Options
Need some help with trojans please!
I could really use some help from the experts on this one. I've got some pretty bad viruses so I'll start from the beginning.
It all seem to being when I downloaded open office a couple months ago. Ever since then I get one trojan virus after another. I was using Norton which would usually get rid of them but only in safe mode with the internet and system restore turned off. Norton eventually stopped working on them and my computer got really slow and I get all sort of error messages. For example, when I shut down my computer I get about 10 program not responding boxes some labeled explorer.exe. When I turn it on I get Error loading c:\windows\system32\drvxer.dll.
I have followed all the steps in the read here first before posting thread.
AVG is now picked up a trojan ever 10 minutes or so. I have scans from bit defender and panda active below as well as my hijack this logfile. I am running Windows XP Service Pack 2. If any more info is needed please let me know. Also if anyone has any tips with how to use the Outpost firewall that would help. I have no idea what to allow and what to block.
Thanks in advance for any help. It is greatly appreciated and admired as I have know idea what any of the stuff below is!
Stacey
Panda active scan:
Incident Status Location
Adware:Adware/Adservice Not disinfected C:\WINDOWS\system32\drvxer.dll
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{B4BDA73C-0577-1033-0812-050505060001}\Update.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\rqrqnnm.dll
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/dopewars Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.com.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.xiti.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[server.iad.liveperson.net/hc/2812568]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@stats1.reliablestats[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stacey\Desktop\Protection\SmitfraudFix\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Stacey\Desktop\Protection\SmitfraudFix\SmitfraudFix\swsc.exe
Possible Virus. Renamed C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{34BDA73C-0577-1033-0812-050505060001}\888.dll
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{34BDA73C-0577-1033-0812-050505060001}\Uninstall.exe
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\Update.exe
Potentially unwanted tool:Application/VirusBursters Not disinfected C:\Program Files\VirusBursters\VirusBursters.exe
Adware:Adware/Adservice Not disinfected C:\WINDOWS\system32\drvjom.dll
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\jkkkjhh.dll
*BitDefender Online Scanner* *Scan report generated at: Mon, Nov 20, 2006 - 19:10:46* * * *Scan path: *C:\;D:\; * * *Statistics* Time 01:21:55 Files 459409 Folders 5670 Boot Sectors 2 Archives 8722 Packed Files 56802 *Results* Identified Viruses 6 Infected Files 32 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 58 *Engines Info* Virus Definitions 317050 Engine build AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24) Scan plugins 13 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 *Scan Settings* First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes *Scanned File* * Status* C:\Documents and Settings\Stacey\Local Settings\Temp\temp.fr9D1D Infected with: Trojan.Downloader.Zlob.FC C:\Documents and Settings\Stacey\Local Settings\Temp\temp.fr9D1D Disinfection failed C:\Documents and Settings\Stacey\Local Settings\Temp\temp.fr9D1D Deleted C:\Program Files\Norton AntiVirus\Quarantine\0A673CBE.exe=>(Quarantine-2) Infected with: Trojan.Downloader.BKK C:\Program Files\Norton AntiVirus\Quarantine\0A673CBE.exe=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\0A673CBE.exe=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\0FDA01E5.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\0FDA01E5.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\0FDA01E5.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\16DE4BA5.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\Program Files\Norton AntiVirus\Quarantine\16DE4BA5.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\16DE4BA5.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\17330F48.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\Program Files\Norton AntiVirus\Quarantine\17330F48.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\17330F48.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\187B4EBB.dll=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\187B4EBB.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\187B4EBB.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\2920167F.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.ADC C:\Program Files\Norton AntiVirus\Quarantine\2920167F.exe=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\2920167F.exe=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\2C484B51.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\2C484B51.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\2C484B51.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\37DD105C.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\37DD105C.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\37DD105C.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\3830626D.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\3830626D.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\3830626D.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\38330C69.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\38330C69.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\38330C69.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\38B16B8D.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\38B16B8D.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\38B16B8D.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\42DE0E2B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001 Infected with: Trojan.Downloader.BKK C:\Program Files\Norton AntiVirus\Quarantine\42DE0E2B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001 Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\42DE0E2B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001 Deleted C:\Program Files\Norton AntiVirus\Quarantine\42DE0E2B.exe=>(Quarantine-2)=>(NSIS o) Update failed C:\Program Files\Norton AntiVirus\Quarantine\43B801D4.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\43B801D4.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\43B801D4.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\54925AA7.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\54925AA7.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\54925AA7.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\5B505DB1.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\5B505DB1.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\5B505DB1.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\623A114C.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\Program Files\Norton AntiVirus\Quarantine\623A114C.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\623A114C.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\66FE2A4C.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\66FE2A4C.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\66FE2A4C.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\72E90D8D.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\72E90D8D.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\72E90D8D.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\74407902.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\74407902.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\74407902.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\78335FFC.dll=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\78335FFC.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\78335FFC.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\7B986FED.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\7B986FED.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\7B986FED.tmp=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003277.exe=>(Quarantine-2) Infected with: Trojan.Downloader.BKK C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003277.exe=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003277.exe=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003278.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003278.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003278.dll=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003279.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003279.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003279.dll=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003280.dll=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003280.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003280.dll=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003281.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.ADC C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003281.exe=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003281.exe=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003282.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003282.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003282.dll=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003283.dll=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003283.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003283.dll=>(Quarantine-2) Deleted C:\WINDOWS\system32\ishost.exe_tobedeleted Infected with: Trojan.Downloader.Zlob.FC C:\WINDOWS\system32\ishost.exe_tobedeleted Disinfection failed C:\WINDOWS\system32\ishost.exe_tobedeleted Deleted C:\WINDOWS\system32\jkkkjhh.dll Infected with: Trojan.Vundo.G C:\WINDOWS\system32\jkkkjhh.dll Disinfection failed C:\WINDOWS\system32\jkkkjhh.dll Deleted C:\WINDOWS\system32\rqrqnnm.dll Infected with: Trojan.Vundo.G C:\WINDOWS\system32\rqrqnnm.dll Disinfection failed C:\WINDOWS\system32\rqrqnnm.dll Delete failed * * * *
Logfile of HijackThis v1.99.1
Scan saved at 11:50:52 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Stacey\Desktop\Protection\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
R3 - URLSearchHook: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
R3 - URLSearchHook: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {238D1225-D461-FD60-0412-020DAE6CC5AB} - C:\WINDOWS\system32\opnoeo.dll (file missing)
O2 - BHO: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {c3703265-4671-4858-92a4-cba6a7b3bb45} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {C9E7483B-F540-4B90-8ADA-4FE73B8D2F9C} - C:\WINDOWS\system32\qomlj.dll (file missing)
O2 - BHO: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\rqrqnnm.dll
O2 - BHO: (no name) - {D22221D7-FC21-47C2-8058-1DF941B8CFBB} - C:\WINDOWS\system32\bootmfc.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxer.dll,startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffg] C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159931310900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: qomlj - C:\WINDOWS\system32\qomlj.dll (file missing)
O20 - Winlogon Notify: rqrqnnm - C:\WINDOWS\SYSTEM32\rqrqnnm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windii32 - windii32.dll (file missing)
O21 - SSODL: Getcrypt - {EFAECD77-6447-4C00-96E3-E69897A84E8C} - C:\WINDOWS\system32\faxhtm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
It all seem to being when I downloaded open office a couple months ago. Ever since then I get one trojan virus after another. I was using Norton which would usually get rid of them but only in safe mode with the internet and system restore turned off. Norton eventually stopped working on them and my computer got really slow and I get all sort of error messages. For example, when I shut down my computer I get about 10 program not responding boxes some labeled explorer.exe. When I turn it on I get Error loading c:\windows\system32\drvxer.dll.
I have followed all the steps in the read here first before posting thread.
AVG is now picked up a trojan ever 10 minutes or so. I have scans from bit defender and panda active below as well as my hijack this logfile. I am running Windows XP Service Pack 2. If any more info is needed please let me know. Also if anyone has any tips with how to use the Outpost firewall that would help. I have no idea what to allow and what to block.
Thanks in advance for any help. It is greatly appreciated and admired as I have know idea what any of the stuff below is!
Stacey
Panda active scan:
Incident Status Location
Adware:Adware/Adservice Not disinfected C:\WINDOWS\system32\drvxer.dll
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{B4BDA73C-0577-1033-0812-050505060001}\Update.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\rqrqnnm.dll
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/dopewars Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.com.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.xiti.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[server.iad.liveperson.net/hc/2812568]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@stats1.reliablestats[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stacey\Desktop\Protection\SmitfraudFix\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Stacey\Desktop\Protection\SmitfraudFix\SmitfraudFix\swsc.exe
Possible Virus. Renamed C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{34BDA73C-0577-1033-0812-050505060001}\888.dll
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{34BDA73C-0577-1033-0812-050505060001}\Uninstall.exe
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\Update.exe
Potentially unwanted tool:Application/VirusBursters Not disinfected C:\Program Files\VirusBursters\VirusBursters.exe
Adware:Adware/Adservice Not disinfected C:\WINDOWS\system32\drvjom.dll
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\jkkkjhh.dll
*BitDefender Online Scanner* *Scan report generated at: Mon, Nov 20, 2006 - 19:10:46* * * *Scan path: *C:\;D:\; * * *Statistics* Time 01:21:55 Files 459409 Folders 5670 Boot Sectors 2 Archives 8722 Packed Files 56802 *Results* Identified Viruses 6 Infected Files 32 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 58 *Engines Info* Virus Definitions 317050 Engine build AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24) Scan plugins 13 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 *Scan Settings* First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes *Scanned File* * Status* C:\Documents and Settings\Stacey\Local Settings\Temp\temp.fr9D1D Infected with: Trojan.Downloader.Zlob.FC C:\Documents and Settings\Stacey\Local Settings\Temp\temp.fr9D1D Disinfection failed C:\Documents and Settings\Stacey\Local Settings\Temp\temp.fr9D1D Deleted C:\Program Files\Norton AntiVirus\Quarantine\0A673CBE.exe=>(Quarantine-2) Infected with: Trojan.Downloader.BKK C:\Program Files\Norton AntiVirus\Quarantine\0A673CBE.exe=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\0A673CBE.exe=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\0FDA01E5.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\0FDA01E5.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\0FDA01E5.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\16DE4BA5.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\Program Files\Norton AntiVirus\Quarantine\16DE4BA5.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\16DE4BA5.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\17330F48.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\Program Files\Norton AntiVirus\Quarantine\17330F48.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\17330F48.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\187B4EBB.dll=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\187B4EBB.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\187B4EBB.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\2920167F.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.ADC C:\Program Files\Norton AntiVirus\Quarantine\2920167F.exe=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\2920167F.exe=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\2C484B51.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\2C484B51.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\2C484B51.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\37DD105C.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\37DD105C.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\37DD105C.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\3830626D.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\3830626D.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\3830626D.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\38330C69.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\38330C69.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\38330C69.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\38B16B8D.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\38B16B8D.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\38B16B8D.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\42DE0E2B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001 Infected with: Trojan.Downloader.BKK C:\Program Files\Norton AntiVirus\Quarantine\42DE0E2B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001 Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\42DE0E2B.exe=>(Quarantine-2)=>(NSIS o)=>zlib_nsis0001 Deleted C:\Program Files\Norton AntiVirus\Quarantine\42DE0E2B.exe=>(Quarantine-2)=>(NSIS o) Update failed C:\Program Files\Norton AntiVirus\Quarantine\43B801D4.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\43B801D4.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\43B801D4.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\54925AA7.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\54925AA7.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\54925AA7.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\5B505DB1.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\5B505DB1.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\5B505DB1.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\623A114C.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\Program Files\Norton AntiVirus\Quarantine\623A114C.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\623A114C.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\66FE2A4C.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\66FE2A4C.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\66FE2A4C.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\72E90D8D.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\72E90D8D.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\72E90D8D.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\74407902.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\74407902.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\74407902.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\78335FFC.dll=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\78335FFC.dll=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\78335FFC.dll=>(Quarantine-2) Deleted C:\Program Files\Norton AntiVirus\Quarantine\7B986FED.tmp=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\Program Files\Norton AntiVirus\Quarantine\7B986FED.tmp=>(Quarantine-2) Disinfection failed C:\Program Files\Norton AntiVirus\Quarantine\7B986FED.tmp=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003277.exe=>(Quarantine-2) Infected with: Trojan.Downloader.BKK C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003277.exe=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003277.exe=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003278.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003278.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003278.dll=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003279.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003279.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003279.dll=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003280.dll=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003280.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003280.dll=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003281.exe=>(Quarantine-2) Infected with: Trojan.Downloader.Zlob.ADC C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003281.exe=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003281.exe=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003282.dll=>(Quarantine-2) Infected with: Trojan.BHO.G C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003282.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003282.dll=>(Quarantine-2) Deleted C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003283.dll=>(Quarantine-2) Infected with: Trojan.Agent.AAE C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003283.dll=>(Quarantine-2) Disinfection failed C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003283.dll=>(Quarantine-2) Deleted C:\WINDOWS\system32\ishost.exe_tobedeleted Infected with: Trojan.Downloader.Zlob.FC C:\WINDOWS\system32\ishost.exe_tobedeleted Disinfection failed C:\WINDOWS\system32\ishost.exe_tobedeleted Deleted C:\WINDOWS\system32\jkkkjhh.dll Infected with: Trojan.Vundo.G C:\WINDOWS\system32\jkkkjhh.dll Disinfection failed C:\WINDOWS\system32\jkkkjhh.dll Deleted C:\WINDOWS\system32\rqrqnnm.dll Infected with: Trojan.Vundo.G C:\WINDOWS\system32\rqrqnnm.dll Disinfection failed C:\WINDOWS\system32\rqrqnnm.dll Delete failed * * * *
Logfile of HijackThis v1.99.1
Scan saved at 11:50:52 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Stacey\Desktop\Protection\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
R3 - URLSearchHook: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
R3 - URLSearchHook: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {238D1225-D461-FD60-0412-020DAE6CC5AB} - C:\WINDOWS\system32\opnoeo.dll (file missing)
O2 - BHO: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {c3703265-4671-4858-92a4-cba6a7b3bb45} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {C9E7483B-F540-4B90-8ADA-4FE73B8D2F9C} - C:\WINDOWS\system32\qomlj.dll (file missing)
O2 - BHO: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\rqrqnnm.dll
O2 - BHO: (no name) - {D22221D7-FC21-47C2-8058-1DF941B8CFBB} - C:\WINDOWS\system32\bootmfc.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxer.dll,startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffg] C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159931310900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: qomlj - C:\WINDOWS\system32\qomlj.dll (file missing)
O20 - Winlogon Notify: rqrqnnm - C:\WINDOWS\SYSTEM32\rqrqnnm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windii32 - windii32.dll (file missing)
O21 - SSODL: Getcrypt - {EFAECD77-6447-4C00-96E3-E69897A84E8C} - C:\WINDOWS\system32\faxhtm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Comments
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
Next download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please download Ad-Aware SE and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the gold Gear wheel at the top) as follows:
- General Button > Safety: Check (Green) all three.
- Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.3) To start the scan, Click > "Scan Now" at left
- Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
- Select "Search for low-risk threats"
- Select "Perform full system scan"
- Click Next
4) When the scan has completed, select Next.Open Norton and clear the quarantined items. Please now post a new HijackThis log, the contents of C:\vundofix.txt as well as a new Panda ActiveScan log. Thanks.
And my answer is: Yes, delete the Norton back-ups so that the anti-virus does not detect it.
My new hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 8:36:47 PM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stacey\Desktop\Protection\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
R3 - URLSearchHook: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
R3 - URLSearchHook: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\ejrrbogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {238D1225-D461-FD60-0412-020DAE6CC5AB} - C:\WINDOWS\system32\opnoeo.dll (file missing)
O2 - BHO: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7118B177-8B71-4BE1-9AAA-D0876D1EE2C9} - C:\WINDOWS\system32\cabms.dll
O2 - BHO: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {c3703265-4671-4858-92a4-cba6a7b3bb45} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {C9E7483B-F540-4B90-8ADA-4FE73B8D2F9C} - C:\WINDOWS\system32\qomlj.dll (file missing)
O2 - BHO: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O2 - BHO: (no name) - {CB91EFFF-8798-4DC6-936D-F6F88442D1F1} - C:\WINDOWS\system32\wvwxy.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxer.dll,startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffg] C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159931310900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: qomlj - C:\WINDOWS\system32\qomlj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windii32 - windii32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: Mapme - {A795E9CE-7A46-4F08-AED3-9C00611B7758} - C:\WINDOWS\system32\modsock.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I am running the new panda scan and will post as soon as it is complete. Thanks again!
Incident Status Location
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\System.dll
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\Update.exe
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/dopewars Not disinfected Windows Registry
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.go.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.target.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@mediaplex[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@searchportal.information[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@stats1.reliablestats[2].txt
Possible Virus. Not disinfected C:\Documents and Settings\Stacey\Local Settings\Temporary Internet Files\Content.IE5\0959OXQK\ff3[1]
Possible Virus. Not disinfected C:\VundoFix Backups\wvwxy.dll.bad
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\rqrqnnm.dll
=========================================================
Meanwhile, download Avenger from here:
http://swandog46.geekstogo.com/
Open the program. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:
and click 'Done'
Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.
Post the Avenger output.txt, which you can find at C:\Avenger\.txt.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ovkoioyt
*******************
Script file located at: \??\C:\Program Files\tosjydya.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\System.dll deleted successfully.
File C:\Program Files\Common Files\{B4BDA73C-0578-1033-0812-050505060001}\Update.exe deleted successfully.
File c:\windows\system32\ot.ico deleted successfully.
File C:\WINDOWS\system32\rqrqnnm.dll deleted successfully.
Completed script processing.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 4:58:52 PM 11/21/2006
Listing files found while scanning....
C:\WINDOWS\system32\jlmoq.ini
C:\WINDOWS\system32\jlmoq.bak1
C:\WINDOWS\system32\jlmoq.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jlmoq.ini
C:\WINDOWS\system32\jlmoq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlmoq.bak1
C:\WINDOWS\system32\jlmoq.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlmoq.bak2
C:\WINDOWS\system32\jlmoq.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 5:06:33 PM 11/21/2006
Listing files found while scanning....
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 6:47:46 PM 11/21/2006
Listing files found while scanning....
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 8:30:34 PM 11/24/2006
Listing files found while scanning....
C:\WINDOWS\system32\wvwxy.dll
C:\WINDOWS\system32\yxwvw.ini
C:\WINDOWS\system32\yxwvw.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\system32\wvwxy.dll
C:\WINDOWS\system32\wvwxy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yxwvw.ini
C:\WINDOWS\system32\yxwvw.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\yxwvw.bak1
C:\WINDOWS\system32\yxwvw.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 8:33:00 PM 11/24/2006
Listing files found while scanning....
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.2
Scan started at 1:41:00 AM 11/25/2006
Listing files found while scanning....
Beginning removal...
Performing Repairs to the registry.
Done!
*******************
Finished! Terminate.
http://www.majorgeeks.com/download4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
Select the following:
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit.
Now run another Panda ActiveScan scan and post the new log in your next reply. We'll take it from there.
Incident Status Location
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Stacey\Favorites\Antivirus Test Online.url
Adware:adware/dopewars Not disinfected Windows Registry
Adware:Adware/Yazzle Not disinfected C:\avenger\backup.zip[avenger/rqrqnnm.dll]
Adware:Adware/ActiveSearch Not disinfected C:\avenger\backup.zip[avenger/System.dll]
Adware:Adware/Mytoolbar Not disinfected C:\avenger\backup.zip[avenger/Update.exe]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@mediaplex[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@searchportal.information[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@stats1.reliablestats[2].txt
Possible Virus. Not disinfected C:\VundoFix Backups\wvwxy.dll.bad
Dear skosha,
chiawaikian has just replied to a thread you have subscribed to entitled - Need some help with trojans please! - in the Spyware & Virus Removal forum of Short-Media Forums.
This thread is located at:
http://www.short-media.com/forum/showthread.php?t=51988&goto=newpost
Here is the message that has just been posted:
***************
Ok, let's get things simpler and easier to fix before I actually start.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please download Ad-Aware SE (http://www.short-media.com/download.php?d=301) and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the gold Gear wheel at the top) as follows:
General Button > Safety: Check (Green) all three.
Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.
3) To start the scan, Click > "Scan Now" at left
Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
Select "Search for low-risk threats"
Select "Perform full system scan"
Click Next
4) When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects"
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.
Please now post a new HijackThis log, as well as a new Panda ActiveScan log. Thanks.
***************
Open Avenger again. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:
and click 'Done'
Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.
Run AFT Cleaner, then rescan one last time with Panda ActiveScan and post the log in your next reply.
Incident Status Location
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Stacey\Favorites\Antivirus Test Online.url
Adware:adware/dopewars Not disinfected Windows Registry
Adware:Adware/Yazzle Not disinfected C:\avenger\backup-Wed 11.29.2006- 9.55.42.35.zip[avenger/rqrqnnm.dll]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.adrevolver.com/]
Potentially unwanted tool:Application/VirusBursters Not disinfected C:\Program Files\VirusBursters\VirusBursters.exe
Possible Virus. Not disinfected C:\VundoFix Backups\wvwxy.dll.bad
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tyatajyd
*******************
Script file located at: cblribsu
Could not open script file! Error
Could not open script file! Status: 0xc000003b Abort!
C:\Documents and Settings\Stacey\Favorites\Antivirus Test Online.url
C:\avenger\backup.zip
Then rescan with Panda ActiveScan if the deletes work.
Incident Status Location
Adware:adware/dopewars Not disinfected Windows Registry
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.adrevolver.com/]
Potentially unwanted tool:Application/VirusBursters Not disinfected C:\Program Files\VirusBursters\VirusBursters.exe
Possible Virus. Not disinfected C:\VundoFix Backups\wvwxy.dll.bad
thanks!!!!
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Scan done at 12:53:01.92, Sat 12/02/2006
Run from C:\Documents and Settings\Stacey\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Stacey
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Stacey\Application Data
C:\Documents and Settings\Stacey\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusBursters 6.2.lnk FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\VirusBursters\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"DllName"="C:\\WINDOWS\\system32\\qomlj.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
thanks!!
Adware:adware/dopewars Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.peel.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stacey\Cookies\stacey@ad.yieldmanager[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stacey\Desktop\Protection\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-3715524540-779128601-1213603447-1006\Dc7\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-3715524540-779128601-1213603447-1006\Dc8.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\VundoFix Backups\wvwxy.dll.bad
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
thanks!
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Once in Safe Mode:Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode please post back the AVG log and new HJT logIMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Stacey
AVG Anti-Spyware - Scan Report
+ Created at: 12:41:24 PM 12/10/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{c3703265-4671-4858-92a4-cba6a7b3bb45} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3703265-4671-4858-92a4-cba6a7b3bb45} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3715524540-779128601-1213603447-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3703265-4671-4858-92A4-CBA6A7B3BB45} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP10\A0009600.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP10\A0009601.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP1\A0001032.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP9\A0008487.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP9\A0008488.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP9\A0008489.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP10\A0009599.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP6\A0003284.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP20\A0017913.exe -> Adware.VirusBurst.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP2\A0002086.exe -> Downloader.Zlob.azj : Cleaned with backup (quarantined).
C:\Documents and Settings\Stacey\Cookies\stacey@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.127:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.150:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.213:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.50:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.212:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.176:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.57:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.118:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.119:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.120:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.121:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.122:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.241:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.250:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Stacey\Cookies\stacey@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.162:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.265:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.186:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.187:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.188:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.189:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Stacey\Cookies\stacey@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.44:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Stacey\Cookies\stacey@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.140:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.141:C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{9CD43D5B-365E-499F-81F9-D1838D59E545}\RP4\A0002191.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnsintit.exe -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 12:50:43 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Stacey\Desktop\Protection\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
R3 - URLSearchHook: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
R3 - URLSearchHook: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\ejrrbogg.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {238D1225-D461-FD60-0412-020DAE6CC5AB} - C:\WINDOWS\system32\opnoeo.dll (file missing)
O2 - BHO: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7118B177-8B71-4BE1-9AAA-D0876D1EE2C9} - C:\WINDOWS\system32\cabms.dll
O2 - BHO: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C9E7483B-F540-4B90-8ADA-4FE73B8D2F9C} - C:\WINDOWS\system32\qomlj.dll (file missing)
O2 - BHO: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O2 - BHO: (no name) - {CB91EFFF-8798-4DC6-936D-F6F88442D1F1} - C:\WINDOWS\system32\wvwxy.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxer.dll,startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffg] C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159931310900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: qomlj - C:\WINDOWS\system32\qomlj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windii32 - windii32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: Mapme - {A795E9CE-7A46-4F08-AED3-9C00611B7758} - C:\WINDOWS\system32\modsock.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
SmitFraudFix v2.126
Scan done at 18:47:11.85, Mon 12/11/2006
Run from C:\Documents and Settings\Stacey\Desktop\Protection\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 6:54:38 PM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Stacey\Desktop\Protection\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
R3 - URLSearchHook: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
R3 - URLSearchHook: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\ejrrbogg.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {238D1225-D461-FD60-0412-020DAE6CC5AB} - C:\WINDOWS\system32\opnoeo.dll (file missing)
O2 - BHO: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7118B177-8B71-4BE1-9AAA-D0876D1EE2C9} - C:\WINDOWS\system32\cabms.dll
O2 - BHO: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C9E7483B-F540-4B90-8ADA-4FE73B8D2F9C} - C:\WINDOWS\system32\qomlj.dll (file missing)
O2 - BHO: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O2 - BHO: (no name) - {CB91EFFF-8798-4DC6-936D-F6F88442D1F1} - C:\WINDOWS\system32\wvwxy.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffg] C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159931310900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: qomlj - C:\WINDOWS\system32\qomlj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windii32 - windii32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: Mapme - {A795E9CE-7A46-4F08-AED3-9C00611B7758} - C:\WINDOWS\system32\modsock.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
R3 - URLSearchHook: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
R3 - URLSearchHook: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\ejrrbogg.dll (file missing)
O2 - BHO: (no name) - {238D1225-D461-FD60-0412-020DAE6CC5AB} - C:\WINDOWS\system32\opnoeo.dll (file missing)
O2 - BHO: (no name) - {4A4C9166-50D6-2755-DEA8-70B5E9B6DCBD} - C:\WINDOWS\system32\lmjuyq.dll (file missing
O2 - BHO: (no name) - {7118B177-8B71-4BE1-9AAA-D0876D1EE2C9} - C:\WINDOWS\system32\cabms.dll
O2 - BHO: (no name) - {A5124F3E-8CDC-A45A-DEA8-A028E0263BBA} - C:\WINDOWS\system32\tcfbqvv.dll (file missing)
O2 - BHO: (no name) - {C9E7483B-F540-4B90-8ADA-4FE73B8D2F9C} - C:\WINDOWS\system32\qomlj.dll (file missing)
O2 - BHO: (no name) - {CA0971CC-B92B-CBAA-7BE2-C49EFA3157EF} - C:\WINDOWS\system32\rvqjmk.dll (file missing)
O2 - BHO: (no name) - {CB91EFFF-8798-4DC6-936D-F6F88442D1F1} - C:\WINDOWS\system32\wvwxy.dll (file missing)
O20 - Winlogon Notify: windii32 - windii32.dll (file missing) now close ALL open windows except HJT and click fix checked, reboot Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK then run the following scan->Perform an online scan with Internet Explorer with Panda ActiveScan
- Click on
located at the bottom of the page.
- A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on
then click 
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.* Turn off the real time scanner of any existing antivirus program while performing the online scan
Paste the Panda Scan report here together with a new HiJack This log.
Stacey
Panda Active Scan:
Incident Status Location
Adware:adware/dopewars Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.com.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Stacey\Application Data\Mozilla\Firefox\Profiles\hpett6ta.default\cookies.txt[.peel.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stacey\Desktop\Protection\SmitfraudFix\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\VundoFix Backups\wvwxy.dll.bad
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:04:12 PM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Stacey\Desktop\Protection\hijackthis\HijackThis.exe
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffg] C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159931310900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: qomlj - C:\WINDOWS\system32\qomlj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: Mapme - {A795E9CE-7A46-4F08-AED3-9C00611B7758} - C:\WINDOWS\system32\modsock.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I would need to see a new HijackThis log.
Also, I need to see another log from HijackThis.
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Agnitum Outpost Firewall 1.0
AIM Gadgets 2.8
ALPS Touch Pad Driver
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Software Suite
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
BitLord 1.1
ccCommon
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Channel Master
DivX Player
DVD-RAM Driver
Google Video Player
HijackThis 1.99.1
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Internet Worm Protection
InterVideo WinDVD for TOSHIBA
iVocalize Web Conference 4
J2SE Runtime Environment 5.0 Update 2
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Calculator Plus
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Reader
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Works
Mozilla Firefox (1.5.0.8)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero 7 Ultra Edition
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
Pure Networks Port Magic
Quicken 2005
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Burn Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sonic DLA
SPBBC
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Symantec
Symantec Script Blocking Installer
SymNet
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URGE
Viewpoint Media Player
WinAce Archiver 2.0
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Logfile of HijackThis v1.99.1
Scan saved at 8:39:16 PM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Stacey\Desktop\Protection\hijackthis\HijackThis.exe
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ffg] C:\Documents and Settings\Stacey\My Documents\?ssembly\r?gedit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159931310900
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: qomlj - C:\WINDOWS\system32\qomlj.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: Mapme - {A795E9CE-7A46-4F08-AED3-9C00611B7758} - C:\WINDOWS\system32\modsock.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Pantech&Curitel Utility Service - Unknown owner - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thanks for the help!!
Stacey
You have both AVG anti-virus and Norton anti-virus. This is not a good idea as multiple anti-virus programs can conflict. You need to uninstall one of them through Add/Remove programs.
________________________________
Download and run the OiUninstaller
http://www.outerinfo.com/OiUninstaller.exe
Tutorial for the uninstaller if needed
________________________________
Reboot your computer!
Post a new HijackThis log, along with a new Uninstall list please.