s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw60 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw60s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw70 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw70s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw80 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw80s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw90 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bw90s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwa0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwa0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwb0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwb0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwc0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwc0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwd0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwd0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwe0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwe0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwf0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwf0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwg0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwh0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwh0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwi0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwi0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwj0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwj0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwk0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwk0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwl0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwl0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwm0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwm0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwn0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwn0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwo0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwo0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwp0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwp0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwq0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwq0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwr0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwr0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bws0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bws0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwt0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwt0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwu0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwu0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwv0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwv0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bww0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bww0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwx0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwx0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwy0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwy0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwz0 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: bwz0s - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O18 - Protocol: offline-8876480 - {2BC4DC2D-7643-4FEE-9183-69FB3CE4922B} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dmycwmig - dmycwmig.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart your computer
KASPERSKY ONLINE SCANNER REPORT Monday, December 03, 2007 11:51:32 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of the Recovery folder
http://ict.cas.psu.edu/training/howto/util/removespybot.htm#1
C:\Documents and Settings\coffee trader\Application Data\Sun\Java\Deployment\cache\ <<< clean your Java cache
http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml
C:\Documents and Settings\coffee trader\Desktop\SmitfraudFix\ <<< delete that folder
C:\qoobox\Quarantine\ <<< delete that folder
Restart the computer and then clean the System Restore files like this:
MANUAL INSTRUCTIONS FOR SYSTEM RESTORE
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Run a new scan which should be clean, do not post a clean scan. Post a new HJT log and let me know how the computer is running.
Thanks
heavyjavadrinker
2007-12-06, 23:18
hi
thanks for responding for my request for help.
i followed all of your directions. one thing though,
i could not find the C:\qoobox\Quarantine\ folder in
order to delete it.
i ran kaspersky one more time. i will not post the results
but just this summary:
Scan Statistics:
Total number of scanned objects: 53088
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:46:17
and finally the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:23 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
--
End of file - 6252 bytes
i'll post a reply later to tell you how the pc is running.
please tell me if you see anymore problems.
thanks again.
also is it okay to have avast antivirus and windows defender running at the same time for protection?
pskelley
2007-12-06, 23:32
Thanks for returning your information and the feedback. The HJT log looks good:bigthumb:
Kaspersky: Number of infected objects: 5 <<< I need to see what those items are, please post those scan results.
also is it okay to have avast antivirus and windows defender running at the same time for protection?Sure, I will post advice from some experts in the malware/security field when we close, but Avast is your Antivirus program and Windows Defender deals with Spyware. What are you running for a firewall?
Thanks:santa:
heavyjavadrinker
2007-12-07, 08:43
i'm working on my brothers computer here. he informs that
comcast has a built in firewall and told me not to install a firewall on this computer. so the only thing i use is this built in xp firewall which causes no problems. i believe he had mcafee installed at one point but disabled it.
i noticed that avast! will inform me of some spware attacks right away in will recommend me to move a trojan to the chest (quarrantine). is this enough protection? his girlfriend also uses this computer and is always leaving windows open with paypal and ebay accounts left open. isn't it possible for someone to ping your computer even with no browser open and give your a trojan virus? :devil:
here is the kaspersky scan:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 06, 2007 5:14:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/12/2007
Kaspersky Anti-Virus database records: 474667
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 53088
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:46:17
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12032007-024848.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\coffee trader\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\History\History.IE5\MSHist012007120620071207\index.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\coffee trader\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\coffee trader\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\coffee trader\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000007.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000025.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000025.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000025.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\hg173.exe Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CDD2D28A-1DC1-4EB0-BDED-EBC16F291847}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_608.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
thanks again!
the computer was used again today and noticed no popups (by the person using ie; i however never use ie, only firefox :) )
let me know what else you find.
:D:
pskelley
2007-12-07, 14:39
Thanks for returning your information and the feedback. Let's see if I can answer your questions.
If Comcast supplies a firewall he is happy with, fine. But you will find if you research that Microsoft does not suggest you run the SP2 firewall when another firewall is running.
I have Avast on a Compag with Windows98SE on it but alas I take it online to update only. I suggest the quarantine is for when you are not sure the item is bad or when the antivirus program can not delete the offending item and the only option is to quarantine. Once they are in the quarantine folder, they can do you no harm, but I suggest you delete them from there as soon as you can.
As far as eBay and PayPal, I would consult their technical support for the safest way to use their services.
KASPERSKY ONLINE SCANNER REPORT Thursday, December 06, 2007 5:14:22 PM
C:\WINDOWS\hg173.exe <<< delete that file, this is an active infection and the only one.
Restart and then clean your System Restore files:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000007.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000025.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000025.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000025.exe RarSFX: infected - 2 skipped
MANUAL INSTRUCTIONS FOR SYSTEM RESTORE
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Run another scan to make sure you are clean, I do not need to see a clean scan result. I am posting this information for you now so you can benefit from it.
Happy Holidays:santa:
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
heavyjavadrinker
2007-12-07, 20:32
i manually deleted C:\WINDOWS\hg173.exe emptied the trashcan and restarted the computer; is that all i have to do?
i'm stuck on step 2
and then clean your System Restore files:
what do you mean by that and how do i go about doing it? do i got to C:\System Volume Information\ myself and manually delete them?
thanks:rolleyes:
pskelley
2007-12-07, 20:34
That should have been fairly easy since I posted step by step instructions?
MANUAL INSTRUCTIONS FOR SYSTEM RESTORE
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
heavyjavadrinker
2007-12-07, 22:05
thanks pskelley!
i cleaned the system restore files and ran Kaspersky
again and got the following:
Scan complete.
No malware has been detected. The sections that have been scanned are CLEAN.
Scan Statistics:
Total number of scanned objects: 52136
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:44
:band:
you're the best :bow:
i never thought i'd see a completely clean scan report! :cleaning:
i'm going to follow all the protective measures to see that
this never happens again! i've learned a lot in the process of doing this.
i guess that wraps it up!
thanks!
:wav: