Yeah! Vundofix[Resolved]

saw977ssaw977s
edited January 2007 in Spyware & Virus Removal
I've had a Christmas blessing today, in the results I've seen from Vundofix. I can especially tell by the absence of a "work offline" dialogue box that had been coming up at start-up, and which I had determined had to be connected to the virus. We had a lot less trouble when we didn't click on it. It seemed that Norton would detect an incident of the virus, in proportion to the number of times we'd click on that thing. Per the instructions for using Vundofix, I'm posting the contents of C:\vundofix.txt and a new HiJackThis log. Another thing I had noticed previously is an IE add-on by the name of the file urngva.dll, the same as what Vundofix had found. This add-on would re-enable itself on start-up, anytime I would disable it. It still shows up in the add-ons. The help so far is immensely appreciated, and any further help would be also. I've also ran CWshredder, Spybot, and Ad-aware today.

Thanks,
Scott Wood

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 7:04:01 PM 12/25/2006

Listing files found while scanning....

C:\WINDOWS\msagent\urngva.dll
C:\WINDOWS\msagent\avgnru.ini
C:\WINDOWS\msagent\avgnru.bak1
C:\WINDOWS\msagent\avgnru.bak2
C:\WINDOWS\msagent\avgnru.ini2
C:\WINDOWS\msagent\avgnru.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\msagent\urngva.dll
C:\WINDOWS\msagent\urngva.dll Has been deleted!

Attempting to delete C:\WINDOWS\msagent\avgnru.ini
C:\WINDOWS\msagent\avgnru.ini Has been deleted!

Attempting to delete C:\WINDOWS\msagent\avgnru.bak1
C:\WINDOWS\msagent\avgnru.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\msagent\avgnru.bak2
C:\WINDOWS\msagent\avgnru.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\msagent\avgnru.ini2
C:\WINDOWS\msagent\avgnru.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\msagent\avgnru.tmp
C:\WINDOWS\msagent\avgnru.tmp Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 8:13:59 PM, on 12/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Scott & Bonnie\Desktop\Cleaning tools\hijackthis_199\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=saw977s&login=d853e33018c3e5b902e294e1eb50122f/saw977s:netzero.net/1151639424/30/sss.6.39864/&ts=44a49f80&A=0&B=1141286400000&C=1141286400000&D=1142409600000&I=7.NHA&N=PLHS&O=A&UT=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8F47BCF0-170B-4DB9-B5F7-FDA1DB63113D} - C:\WINDOWS\msagent\urngva.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\SCOTT&~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

HJT Log-File Diminished By Rahina Rescue.

Comments

  • Rahina-RescueRahina-Rescue Finland
    edited December 2006
    Hi there!, and welcome to Short-Media Forums. I am sorry for the delay in getting to your post, we are very busy in the malware area.




    Open HijackThis and scan. When it finishes, put an X in the box next to these following item(s) and click fix checked.

    O2 - BHO: (no name) - {8F47BCF0-170B-4DB9-B5F7-FDA1DB63113D} - C:\WINDOWS\msagent\urngva.dll (file missing)




    Kaspersky On-line Scanner

    When you are prompted to install an ActiveX component from Kaspersky, Click Yes.

    The program will launch and then begin downloading the latest definition files
    When the files finish downloading click on NEXT
    Now click on Scan Settings
    In Scan Settings make sure that the following are selected:
    Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)

    Scan Options:

    Scan Archives
    Scan Mail Bases

    Click OK

    Now under select a target to scan:
    Select My Computer
    This program will start and scan your system.
    Online scan can take a long time to complete and the time is impacted by the speed of your internet connection. Be patient and let it run. It is best not to do anything else while the scan is running. This will help it to complete faster.
    When the scan has completed, it will display whether your system has been infected or not
    Click on the Save as Text button:
    Save the file to your desktop or another folder where you can locate it later.
    Attach this file to your next message With a fresh HJT-Log.
  • saw977ssaw977s
    edited December 2006
    Hi, thanks for your help. Here is the results of the Kaspersky scan and a fresh HJT Log.
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, December 26, 2006 11:25:38 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 27/12/2006
    Kaspersky Anti-Virus database records: 254450

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 49295
    Number of viruses found: 7
    Number of infected objects: 46 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:41:54

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12072006-123142.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-12-26_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Application Data\Microsoft\Business Contact Manager\MaryKayContacts.ldf Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Application Data\Microsoft\Business Contact Manager\MaryKayContacts.mdf Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F956C332-D812-457A-B35B-8EB86EF6C6B8} Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temp\djmusjgy.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temp\oxdsescs.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temp\Perflib_Perfdata_3a8.dat Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temp\Perflib_Perfdata_f58.dat Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temp\vitirvym.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temp\~DFA963.tmp Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temp\~DFA97D.tmp Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Scott & Bonnie\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\CallWave\Account5235647\IAM.exe.log Object is locked skipped
    C:\Program Files\CallWave\Account5235647\IAM.exe.stt Object is locked skipped
    C:\Program Files\CallWave\IAM.exe.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
    C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
    C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\Provblob.bin Object is locked skipped
    C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\Service.xml Object is locked skipped
    C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml Object is locked skipped
    C:\Program Files\NetZero\BootExceptions.log Object is locked skipped
    C:\Program Files\NetZero\ExecExceptions.log Object is locked skipped
    C:\Program Files\NetZero\IspDblog.txt Object is locked skipped
    C:\Program Files\NetZero\MainExceptions.log Object is locked skipped
    C:\Program Files\NetZero\qsacc\dblog.txt Object is locked skipped
    C:\Program Files\NetZero\qsacc\MainExceptions.log Object is locked skipped
    C:\Program Files\NetZero\qsacc\sdi.db Object is locked skipped
    C:\Program Files\NetZero\qsacc\sdi.lg Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\Savrt\0442NAV~.TMP Object is locked skipped
    C:\Program Files\Norton AntiVirus\Savrt\0878NAV~.TMP Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP16\A0001220.dll Infected: Trojan-Spy.Win32.Agent.ps skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP16\A0001221.dll Infected: Trojan.Win32.BHO.o skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP27\A0003377.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dq skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003416.dll Infected: Trojan.Win32.BHO.o skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003417.dll Infected: Trojan-Spy.Win32.Agent.ps skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003418.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003419.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003420.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003421.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003422.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003423.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003424.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003425.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003426.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003427.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003428.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003429.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003430.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003431.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003432.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003433.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003434.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003435.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003436.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003437.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003438.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003439.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003440.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003441.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003442.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003443.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003444.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003445.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003446.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003447.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003448.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003449.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003450.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003451.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003452.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\A0003453.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{62FB071F-7A35-4078-868D-4BCAF1684C50}\RP28\change.log Object is locked skipped
    C:\VundoFix Backups\urngva.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dq skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5141FCA7-2C1A-4686-902E-23C1AA8DBEDB}.crmlog Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000005-00000000-00000004-00001102-00000004-20061102}.CDF Object is locked skipped

    Scan process completed.


    Logfile of HijackThis v1.99.1
    Scan saved at 11:36:08 PM, on 12/26/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CallWave\IAM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\NetZero\exec.exe
    C:\Program Files\NetZero\qsacc\x1exec.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Scott & Bonnie\Desktop\Cleaning tools\hijackthis_199\Scanner.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=saw977s&login=d853e33018c3e5b902e294e1eb50122f/saw977s:netzero.net/1151639424/30/sss.6.39864/&ts=44a49f80&A=0&B=1141286400000&C=1141286400000&D=1142409600000&I=7.NHA&N=PLHS&O=A&UT=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;m.2mdn.net;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\SCOTT&~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E55BF344-CEC2-4ACB-9F56-0A4426805B84}: NameServer = 64.136.28.120 64.136.20.120
    O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - C:\WINDOWS\Downloaded Program Files\mimectl.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • Rahina-RescueRahina-Rescue Finland
    edited December 2006

    Empty This Folder: C:\VundoFix Backups


    Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure

    Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.

    Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

    Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.

    Use CCleaner
    It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space.

    Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.

    Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.

    Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.

    Keep your systen up-to-date
    Visit Windows Update regularly.

    Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.

    Safe surfing ;)
  • saw977ssaw977s
    edited December 2006
    Thanks a lot for your help and advice. I've downloaded anything you suggested, that I hadn't already. I also downloaded Comodo firewall, since it's been said that Windows firewall only does incoming.

    I get Norton Antivirus free with Netzero dial-up. Do you think that Norton is adequate? Do you think any of the free programs available are better than Norton. Do you think any of the free programs are as good as Kaspersky?

    Thanks again,
    Scott Wood
  • Rahina-RescueRahina-Rescue Finland
    edited December 2006
    Yep, Norton Antivirus Should protect you enough ;)
  • Rahina-RescueRahina-Rescue Finland
    edited January 2007
    Since this issue appears resolved, this Topic is closed, glad we could help :).

    If you need this topic reopened, please request this by sending the moderating team
    a PM, with the address of the thread. This applies only to the original topic starter.

    Everyone else please begin a New Topic.
Sign In or Register to comment.