Annoying infection I can't fix

A

Albear

New member
Hi,

Usually my computer is squeaky clean, but somehow something snuck in recently and dug its roots into my operating system. Usually I’m able to fix problems for myself, but this one’s over my head.

I run Win2k (SP4) with Spybot S&D and Command Antivirus (courtesy of my school).
Spybot never seems to be able to clean out the problems it finds, they’re always back shortly after a scan/fix, even if I run it on startup.

Here’s my HiJackThis.log:

Logfile of HijackThis v1.99.1
Scan saved at 10:29:51 AM, on 2/13/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\WINNT\system32\ctfmon.exe
C:\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINNT\system32\HDBHO.dll
O2 - BHO: (no name) - {061B4796-AC83-83C9-04FF-0925152D92A0} - C:\WINNT\system32\xyppyec.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08F3DE08-D567-B04D-4707-049186618363} - (no file)
O2 - BHO: (no name) - {12D340B4-B1FB-516D-2865-0502A179A538} - C:\WINNT\system32\famrwjg.dll
O2 - BHO: (no name) - {1D1277AE-9DFC-4974-9E2F-524B1E8FC174} - C:\WINNT\system32\wvwtt.dll
O2 - BHO: (no name) - {1F15F502-2FA1-A50E-DCFE-01C94FFE3E23} - C:\WINNT\system32\exyslie.dll
O2 - BHO: (no name) - {2D721796-6630-CDCA-93C9-04C767AB8198} - (no file)
O2 - BHO: (no name) - {3CE9D602-A8A4-5AD0-9D92-07E3E57C74BC} - (no file)
O2 - BHO: (no name) - {444FC0D6-1B96-06FA-9FB2-03BB8313907A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57CFE5D7-7F22-59C6-CADE-07E8BD1386B7} - (no file)
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - (no file)
O2 - BHO: (no name) - {673A2752-222A-E6D4-7052-002B2E7D523C} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\xfwnaxaw.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38EA9~1\Bar888.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38EA9~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\eiralona.dll",setvm
O4 - HKCU\..\Run: [procexp] C:\\scratch\\ProcessExplorer\\procexp.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135492471065
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A982D80-A98D-4F18-A575-F0EAD811944E}: NameServer = 68.87.85.98,68.87.69.146
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: wingmo32 - wingmo32.dll (file missing)
O20 - Winlogon Notify: wvwtt - C:\WINNT\system32\wvwtt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DriverStudio Remote Control - Unknown owner - C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: OLE multi config - Unknown owner - C:\WINNT\system32\ole2.exe (file missing)
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
 
Hi Albear

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
 
Thanks,

I ran VundoFix, it didn't alert me that files could not be deleted and did not run on startup. It did however encounter an error at the end of the file removal portion:

Registry Editor: said:
Cannot import c:\\VundoFix.reg: Error opening the file. There may be a disk or file system error.
Click to expand...

Here's the VundoFix.txt file:

VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.8

Java version is 1.5.0.9

Scan started at 11:15:35 AM 2/14/2007

Listing files found while scanning....

C:\Documents and settings\Alec Henning\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Alec Henning\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINNT\system32\aavbixxc.dll
C:\WINNT\system32\altteggb.dll
C:\WINNT\system32\anolarie.ini
C:\WINNT\system32\asnsbhcv.dll
C:\WINNT\system32\awtqpnl.dll
C:\WINNT\system32\bggettla.ini
C:\WINNT\system32\bpmexumf.exe
C:\WINNT\system32\ckytumae.ini
C:\WINNT\system32\eamutykc.dll
C:\WINNT\system32\eiralona.dll
C:\WINNT\system32\etkbyivk.dll
C:\WINNT\system32\evwcbkks.dll
C:\WINNT\system32\fqecwpn.dll
C:\WINNT\system32\ihjmrmek.ini
C:\WINNT\system32\izeghld.dll
C:\WINNT\system32\jdqundlk.dll
C:\WINNT\system32\kemrmjhi.dll
C:\WINNT\system32\kldnuqdj.ini
C:\WINNT\system32\ljhgf.dll
C:\WINNT\system32\ljjkigd.dll
C:\WINNT\system32\lpeksrdt.ini
C:\WINNT\system32\lssjumlr.ini
C:\WINNT\system32\nbbvxffs.exe
C:\WINNT\system32\opnnkjk.dll
C:\WINNT\system32\opnoljg.dll
C:\WINNT\system32\prgwvgul.dll
C:\WINNT\system32\qomjkli.dll
C:\WINNT\system32\rlmujssl.dll
C:\WINNT\system32\rqrqono.dll
C:\WINNT\system32\tdrskepl.dll
C:\WINNT\system32\tuvwwwu.dll
C:\WINNT\system32\umbnjcyw.dll
C:\WINNT\system32\vchbsnsa.ini
C:\WINNT\system32\wvuttqq.dll
C:\WINNT\system32\wvwtt.dll
C:\WINNT\system32\wycjnbmu.ini
C:\WINNT\system32\xfwnaxaw.dll
C:\WINNT\system32\xxyaaxv.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Alec Henning\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Alec Henning\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Alec Henning\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Alec Henning\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!

Attempting to delete C:\WINNT\system32\aavbixxc.dll
C:\WINNT\system32\aavbixxc.dll Has been deleted!

Attempting to delete C:\WINNT\system32\altteggb.dll
C:\WINNT\system32\altteggb.dll Has been deleted!

Attempting to delete C:\WINNT\system32\anolarie.ini
C:\WINNT\system32\anolarie.ini Has been deleted!

Attempting to delete C:\WINNT\system32\asnsbhcv.dll
C:\WINNT\system32\asnsbhcv.dll Has been deleted!

Attempting to delete C:\WINNT\system32\awtqpnl.dll
C:\WINNT\system32\awtqpnl.dll Has been deleted!

Attempting to delete C:\WINNT\system32\bggettla.ini
C:\WINNT\system32\bggettla.ini Has been deleted!

Attempting to delete C:\WINNT\system32\bpmexumf.exe
C:\WINNT\system32\bpmexumf.exe Has been deleted!

Attempting to delete C:\WINNT\system32\ckytumae.ini
C:\WINNT\system32\ckytumae.ini Has been deleted!

Attempting to delete C:\WINNT\system32\eamutykc.dll
C:\WINNT\system32\eamutykc.dll Has been deleted!

Attempting to delete C:\WINNT\system32\eiralona.dll
C:\WINNT\system32\eiralona.dll Has been deleted!

Attempting to delete C:\WINNT\system32\etkbyivk.dll
C:\WINNT\system32\etkbyivk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\evwcbkks.dll
C:\WINNT\system32\evwcbkks.dll Has been deleted!

Attempting to delete C:\WINNT\system32\fqecwpn.dll
C:\WINNT\system32\fqecwpn.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ihjmrmek.ini
C:\WINNT\system32\ihjmrmek.ini Has been deleted!

Attempting to delete C:\WINNT\system32\izeghld.dll
C:\WINNT\system32\izeghld.dll Has been deleted!

Attempting to delete C:\WINNT\system32\jdqundlk.dll
C:\WINNT\system32\jdqundlk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\kemrmjhi.dll
C:\WINNT\system32\kemrmjhi.dll Has been deleted!

Attempting to delete C:\WINNT\system32\kldnuqdj.ini
C:\WINNT\system32\kldnuqdj.ini Has been deleted!

Attempting to delete C:\WINNT\system32\ljhgf.dll
C:\WINNT\system32\ljhgf.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ljjkigd.dll
C:\WINNT\system32\ljjkigd.dll Has been deleted!

Attempting to delete C:\WINNT\system32\lpeksrdt.ini
C:\WINNT\system32\lpeksrdt.ini Has been deleted!

Attempting to delete C:\WINNT\system32\lssjumlr.ini
C:\WINNT\system32\lssjumlr.ini Has been deleted!

Attempting to delete C:\WINNT\system32\nbbvxffs.exe
C:\WINNT\system32\nbbvxffs.exe Has been deleted!

Attempting to delete C:\WINNT\system32\opnnkjk.dll
C:\WINNT\system32\opnnkjk.dll Has been deleted!

Attempting to delete C:\WINNT\system32\opnoljg.dll
C:\WINNT\system32\opnoljg.dll Has been deleted!

Attempting to delete C:\WINNT\system32\prgwvgul.dll
C:\WINNT\system32\prgwvgul.dll Has been deleted!

Attempting to delete C:\WINNT\system32\qomjkli.dll
C:\WINNT\system32\qomjkli.dll Has been deleted!

Attempting to delete C:\WINNT\system32\rlmujssl.dll
C:\WINNT\system32\rlmujssl.dll Has been deleted!

Attempting to delete C:\WINNT\system32\rqrqono.dll
C:\WINNT\system32\rqrqono.dll Has been deleted!

Attempting to delete C:\WINNT\system32\tdrskepl.dll
C:\WINNT\system32\tdrskepl.dll Has been deleted!

Attempting to delete C:\WINNT\system32\tuvwwwu.dll
C:\WINNT\system32\tuvwwwu.dll Has been deleted!

Attempting to delete C:\WINNT\system32\umbnjcyw.dll
C:\WINNT\system32\umbnjcyw.dll Has been deleted!

Attempting to delete C:\WINNT\system32\vchbsnsa.ini
C:\WINNT\system32\vchbsnsa.ini Has been deleted!

Attempting to delete C:\WINNT\system32\wvuttqq.dll
C:\WINNT\system32\wvuttqq.dll Has been deleted!

Attempting to delete C:\WINNT\system32\wvwtt.dll
C:\WINNT\system32\wvwtt.dll Has been deleted!

Attempting to delete C:\WINNT\system32\wycjnbmu.ini
C:\WINNT\system32\wycjnbmu.ini Has been deleted!

Attempting to delete C:\WINNT\system32\xfwnaxaw.dll
C:\WINNT\system32\xfwnaxaw.dll Has been deleted!

Attempting to delete C:\WINNT\system32\xxyaaxv.dll
C:\WINNT\system32\xxyaaxv.dll Has been deleted!

Performing Repairs to the registry.
Done!

And the HiJackThis.log file:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:20 AM, on 2/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\scratch\ProcessExplorer\procexp.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINNT\system32\HDBHO.dll
O2 - BHO: (no name) - {061B4796-AC83-83C9-04FF-0925152D92A0} - C:\WINNT\system32\xyppyec.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08F3DE08-D567-B04D-4707-049186618363} - (no file)
O2 - BHO: (no name) - {12D340B4-B1FB-516D-2865-0502A179A538} - C:\WINNT\system32\famrwjg.dll
O2 - BHO: (no name) - {1F15F502-2FA1-A50E-DCFE-01C94FFE3E23} - C:\WINNT\system32\exyslie.dll
O2 - BHO: (no name) - {2D721796-6630-CDCA-93C9-04C767AB8198} - (no file)
O2 - BHO: (no name) - {3CE9D602-A8A4-5AD0-9D92-07E3E57C74BC} - (no file)
O2 - BHO: (no name) - {434A68AB-CC3D-41A6-A07A-4C05A9B58EFC} - C:\WINNT\system32\wvwtt.dll (file missing)
O2 - BHO: (no name) - {444FC0D6-1B96-06FA-9FB2-03BB8313907A} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57CFE5D7-7F22-59C6-CADE-07E8BD1386B7} - (no file)
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - (no file)
O2 - BHO: (no name) - {673A2752-222A-E6D4-7052-002B2E7D523C} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\xfwnaxaw.dll (file missing)
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38EA9~1\Bar888.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38EA9~1\Bar888.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKCU\..\Run: [procexp] C:\\scratch\\ProcessExplorer\\procexp.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135492471065
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A982D80-A98D-4F18-A575-F0EAD811944E}: NameServer = 68.87.85.98,68.87.69.146
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: wingmo32 - wingmo32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DriverStudio Remote Control - Unknown owner - C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: OLE multi config - Unknown owner - C:\WINNT\system32\ole2.exe (file missing)
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
 
Hi

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {061B4796-AC83-83C9-04FF-0925152D92A0} - C:\WINNT\system32\xyppyec.dll
O2 - BHO: (no name) - {08F3DE08-D567-B04D-4707-049186618363} - (no file)
O2 - BHO: (no name) - {12D340B4-B1FB-516D-2865-0502A179A538} - C:\WINNT\system32\famrwjg.dll
O2 - BHO: (no name) - {1F15F502-2FA1-A50E-DCFE-01C94FFE3E23} - C:\WINNT\system32\exyslie.dll
O2 - BHO: (no name) - {2D721796-6630-CDCA-93C9-04C767AB8198} - (no file)
O2 - BHO: (no name) - {3CE9D602-A8A4-5AD0-9D92-07E3E57C74BC} - (no file)
O2 - BHO: (no name) - {434A68AB-CC3D-41A6-A07A-4C05A9B58EFC} - C:\WINNT\system32\wvwtt.dll (file missing)
O2 - BHO: (no name) - {444FC0D6-1B96-06FA-9FB2-03BB8313907A} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {57CFE5D7-7F22-59C6-CADE-07E8BD1386B7} - (no file)
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - (no file)
O2 - BHO: (no name) - {673A2752-222A-E6D4-7052-002B2E7D523C} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\xfwnaxaw.dll (file missing)
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38EA9~1\Bar888.dll (file missing)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38EA9~1\Bar888.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O20 - Winlogon Notify: wingmo32 - wingmo32.dll (file missing)

Close all windows including browser and press fix checked.

Reboot

Send a fresh HijackThis log
 
Thanks,

No errors occurred during the fix, here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:48:42 PM, on 2/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\WINNT\explorer.exe
C:\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINNT\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKCU\..\Run: [procexp] C:\\scratch\\ProcessExplorer\\procexp.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135492471065
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A982D80-A98D-4F18-A575-F0EAD811944E}: NameServer = 68.87.85.98,68.87.69.146
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DriverStudio Remote Control - Unknown owner - C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
 
Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Send:

- a fresh HijackThis log
- kaspersky report
 
Thanks,

Here's the HJT log:
-----------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:48:49 PM, on 2/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\DllHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\explorer.exe
C:\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINNT\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKCU\..\Run: [procexp] C:\\scratch\\ProcessExplorer\\procexp.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135492471065
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A982D80-A98D-4F18-A575-F0EAD811944E}: NameServer = 68.87.85.98,68.87.69.146
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DriverStudio Remote Control - Unknown owner - C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe


And the Kaspersky report:
---------------------------

KASPERSKY ONLINE SCANNER REPORT
Thursday, February 15, 2007 3:42:44 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/02/2007
Kaspersky Anti-Virus database records: 268350
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Folders
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 132247
Number of viruses found 20
Number of infected objects 68 / 0
Number of suspicious objects 1
Duration of the scan process 02:55:27

Infected Object Name Virus Name Last Action
C:\384d0e5f61380cea16\xpsp1hfm.exe Object is locked skipped
C:\b793dff83c4fd188961eb66121352682\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QR45CYER\deliver46860[1].htm Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QR45CYER\FOYGq2JV9B[1].exe Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe/Stream/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe/Stream/data0002 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe/Stream Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe Inno: infected - 3 skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\l11[1].exe Infected: Trojan-Downloader.Win32.Zlob.bbz skipped
C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine\jmmbmanv.exe.bac_a01720 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine\owynpfvu.exe.bac_a01720 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine\rcdaksqu.exe.bac_a01720 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine\system.dll.bac_a01720 Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine\Update.exe.bac_a01720 Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine\VSAdd-in_1.dll.bac_a01720 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine\wlzip32[1].exe.bac_a01720 Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine\yvtiqxbv.exe.bac_a01720 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Alec Henning\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\History\History.IE5\MSHist012007021520070216\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~efe2.tmp Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0001\~efe2.tmp Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Temp\Photoshop Temp317624 Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\My Documents\Internet Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alec Henning\My Documents\Internet Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alec Henning\My Documents\Internet Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Alec Henning\My Documents\Internet Downloads\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Alec Henning\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alec Henning\ntuser.dat.LOG Object is locked skipped
C:\ff629b69e3fcc57cc668f76617f804f4\msxml4-KB927978-enu.log Object is locked skipped
C:\HiJackThis\backups\backup-20070214-134458-420.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\HiJackThis\backups\backup-20070214-134458-481.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\HiJackThis\backups\backup-20070214-134458-608.dll Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\RECYCLER\S-1-5-18\Dc5\system.dlla Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\RECYCLER\S-1-5-18\Dc5\Update.exea Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\RECYCLER\S-1-5-18\Dc6\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-500\Dc7\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.z skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-500\Dc8\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.z skipped
C:\sfmgr\BRZLIC.TXT Object is locked skipped
C:\VundoFix Backups\aavbixxc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\altteggb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\asnsbhcv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\awtqpnl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\bpmexumf.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\eamutykc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\eiralona.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\etkbyivk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\evwcbkks.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\fqecwpn.dll.bad Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\VundoFix Backups\izeghld.dll.bad Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\VundoFix Backups\jdqundlk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\kemrmjhi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\ljjkigd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\nbbvxffs.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\opnnkjk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\opnoljg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\prgwvgul.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\qomjkli.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\rlmujssl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\rqrqono.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\tdrskepl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\tuvwwwu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\umbnjcyw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\VSAdd-in.dll.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\wvuttqq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\wvwtt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\xxyaaxv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{25A72930-05AA-420E-A0AA-764725F10E1F}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\svchost.exe Infected: Trojan.Win32.Agent.qt skipped
C:\WINNT\system32\components\flx22.dll Infected: not-virus:Hoax.Win32.Renos.gh skipped
C:\WINNT\system32\config\ACEEvent.evt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\drvpiw.dll Infected: not-virus:Hoax.Win32.Renos.gi skipped
C:\WINNT\system32\drvsod.dll Infected: not-virus:Hoax.Win32.Renos.gi skipped
C:\WINNT\system32\drvwub.dll Infected: not-virus:Hoax.Win32.Renos.gi skipped
C:\WINNT\system32\ighcpk.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\WINNT\system32\iwztkzn.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\WINNT\system32\v6.exe Infected: Trojan-Downloader.Win32.Tiny.fk skipped
C:\WINNT\system32\vtuss.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINNT\system32\xryoryux.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
Scan process completed.

I also attached the original .html report in a zip file if the text I copied from it is not adequate. The zip file contains only the html file.
 
Hi

Text is just fine :)

Empty Internet Explorer temporary internet files

Empty these folders:

C:\Documents and Settings\Alec Henning\.housecall6.6\Quarantine
C:\VundoFix Backups\

Delete these:

C:\HiJackThis\backups\backup-20070214-134458-420.dll C:\HiJackThis\backups\backup-20070214-134458-481.dll C:\HiJackThis\backups\backup-20070214-134458-608.dll
C:\WINNT\svchost.exe
C:\WINNT\system32\components\flx22.dll
C:\WINNT\system32\drvpiw.dll
C:\WINNT\system32\drvsod.dll
C:\WINNT\system32\drvwub.dll
C:\WINNT\system32\ighcpk.dll
C:\WINNT\system32\iwztkzn.dll
C:\WINNT\system32\v6.exe
C:\WINNT\system32\vtuss.dll
C:\WINNT\system32\xryoryux.bad

Empty Recycle Bin

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersly report
 
Thanks,

I emptied my recycle bin and cleared my temporary internet files.

Here's the HJT log:
------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:11:12 PM, on 2/16/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINNT\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKCU\..\Run: [procexp] C:\\scratch\\ProcessExplorer\\procexp.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135492471065
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A982D80-A98D-4F18-A575-F0EAD811944E}: NameServer = 68.87.85.98,68.87.69.146
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DriverStudio Remote Control - Unknown owner - C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe


Here's the Kaspersky report:
---------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 16, 2007 2:05:51 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/02/2007
Kaspersky Anti-Virus database records: 268925
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 130785
Number of viruses found: 8
Number of infected objects: 17 / 0
Number of suspicious objects: 1
Duration of the scan process: 02:30:18

Infected Object Name / Virus Name / Last Action
C:\384d0e5f61380cea16\xpsp1hfm.exe Object is locked skipped
C:\b793dff83c4fd188961eb66121352682\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QR45CYER\deliver46860[1].htm Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QR45CYER\FOYGq2JV9B[1].exe Infected: Trojan-Downloader.Win32.Busky.gen skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe/Stream/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe/Stream/data0002 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe/Stream Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe Inno: infected - 3 skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\l11[1].exe Infected: Trojan-Downloader.Win32.Zlob.bbz skipped
C:\Documents and Settings\Alec Henning\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\cert8.db Object is locked skipped
C:\Documents and Settings\Alec Henning\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\history.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\key3.db Object is locked skipped
C:\Documents and Settings\Alec Henning\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\parent.lock Object is locked skipped
C:\Documents and Settings\Alec Henning\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\History\History.IE5\MSHist012007021620070217\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Temp\Acr1F30.tmp Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\My Documents\Internet Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alec Henning\My Documents\Internet Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Alec Henning\My Documents\Internet Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Alec Henning\My Documents\Internet Downloads\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Alec Henning\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alec Henning\ntuser.dat.LOG Object is locked skipped
C:\ff629b69e3fcc57cc668f76617f804f4\msxml4-KB927978-enu.log Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc5\system.dlla Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\RECYCLER\S-1-5-18\Dc5\Update.exea Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\RECYCLER\S-1-5-18\Dc6\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-500\Dc7\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.z skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-500\Dc8\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.z skipped
C:\sfmgr\BRZLIC.TXT Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\ACEEvent.evt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\Perflib_Perfdata_578.dat Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Hi

There seems to be some stubborn files in temp internet files folder, so other tool is needed

Please download the Killbox.
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QR45CYER\deliver46860[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QR45CYER\FOYGq2JV9B[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\installer[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YN3D80DE\l11[1].exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder:

C:\!KillBox

Empty Recycle Bin

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report
 
Done:

HJT log:
--------
Logfile of HijackThis v1.99.1
Scan saved at 11:38:12 AM, on 2/19/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\sfmgr\sfmgr.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINNT\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKCU\..\Run: [procexp] C:\\scratch\\ProcessExplorer\\procexp.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135492471065
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A982D80-A98D-4F18-A575-F0EAD811944E}: NameServer = 68.87.85.98,68.87.69.146
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DriverStudio Remote Control - Unknown owner - C:\Program Files\Compuware\DriverStudio\Common\Bin\DSRSvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe


Kaspersky report:
-----------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 19, 2007 11:36:04 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/02/2007
Kaspersky Anti-Virus database records: 269774
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 131354
Number of viruses found: 4
Number of infected objects: 11 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:53:35

Infected Object Name / Virus Name / Last Action
C:\384d0e5f61380cea16\xpsp1hfm.exe Object is locked skipped
C:\b793dff83c4fd188961eb66121352682\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\Documents and Settings\Alec Henning\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\cert8.db Object is locked skipped
C:\Documents and Settings\Alec Henning\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\history.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\key3.db Object is locked skipped
C:\Documents and Settings\Alec Henning\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\parent.lock Object is locked skipped
C:\Documents and Settings\Alec Henning\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Application Data\Mozilla\Firefox\Profiles\q635vm9f.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\History\History.IE5\MSHist012007021220070219\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\History\History.IE5\MSHist012007021920070220\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Temp\hsperfdata_Alec Henning\336 Object is locked skipped
C:\Documents and Settings\Alec Henning\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alec Henning\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alec Henning\ntuser.dat.LOG Object is locked skipped
C:\ff629b69e3fcc57cc668f76617f804f4\msxml4-KB927978-enu.log Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc5\system.dlla Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\RECYCLER\S-1-5-18\Dc5\Update.exea Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\RECYCLER\S-1-5-18\Dc6\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-1000\Dc2.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-1000\Dc2.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-1000\Dc2.exe RarSFX: infected - 2 skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-1000\Dc2.exe PE_Patch.UPX: infected - 2 skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-500\Dc7\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.z skipped
C:\RECYCLER\S-1-5-21-507921405-854245398-552692515-500\Dc8\Update.exe Infected: not-a-virus:AdWare.Win32.Softomate.z skipped
C:\sfmgr\BRZLIC.TXT Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\ACEEvent.evt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
My computer's running fine now. The only thing that I could really notice before were the random popups from iexplorer and a few obscure processes that would attempt to start other processes.

I haven't seen any popups or wierd processes since the first round of fixes, plus the followup cleaning makes me glad to know my computer is pretty clean now.

Thanks a lot!
 
Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Go here and download and install JRE 6.0. Click the link that says Download JRE 6.0 . You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-6-windows-i586.exe to start the install. Once you have it installed, click Start>Run, type in appwiz.cpl and hit Enter. From the list, uninstall J2SE Runtime Environment 5.0 Update 9.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources


  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
 
Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top