PDA

View Full Version : HELP! winantivirus popups and others....



killerjay
2006-09-04, 01:41
lately i have been recieving a bunch of popups to download winantivirus, and a bunch of other advertisements like partypoker........i found winantivirus on search and destroy so i deleted it and now i get a bunch of popups......heres my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 6:41:21 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\iddC2.tmp.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.socomscene.net/vb/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSearch/SearchBarLM/YSetSearch/2006/07/27/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {011d2083-C046-BB9E-5910-FB5F1F79F110} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153690393171
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{999B8DC6-518D-45EB-B3B3-6E6F1BD987A5}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pskelley
2006-09-04, 17:37
Welcome to the forum, winantivirus comes with the Vundo trojan, and the hackers have found they can hide it from HJT. Since it sounds like you have the infection, and Spybot can not remove it, follow these directions.

1) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm

Thanks to Atribune and any others who helped with this fix.

2) Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

You have other nasties too, so there will be more to do.

Thanks

killerjay
2006-09-05, 06:20
i scanned withvundofix before and it found 1 thing and deleted it, but i still get popups from winantivirus 2006............ thanx for the replay also, here is the vundofix text u asked for...


VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.8

Scan started at 10:01:59 AM 9/2/2006

Listing files found while scanning....

C:\WINDOWS\system32\opnkigd.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\opnkigd.dll
C:\WINDOWS\system32\opnkigd.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.8

Scan started at 10:54:54 AM 9/2/2006

Listing files found while scanning....

No infected files were found.


VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.8

Scan started at 11:05:08 PM 9/4/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...



and here is the hjt log you asked for that was put into its own folder in the C drive...

Logfile of HijackThis v1.99.1
Scan saved at 11:20:06 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\honestech\honestech TVR\honestechTV.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.socomscene.net/vb/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSearch/SearchBarLM/YSetSearch/2006/07/27/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7F4E93B9-C583-4496-B336-212E03AE2894} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: (no name) - {9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {011d2083-C046-BB9E-5910-FB5F1F79F110} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153690393171
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{999B8DC6-518D-45EB-B3B3-6E6F1BD987A5}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pskelley
2006-09-05, 09:39
OK, let's chat a moment. I have to fly to Baltimore for a funeral this after noon and will not be back until late Sunday night. If you respond during that time, someone else will probably assist. If not, I will be back on Monday.

Here is what I see. First, you have old versions of Java, which is probably why you got this infections in the first place, see this, and may be the reason why VundoFix did not remove the item?
http://forums.spybot.info/showpost.php?p=12880&postcount=2 here are the versions showing in the VundoFix:
Java version is 1.5.0.4, Java version is 1.5.0.6, Java version is 1.5.0.8 Open Add Remove programs and uninstall all versions but the newest. Check to make sure it is the newest version: http://www.java.com/en/download/installed.jsp

I am almost certain this is Vundo: O2 - BHO: (no name) - {7F4E93B9-C583-4496-B336-212E03AE2894} - C:\WINDOWS\system32\sstqn.dll
but Vundo always has a corresponding 020 item lower in the log. Start by renaming HijackThis to say MyHJT.exe or something like that, then reboot and scan then look in the log for that 020 line that has the same file as this one: C:\WINDOWS\system32\sstqn.dll

At that point, with the new version of Java, run that fix again, if it does not kill that files the first time, follow the direction until it does kill it. If this occurs, I would appreciate it if you would upload the file so it can be added to the fix. Follow the instructions I posted earlier. Once the item is killed it will appear like this in the HJT log:
C:\WINDOWS\system32\sstqn.dll (file missing) then we can remove what is left with HJT which I am going to post now for you.

After Vundo has been deleted:

Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(I left the MSN HomePage, the rest of R1/RO is optional junk that does not make you browser run better, you make the call)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/Au...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

O2 - BHO: (no name) - {7F4E93B9-C583-4496-B336-212E03AE2894} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: (no name) - {9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} - (no file)
(next toolbar is not working with the "file missing", reinstall it again if you use it)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
(if you set this next advanced option, you may leave it)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
NetSource101
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball...GameLoader.dll
http://www.castlecops.com/atxlist-1604.html <<< see this

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Post a new HJT log along with any comments you think will help.

Thanks

killerjay
2006-09-06, 00:15
soive done everything you told me, ive been recently getting alot of virus attacks from this win32.beenut.f virus and it would send like 100 infections over and over, zonealarm stopped some ad others got errors.......i deleted them right after.......ivone wut u told me to do but that file doesntgo away......heres the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 4:23:30 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\MyHJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.socomscene.net/vb/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54F13D55-AE14-4A08-9B40-6442572A94C5} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {011d2083-C046-BB9E-5910-FB5F1F79F110} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153690393171
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{999B8DC6-518D-45EB-B3B3-6E6F1BD987A5}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrnt32 - C:\WINDOWS\SYSTEM32\winrnt32.dll
O20 - Winlogon Notify: winxko32 - winxko32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

killerjay
2006-09-06, 00:25
[QUOTE=killerjay;41186]soive done everything you told me, ive been recently getting alot of virus attacks from this win32.beenut.f virus and it would send like 100 infections over and over, zonealarm stopped some ad others got errors.......i deleted them right after.......ivone wut u told me to do but that file doesntgo away......heres the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 5:24:28 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\MyHJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.socomscene.net/vb/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67B3ECA8-DE1B-494E-AEF5-35D1104E03E3} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {011d2083-C046-BB9E-5910-FB5F1F79F110} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153690393171
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{999B8DC6-518D-45EB-B3B3-6E6F1BD987A5}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O20 - Winlogon Notify: winxko32 - winxko32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

srry that was an older hjt log, heres the new one

teacup61
2006-09-06, 00:52
Hello,

I'll be standing in for Phil while he's away. :)


* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens,Click Scan for Vundo button.
* Once the scan is complete, Right Click inside the listbox (white box) and click add more files
* Copy&Paste the 2 entries below into the top 2 boxes

o C:\WINDOWS\system32\sstqn.dll
o C:\WINDOWS\system32\nqtss.*

* Click Add Files and Click Close Window
* Click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Also please let me know how your computer is running. :)

Thanks,
tea

killerjay
2006-09-06, 02:25
hmmm maybe its me but when i open vundofix.exe there is only a start scan, and ree vundo button, nothing else...........and a lil sentence that tells u to donat if vundofix worked for u......

teacup61
2006-09-06, 03:03
Hello,

Yes, you have to right click in the white window and choose add more files. It is not a button you click for that. :)

Regards,
tea

killerjay
2006-09-06, 03:58
ok, i added the files, then cscanned and it found nothing again....... and also, mwindows live messenger has been taking up ALOT of cpu% and alot of memory, about 50,000K right now.......

killerjay
2006-09-06, 22:47
hmmm....i havent gotten a winantivirus poput yet......i think that might of worked, but i have only used my comp a couple mins now so ill see later on, and the following website doesnt load for me anymore, is this site used by java? cuz i want it to work, it loads on firefox but not on ie 7, http://www.us.playstation.com/Content/OGS/SCUS-97545/Site/

teacup61
2006-09-07, 01:46
Hello,

The same thing happened to me, however, the home page did open with IE.

Could I see a new HijackThis log please? :)

Thanks,
tea

killerjay
2006-09-07, 03:43
damb it........i just got a winantivirus popup! GRRRRRRRRR!!!!!!!! still there, it sends me to this website : http://www.winantivirus.com/pages/scanner/?p=15&j=1&ex=1&ax=1&h=10&aid=nm_bs_wav_kw&lid=spy&affid=nm_862_46322fc039f411db937900167647fa98_7e37da48+6f38a4258d3b49429ae356529e7c533b

heres the hjt log u asked for:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:16 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\MyHJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.socomscene.net/vb/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {F9CC5D01-CB0C-418F-A883-E78BFE1E2472} - C:\WINDOWS\system32\sstqn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {011d2083-C046-BB9E-5910-FB5F1F79F110} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20060511/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153690393171
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{999B8DC6-518D-45EB-B3B3-6E6F1BD987A5}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: sstqn - C:\WINDOWS\system32\sstqn.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O20 - Winlogon Notify: winxko32 - winxko32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

teacup61
2006-09-07, 04:12
Hello,

Please download VirtumundoBeGone:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to the Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the Desktop
* Follow the directions as indicated

This program may generate a "Blue Screen of Death" which is an expected/necessary part of the process.
Do not be concerned.
Just reboot if your system "jams".

To confirm successful deletion, and determine if there are any additional problems, please post the VirtumundoBeGone log VBG.txt. It is found on the Desktop.

Also, please post a new HijackThis log and let me know how it's running now. :)

Thanks,
tea

killerjay
2006-09-07, 04:40
wow, i think that might of did it, not really sure, im talking right after i used this, ill use my browser a bit more and see if its really fixed...

oh and heres the vbg.txt


[09/06/2006, 21:25:12] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Owner\Desktop\VirtumundoBeGone.exe" )
[09/06/2006, 21:25:48] - Detected System Information:
[09/06/2006, 21:25:48] - Windows Version: 5.1.2600, Service Pack 2
[09/06/2006, 21:25:48] - Current Username: Compaq_Owner (Admin)
[09/06/2006, 21:25:48] - Windows is in NORMAL mode.
[09/06/2006, 21:25:48] - Searching for Browser Helper Objects:
[09/06/2006, 21:25:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/06/2006, 21:25:48] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/06/2006, 21:25:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/06/2006, 21:25:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/06/2006, 21:25:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/06/2006, 21:25:48] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/06/2006, 21:25:48] - BHO 4: {DABD8DDE-906F-40CB-B515-9B7B7D27D623} ()
[09/06/2006, 21:25:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/06/2006, 21:25:48] - Checking for HKLM\...\Winlogon\Notify\sstqn
[09/06/2006, 21:25:48] - Found: HKLM\...\Winlogon\Notify\sstqn - This is probably Virtumundo.
[09/06/2006, 21:25:48] - Assigning {DABD8DDE-906F-40CB-B515-9B7B7D27D623} MSEvents Object
[09/06/2006, 21:25:48] - BHO list has been changed! Starting over...
[09/06/2006, 21:25:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/06/2006, 21:25:48] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/06/2006, 21:25:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/06/2006, 21:25:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/06/2006, 21:25:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/06/2006, 21:25:49] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/06/2006, 21:25:49] - BHO 4: {DABD8DDE-906F-40CB-B515-9B7B7D27D623} (MSEvents Object)
[09/06/2006, 21:25:49] - ALERT: Found MSEvents Object!
[09/06/2006, 21:25:49] - Finished Searching Browser Helper Objects
[09/06/2006, 21:25:49] - *** Detected MSEvents Object
[09/06/2006, 21:25:49] - Trying to remove MSEvents Object...
[09/06/2006, 21:25:50] - Terminating Process: IEXPLORE.EXE
[09/06/2006, 21:25:56] - Terminating Process: RUNDLL32.EXE
[09/06/2006, 21:26:01] - Disabling Automatic Shell Restart
[09/06/2006, 21:26:01] - Terminating Process: EXPLORER.EXE
[09/06/2006, 21:26:02] - Suspending the NT Session Manager System Service
[09/06/2006, 21:26:02] - Terminating Windows NT Logon/Logoff Manager
[09/06/2006, 21:26:03] - Re-enabling Automatic Shell Restart
[09/06/2006, 21:26:03] - File to disable: C:\WINDOWS\system32\sstqn.dll
[09/06/2006, 21:26:03] - Renaming C:\WINDOWS\system32\sstqn.dll -> C:\WINDOWS\system32\sstqn.dll.vir
[09/06/2006, 21:26:04] - File successfully renamed!
[09/06/2006, 21:26:04] - Removing HKLM\...\Browser Helper Objects\{DABD8DDE-906F-40CB-B515-9B7B7D27D623}
[09/06/2006, 21:26:04] - Removing HKCR\CLSID\{DABD8DDE-906F-40CB-B515-9B7B7D27D623}
[09/06/2006, 21:26:04] - Adding Kill Bit for ActiveX for GUID: {DABD8DDE-906F-40CB-B515-9B7B7D27D623}
[09/06/2006, 21:26:04] - Deleting ATLEvents/MSEvents Registry entries
[09/06/2006, 21:26:04] - Removing HKLM\...\Winlogon\Notify\sstqn
[09/06/2006, 21:26:04] - Searching for Browser Helper Objects:
[09/06/2006, 21:26:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/06/2006, 21:26:04] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/06/2006, 21:26:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/06/2006, 21:26:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/06/2006, 21:26:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/06/2006, 21:26:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/06/2006, 21:26:04] - Finished Searching Browser Helper Objects
[09/06/2006, 21:26:04] - Finishing up...
[09/06/2006, 21:26:04] - A restart is needed.
[09/06/2006, 21:26:16] - Attempting to Restart via STOP error (Blue Screen!)


thanx

killerjay
2006-09-07, 05:49
now theres another problem....lately ive gotten this popup at every startup....can i get this fixed? its not in my msconfig either....

http://allyoucanupload.webshots.com/viewimage?imageID=1286046480687639844

please help me fix this, its really getting annoying...

teacup61
2006-09-07, 16:21
Good morning,

I asked for a new HijackThis log....can I see one please? Yes, looks like it worked on the Vundo. :) How is it running?

killerjay
2006-09-08, 03:46
Logfile of HijackThis v1.99.1
Scan saved at 8:45:19 PM, on 9/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\honestech\honestech TVR\honestechTV.exe
C:\HJT\MyHJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.socomscene.net/vb/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {011d2083-C046-BB9E-5910-FB5F1F79F110} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20060511/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153690393171
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{999B8DC6-518D-45EB-B3B3-6E6F1BD987A5}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O20 - Winlogon Notify: winxko32 - winxko32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ALOT FASTER!! I USED TO GET THE ROLLING FLASHLIGHT WHEN LOADING FOLDERS, NOW THEY LOAD SO FAST!!!! THANK YOU! but if you can help me with that annoying popup that i get at startup, that would be even better!

teacup61
2006-09-08, 11:57
Hello,

Glad to know it's better. :) Let's see what a scan finds and removes.

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)


Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Use Cleanmgr to clean temporary files:

1. Click > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O20 - Winlogon Notify: winxko32 - winxko32.dll (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".


In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the report from Ewido and a new HijackThis log. Let me know how it's running. :)

Thanks,
tea

killerjay
2006-09-11, 01:59
i used spyware doctor instead, it cleaned about 211 infections, like winantivirus leftovers and trojan dialers.....everything is working a lot smoother:) thanks for helping me with this, startup....http://allyoucanupload.webshots.com/...46480687639844

please help me fix this, its really getting annoying...

teacup61
2006-09-11, 14:02
Hello,

Could you please follow my directions above? I can't help with the problem if I can't see what I need to see.

Thanks,
tea

killerjay
2006-09-12, 23:08
Hello,

Could you please follow my directions above? I can't help with the problem if I can't see what I need to see.

Thanks,
tea

Logfile of HijackThis v1.99.1
Scan saved at 4:07:12 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\MyHJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.socomscene.net/vb/index.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {011d2083-C046-BB9E-5910-FB5F1F79F110} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20060511/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153690393171
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{999B8DC6-518D-45EB-B3B3-6E6F1BD987A5}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

therer u go

teacup61
2006-09-13, 01:32
And the Ewido report please? :)

killerjay
2006-09-13, 14:46
And the Ewido report please? :)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:35:44 AM 9/13/2006

+ Scan result:



:mozilla.12:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wr7zvj0k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.13:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\wr7zvj0k.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.


::Report end

heres my spyware doctor log cuz i used spyware other than ewido before

Scan Results:
scan start: 9/10/2006 11:27:47 AM
scan stop: 9/10/2006 11:42:06 AM
scanned items: 147145
found items: 212
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Virtumonde C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@202.67.220[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@88clicks[2].txt Low
Advertising C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads15.bpath[1].txt Low
2nd-thought.com C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[1].txt High
Advertising C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@edge.ru4[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pogo[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pogo[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt Low
Advertising C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revenue[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[2].txt Low
SysProtectFree C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@scanner.sysprotect[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[2].txt Low
SysProtectFree C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sysprotect[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt Low
Advertising C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[1].txt Low
Rogue Anti-Spyware Products C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.winantiviruspro[2].txt High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\0EFYUV9D\August_L3K_CNET_728x90_08765[1].swf High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7UVYH5B4\BT_BB_HUB_explodingtext_468x60[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7UVYH5B4\BT_BB_HUB_gate_120x600[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7UVYH5B4\leaderboard1static[1].jpg High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\1036509761440e501f2ba39[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\10900897694277ce82ce630[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\12677620384411ae17e59e7[1].swf High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\12677620384411ae17e59e7[2].swf High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8A2SMI5O\420688808434281ebcef7a[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\BJFFGOKC\1-Gadgets_-_General_-_Branding_1_-_Billboard[1].jpg High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\HYKDJLGF\1627105720440e523066bca[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\HYKDJLGF\19121313224464ef1eb5682[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\NDH52JM2\817-grey[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\P6SFGXLQ\6-1x1[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\P6SFGXLQ\817-grey[1].gif High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\QQ31NIQ1\logo-15x15[1].png High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\SD2BPOLP\DartRichMedia_1_03[1].js High
Known Bad Sites C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\UYAZTKX6\160x600_snowylunchrush[1].jpg High
Maxifiles C:\Program Files\Common Files\{7E37DA48-07CF-1033-0309-050804030001}\services.dll High
SahAgent C:\WINDOWS\system32\ptljom6c.ini Elevated
Common Components Unrelated C:\WINDOWS\system32\SVKP.sys Medium
Tracking Cookie(s) cookies.txt - Line #26 Low
Advertising cookies.txt - Line #27 Low
Tracking Cookie(s) cookies.txt - Line #31 Low
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0} High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}## High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore## High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore##Count High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore##Time High
Trojan.Popuper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}\iexplore##Type High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BPTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##OCCUR High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32 High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##Asynchronous High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##DllName High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##Impersonate High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##Shutdown High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32##Startup High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32 High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##Asynchronous High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##DllName High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##Impersonate High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##Shutdown High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxko32##Startup High
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##DisplayName Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##ErrorControl Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##ImagePath Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##Start Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP##Type Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum##0 Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum##Count Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Enum##NextInstance Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Security Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Security## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP\Security##Security Medium
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##DependOnGroup Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##DependOnService Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##Group Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##Start Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##Tag Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf##Type Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf\Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf\Security## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf\Security##Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##Group Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##Start Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##Tag Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk##Type Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk\Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk\Security## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk\Security##Security Elevated
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##DisplayName Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##ErrorControl Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##ImagePath Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##Start Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP##Type Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP\Security Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP\Security## Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP\Security##Security Medium
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##DependOnGroup Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##DependOnService Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##Group Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##Start Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##Tag Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf##Type Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf\Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf\Security## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf\Security##Security Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##Group Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##Start Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##Tag Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk##Type Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk\Security Elevated

to be continued.......

killerjay
2006-09-13, 14:47
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk\Security## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk\Security##Security Elevated
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP##NextInstance Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000 Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##Capabilities Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##Class Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##ClassGUID Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##ConfigFlags Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##DeviceDesc Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##Legacy Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000##Service Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000\Control Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000\Control## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVKP\0000\Control##ActiveService Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##DisplayName Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##ErrorControl Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##ImagePath Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##Start Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP##Type Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum##0 Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum##Count Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Enum##NextInstance Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Security Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Security## Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP\Security##Security Medium
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##DependOnGroup Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##DependOnService Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##Group Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##Start Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##Tag Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf##Type Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security##Security Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##DisplayName Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##ErrorControl Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##Group Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##ImagePath Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##Start Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##Tag Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk##Type Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security##Security Elevated
Maxifiles C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP450\A0084128.dll High
SahAgent C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP450\A0084129.ini Elevated
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet001\Services\SVKP## Medium
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet001\Services\vspf_hk## Elevated
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\ControlSet003\Services\SVKP## Medium
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\ControlSet003\Services\vspf_hk## Elevated
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP Medium
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\SVKP## Medium
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk## Elevated

teacup61
2006-09-13, 22:40
Hello,

I asked for Ewido.

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)


Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.


In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


Thank you,
tea

tashi
2006-09-16, 05:38
killerjay, still with us?

tashi
2006-09-20, 08:38
:sad:

As the information requested has not been provided, this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread; this applies only to the original topic starter.