BriGuy27
2009-02-11, 05:26
I had virtumonde, but got rid of it w/the help of some fine folks in this forum. I installed avast! Antivirus as instructed when one day my computer became infected. I must have accidentally installed the fake AntiVirus 2009 on my computer. That was a headache in itself to get rid of, but unfortunately I'm not finished yet. Here's my anti-virus log (BriGuy being my user id for the computer):
2/9/2009 10:43:00 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\ntngeerf.exe" file.
2/9/2009 10:43:43 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\ntvzjyga.exe" file.
2/9/2009 10:43:48 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\phkeigvd.exe" file.
2/9/2009 10:43:53 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\actcontroller.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:44:12 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\drivers\protect.sys" file.
2/9/2009 10:44:20 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\hhupd.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:44:34 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\i386kd.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:44:38 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\idaw64.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:44:56 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\ndetect.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:45:24 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\tjyyyztv.exe" file.
2/9/2009 11:24:27 PM BriGuy 1368 Sign of "Win32:Tidserv [Trj]" has been found in "C:\WINDOWS\system32\drivers\TDSSPXFE.SYS" file.
2/10/2009 10:56:44 AM BriGuy 740 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP1004\A0161849.EXE" file.
2/10/2009 5:37:36 PM BriGuy 740 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP1004\A0161850.dll" file.
2/10/2009 6:03:40 PM BriGuy 740 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP1004\A0161851.dll" file.
2/10/2009 6:03:46 PM BriGuy 740 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP1004\A0161852.dll" file.
2/10/2009 6:33:15 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\DefaultWsdlHelpGenerator.aspx" file.
2/10/2009 6:42:01 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\EULA\KOR.HTM" file.
2/10/2009 6:42:04 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\EULA\PRC.HTM" file.
2/10/2009 6:42:04 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\EULA\TAI.HTM" file.
2/10/2009 6:42:05 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\KOR.HTM" file.
2/10/2009 6:42:05 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\PRC.HTM" file.
2/10/2009 6:42:05 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\TAI.HTM" file.
2/10/2009 6:44:01 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WTK22\docs\api\midp\index-all.html" file.
2/10/2009 6:55:35 PM SYSTEM 1388 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\VRTB.tmp" file.
2/10/2009 6:58:33 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\yahoo_com[1].htm" file.
2/10/2009 6:59:14 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\mail[1].htm" file.
2/10/2009 7:00:05 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\login[1].htm" file.
2/10/2009 7:00:22 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\launch[1].htm" file.
2/10/2009 7:00:29 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\blank[1].htm" file.
2/10/2009 7:00:34 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\fc[1].htm" file.
2/10/2009 7:00:49 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\blank[1].htm" file.
2/10/2009 7:00:55 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\blank[2].htm" file.
2/10/2009 7:01:04 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 7:01:09 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\getInPage[1].htm" file.
2/10/2009 7:01:12 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\blank[1].htm" file.
2/10/2009 7:01:16 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\01[1].htm" file.
2/10/2009 7:01:20 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\cfug[1].htm" file.
2/10/2009 7:01:25 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\uug[1].htm" file.
2/10/2009 7:01:35 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\blank[1].htm" file.
2/10/2009 7:01:38 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\blank[2].htm" file.
2/10/2009 7:01:43 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\fc[1].htm" file.
2/10/2009 7:02:18 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\fc[1].htm" file.
2/10/2009 7:02:26 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\_;ord=1234310537502528[1].htm" file.
2/10/2009 7:07:38 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\yahoo_com[1].htm" file.
2/10/2009 7:38:13 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\yahoo_com[1].htm" file.
2/10/2009 7:49:54 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\mail[1].htm" file.
2/10/2009 7:50:08 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\login[1].htm" file.
2/10/2009 7:50:11 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\yahoo_com[1].htm" file.
2/10/2009 8:00:44 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\blank[1].htm" file.
2/10/2009 8:01:36 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\launch[1].htm" file.
2/10/2009 8:01:44 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\fc[1].htm" file.
2/10/2009 8:01:47 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\blank[1].htm" file.
2/10/2009 8:01:50 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\blank[2].htm" file.
2/10/2009 8:01:55 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\blank[1].htm" file.
2/10/2009 8:02:00 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\blank[1].htm" file.
2/10/2009 8:02:03 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 8:02:07 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\view[1].html" file.
2/10/2009 8:02:16 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\forums_spybot_info[1].htm" file.
2/10/2009 8:02:35 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\forumdisplay[1].htm" file.
2/10/2009 8:02:54 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\newthread[1].htm" file.
2/10/2009 8:03:09 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\login[1].htm" file.
2/10/2009 8:03:15 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\newthread[1].htm" file.
2/10/2009 8:08:18 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\news[1].htm" file.
2/10/2009 8:08:49 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\ultimate-guitar_com[1].htm" file.
2/10/2009 8:08:56 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\iframe3[1].htm" file.
2/10/2009 8:08:59 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\ADTECH;target=_blank;sub1=iframe;misc=[1234314534];rdclick=[1].htm" file.
2/10/2009 8:10:38 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\search[1].htm" file.
2/10/2009 8:10:46 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\iframe3[1].htm" file.
2/10/2009 8:10:52 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\ADTECH;target=_blank;sub1=iframe;misc=[1234314644];rdclick=[1].htm" file.
2/10/2009 8:10:56 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\iframe3[1].htm" file.
2/10/2009 8:11:02 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\net[1].htm" file.
2/10/2009 8:11:07 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\bh[1].htm" file.
2/10/2009 8:11:14 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\jet_airliner_power_tab[1].htm" file.
2/10/2009 8:11:19 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\takeoverAd[1].htm" file.
2/10/2009 8:11:28 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\jet_airliner_power_tab[2].htm" file.
2/10/2009 8:11:35 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 8:11:41 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\iframe3[1].htm" file.
2/10/2009 8:11:45 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\ads[2].htm" file.
2/10/2009 8:11:50 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\ads[1].htm" file.
2/10/2009 8:12:02 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\ads[1].htm" file.
2/10/2009 8:12:06 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\B3338750[1].htm" file.
2/10/2009 8:14:03 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\search[1].htm" file.
2/10/2009 8:14:14 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 8:14:20 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\01[1].htm" file.
2/10/2009 8:14:35 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\cars_power_tab[1].htm" file.
2/10/2009 8:14:41 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\iframe3[1].htm" file.
2/10/2009 8:14:45 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\ads[1].htm" file.
2/10/2009 8:14:49 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\ads[2].htm" file.
2/10/2009 8:14:55 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\ads[1].htm" file.
2/10/2009 8:14:59 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\B3344678[1].htm" file.
2/10/2009 8:16:38 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\jet_airliner_power_tab[1].htm" file.
2/10/2009 8:16:45 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 8:16:50 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\ads[1].htm" file.
2/10/2009 8:16:59 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\iframe3[1].htm" file.
2/10/2009 8:17:03 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\01[1].htm" file.
Every time I go to a website, the virus scanner yells that the HTML:Iframe-inf is found in the temporary internet file. Firefox is not working for me, so I'm using IE currently. Here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:19 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\PROGRA~1\POWERT~1\POWERT~1.7\PTEditor.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 8518 bytes
SpyBot came up w/no problems & I can't seem to shake this virus. I've done boot-time scans & deleted all infected files, but I still get them. Any hints?
2/9/2009 10:43:00 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\ntngeerf.exe" file.
2/9/2009 10:43:43 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\ntvzjyga.exe" file.
2/9/2009 10:43:48 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\phkeigvd.exe" file.
2/9/2009 10:43:53 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\actcontroller.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:44:12 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\drivers\protect.sys" file.
2/9/2009 10:44:20 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\hhupd.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:44:34 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\i386kd.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:44:38 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\idaw64.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:44:56 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\system32\ndetect.exe\[UPX]\[Embedded_I#0f758]" file.
2/9/2009 10:45:24 PM BriGuy 1016 Sign of "Win32:Trojan-gen {Other}" has been found in "c:\windows\tjyyyztv.exe" file.
2/9/2009 11:24:27 PM BriGuy 1368 Sign of "Win32:Tidserv [Trj]" has been found in "C:\WINDOWS\system32\drivers\TDSSPXFE.SYS" file.
2/10/2009 10:56:44 AM BriGuy 740 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP1004\A0161849.EXE" file.
2/10/2009 5:37:36 PM BriGuy 740 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP1004\A0161850.dll" file.
2/10/2009 6:03:40 PM BriGuy 740 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP1004\A0161851.dll" file.
2/10/2009 6:03:46 PM BriGuy 740 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{81D97640-A600-45A6-B0D3-BD06AB5A81A7}\RP1004\A0161852.dll" file.
2/10/2009 6:33:15 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\DefaultWsdlHelpGenerator.aspx" file.
2/10/2009 6:42:01 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\EULA\KOR.HTM" file.
2/10/2009 6:42:04 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\EULA\PRC.HTM" file.
2/10/2009 6:42:04 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\EULA\TAI.HTM" file.
2/10/2009 6:42:05 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\KOR.HTM" file.
2/10/2009 6:42:05 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\PRC.HTM" file.
2/10/2009 6:42:05 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WINDOWS\system32\oobe\setup\IBM\TAI.HTM" file.
2/10/2009 6:44:01 PM BriGuy 740 Sign of "HTML:Iframe-inf" has been found in "C:\WTK22\docs\api\midp\index-all.html" file.
2/10/2009 6:55:35 PM SYSTEM 1388 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\VRTB.tmp" file.
2/10/2009 6:58:33 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\yahoo_com[1].htm" file.
2/10/2009 6:59:14 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\mail[1].htm" file.
2/10/2009 7:00:05 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\login[1].htm" file.
2/10/2009 7:00:22 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\launch[1].htm" file.
2/10/2009 7:00:29 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\blank[1].htm" file.
2/10/2009 7:00:34 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\fc[1].htm" file.
2/10/2009 7:00:49 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\blank[1].htm" file.
2/10/2009 7:00:55 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\blank[2].htm" file.
2/10/2009 7:01:04 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 7:01:09 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\getInPage[1].htm" file.
2/10/2009 7:01:12 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\blank[1].htm" file.
2/10/2009 7:01:16 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\01[1].htm" file.
2/10/2009 7:01:20 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\cfug[1].htm" file.
2/10/2009 7:01:25 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\uug[1].htm" file.
2/10/2009 7:01:35 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\blank[1].htm" file.
2/10/2009 7:01:38 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\blank[2].htm" file.
2/10/2009 7:01:43 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\fc[1].htm" file.
2/10/2009 7:02:18 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\fc[1].htm" file.
2/10/2009 7:02:26 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\_;ord=1234310537502528[1].htm" file.
2/10/2009 7:07:38 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\yahoo_com[1].htm" file.
2/10/2009 7:38:13 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\yahoo_com[1].htm" file.
2/10/2009 7:49:54 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\mail[1].htm" file.
2/10/2009 7:50:08 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\login[1].htm" file.
2/10/2009 7:50:11 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\yahoo_com[1].htm" file.
2/10/2009 8:00:44 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\blank[1].htm" file.
2/10/2009 8:01:36 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\launch[1].htm" file.
2/10/2009 8:01:44 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\fc[1].htm" file.
2/10/2009 8:01:47 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\blank[1].htm" file.
2/10/2009 8:01:50 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\blank[2].htm" file.
2/10/2009 8:01:55 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\blank[1].htm" file.
2/10/2009 8:02:00 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\blank[1].htm" file.
2/10/2009 8:02:03 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 8:02:07 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\view[1].html" file.
2/10/2009 8:02:16 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\forums_spybot_info[1].htm" file.
2/10/2009 8:02:35 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\forumdisplay[1].htm" file.
2/10/2009 8:02:54 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\newthread[1].htm" file.
2/10/2009 8:03:09 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\login[1].htm" file.
2/10/2009 8:03:15 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\newthread[1].htm" file.
2/10/2009 8:08:18 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\news[1].htm" file.
2/10/2009 8:08:49 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\ultimate-guitar_com[1].htm" file.
2/10/2009 8:08:56 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\iframe3[1].htm" file.
2/10/2009 8:08:59 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\ADTECH;target=_blank;sub1=iframe;misc=[1234314534];rdclick=[1].htm" file.
2/10/2009 8:10:38 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\search[1].htm" file.
2/10/2009 8:10:46 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\iframe3[1].htm" file.
2/10/2009 8:10:52 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\ADTECH;target=_blank;sub1=iframe;misc=[1234314644];rdclick=[1].htm" file.
2/10/2009 8:10:56 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\iframe3[1].htm" file.
2/10/2009 8:11:02 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\net[1].htm" file.
2/10/2009 8:11:07 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\bh[1].htm" file.
2/10/2009 8:11:14 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\jet_airliner_power_tab[1].htm" file.
2/10/2009 8:11:19 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\takeoverAd[1].htm" file.
2/10/2009 8:11:28 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\jet_airliner_power_tab[2].htm" file.
2/10/2009 8:11:35 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 8:11:41 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\iframe3[1].htm" file.
2/10/2009 8:11:45 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\ads[2].htm" file.
2/10/2009 8:11:50 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\ads[1].htm" file.
2/10/2009 8:12:02 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\ads[1].htm" file.
2/10/2009 8:12:06 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\B3338750[1].htm" file.
2/10/2009 8:14:03 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\search[1].htm" file.
2/10/2009 8:14:14 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 8:14:20 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\01[1].htm" file.
2/10/2009 8:14:35 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\cars_power_tab[1].htm" file.
2/10/2009 8:14:41 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\iframe3[1].htm" file.
2/10/2009 8:14:45 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\ads[1].htm" file.
2/10/2009 8:14:49 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\ads[2].htm" file.
2/10/2009 8:14:55 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\ads[1].htm" file.
2/10/2009 8:14:59 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\B3344678[1].htm" file.
2/10/2009 8:16:38 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\KWS8LNR9\jet_airliner_power_tab[1].htm" file.
2/10/2009 8:16:45 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\0032CHWW\iframe3[1].htm" file.
2/10/2009 8:16:50 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\84C3LQ41\ads[1].htm" file.
2/10/2009 8:16:59 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\iframe3[1].htm" file.
2/10/2009 8:17:03 PM SYSTEM 1388 Sign of "HTML:Iframe-inf" has been found in "C:\Documents and Settings\BriGuy\Local Settings\Temporary Internet Files\Content.IE5\EDMWIR6P\01[1].htm" file.
Every time I go to a website, the virus scanner yells that the HTML:Iframe-inf is found in the temporary internet file. Firefox is not working for me, so I'm using IE currently. Here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:19 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\PROGRA~1\POWERT~1\POWERT~1.7\PTEditor.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 8518 bytes
SpyBot came up w/no problems & I can't seem to shake this virus. I've done boot-time scans & deleted all infected files, but I still get them. Any hints?