Can't Remove Vundo

unju · August 2007

I followed the steps before posting this thread. I've tried everythign, I had Symantec AV installed, I've searched online and ran fixvundo, and the symantec vundo removers. I also ran trendmicro AV online. Everytime I run spybot search and destroy vundomonde keeps showing up.

THis is my first time posting in this forum, any help would be greatly appreciated.

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 4:09:25 AM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Virtual Villagers - The Lost Children\Virtual Villagers - The Lost Children.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {75f9b5f7-68ab-4610-ad04-b42b431499a3} - C:\WINDOWS\system32\LXBla2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmpDA9.tmp.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA5126] command /c del "C:\WINDOWS\system32\LXBla2.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9894] cmd /c del "C:\WINDOWS\system32\LXBla2.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\system32\vtuttsq.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LXBla2 - C:\WINDOWS\SYSTEM32\LXBla2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Panda Log

Incident Status Location
Virus:W32/ZlFake.A Disinfected Operating system
Virus:Trj/DNSChanger.XB Disinfected Operating system
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Angie Cheung\Cookies\angie [email]cheung@247realmedia[1].txt[/email]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Angie Cheung\Cookies\angie [email]cheung@atdmt[2].txt[/email]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Angie Cheung\Cookies\angie [email]cheung@com[1].txt[/email]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Angie Cheung\Cookies\angie [email]cheung@doubleclick[1].txt[/email]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Angie Cheung\Cookies\angie [email]cheung@statcounter[2].txt[/email]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Angie Cheung\Cookies\angie [email]cheung@zedo[1].txt[/email]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Angie Cheung\Local Settings\Temp\nsh5.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Angie Cheung\Local Settings\Temp\nsj5.tmp
Virus:W32/ZlFake.A Disinfected C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Virus:W32/ZlFake.A Disinfected C:\Program Files\Symantec AntiVirus\VPTray.exe
Virus:Trj/DNSChanger.XB Disinfected C:\VundoFix Backups\awvvvts.dll.bad
Virus:Trj/DNSChanger.XB Disinfected C:\VundoFix Backups\jkhheec.dll.bad
Virus:Trj/DNSChanger.XB Disinfected C:\VundoFix Backups\jkkjkih.dll.bad
Virus:Trj/DNSChanger.XB Disinfected C:\VundoFix Backups\mllmnmm.dll.bad
Virus:Trj/DNSChanger.XB Disinfected C:\VundoFix Backups\ssttuus.dll.bad
Virus:Trj/DNSChanger.XB Disinfected C:\VundoFix Backups\vturqpo.dll.bad
Virus:Trj/DNSChanger.XB Disinfected C:\VundoFix Backups\vtuttsq.dll.bad
Virus:W32/ZlFake.A.drp Disinfected C:\WINDOWS\system32\8L7FEeDQ.exe
Virus:Trj/DNSChanger.XB Disinfected C:\WINDOWS\system32\mljggfd.dll
Virus:Trj/DNSChanger.XB Disinfected C:\WINDOWS\system32\ssqpmjh.dll
Virus:Trj/DNSChanger.XB Disinfected C:\WINDOWS\system32\vtsttut.dll
Virus:Trj/DNSChanger.XB Disinfected C:\WINDOWS\system32\vtuttsq.dll

Kaspersky Log

KASPERSKY ONLINE SCANNER REPORT Thursday, August 09, 2007 4:04:30 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 9/08/2007
Kaspersky Anti-Virus database records: 377384
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerC:\
D:\
E:\ Scan StatisticsTotal number of scanned objects47010Number of viruses found4Number of infected objects14Number of suspicious objects0Duration of the scan process01:53:29
Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\4BC1BEEB.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\B6AA6CE7.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09CC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C800000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C800001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F280000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped C:\Documents and Settings\Angie Cheung\Application Data\Azureus\ipfilter.cache Object is locked skipped C:\Documents and Settings\Angie Cheung\Application Data\Azureus\tmp\AZU14222.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Application Data\Azureus\tmp\AZU14223.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Application Data\Azureus\tmp\AZU14224.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Application Data\Azureus\tmp\AZU14225.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Application Data\Azureus\tmp\AZU14226.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Application Data\Azureus\tmp\AZU14227.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Application Data\tmp17.tmp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped C:\Documents and Settings\Angie Cheung\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Messenger\angieccheung@gmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Messenger\angieccheung@gmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Messenger\angieccheung@gmail.com\SharingMetadata\Working\database_F22C_6CA6_2C6C_6815\dfsr.db Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Messenger\angieccheung@gmail.com\SharingMetadata\Working\database_F22C_6CA6_2C6C_6815\fsr.log Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Messenger\angieccheung@gmail.com\SharingMetadata\Working\database_F22C_6CA6_2C6C_6815\fsrtmp.log Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Messenger\angieccheung@gmail.com\SharingMetadata\Working\database_F22C_6CA6_2C6C_6815\tmp.edb Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Windows Live Contacts\angieccheung@gmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Application Data\Microsoft\Windows Live Contacts\angieccheung@gmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Temp\fla2FD.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Temp\hsperfdata_Angie Cheung\7832 Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Temp\~DF2B89.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Temp\~DF2D9B.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Temp\~DF87C7.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Temp\~DF87DB.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Temp\~DFE9C4.tmp Object is locked skipped C:\Documents and Settings\Angie Cheung\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Angie Cheung\My Documents\LDW\Virtual Villagers - The Lost Children\ldwLog.txt Object is locked skipped C:\Documents and Settings\Angie Cheung\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Angie Cheung\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Symantec AntiVirus\VPTray.exe Infected: Virus.Win32.Agent.ab skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\c_1ntr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\jkhfeba.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped C:\WINDOWS\system32\mljggfd.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped C:\WINDOWS\system32\ssqpmjh.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped C:\WINDOWS\system32\vtsqqon.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped C:\WINDOWS\system32\vtuttsq.dll Infected: Trojan-Downloader.Win32.ConHook.bg skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Baabiouz · August 2007

Hi!

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

unju · August 2007

Thanks for your help, I've ran combofix the events are below.

ComboFix 07-08-09.3 - "Angie Cheung" 2007-08-09 10:40:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.506 [GMT -4:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp17.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp18.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp3.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp305.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp309.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp69.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp72.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp76.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmp9.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmpDA8.tmp.exe
C:\DOCUME~1\ANGIEC~1\APPLIC~1\tmpDA9.tmp.exe
C:\WINDOWS\system32\dn2c6c6815.dat
C:\WINDOWS\system32\LXBla2.dll
C:\WINDOWS\system32\tmp18.tmp.dll
C:\WINDOWS\system32\tmp309.tmp.dll
C:\WINDOWS\system32\tmp9.tmp.dll
C:\WINDOWS\system32\vtutt.exe

((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))

2007-08-09 10:32 51,200 --a

C:\WINDOWS\nircmd.exe
2007-08-09 04:26 10,872 --a

C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-09 02:06 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-08-09 02:04 <DIR> d

C:\Program Files\BFG
2007-08-09 01:47 <DIR> d

C:\WINDOWS\system32\Kaspersky Lab
2007-08-09 01:47 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-08 18:41 <DIR> d-a

C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-08 18:41 <DIR> d

C:\Program Files\Virtual Villagers - The Lost Children
2007-08-08 18:38 <DIR> d

C:\Program Files\bfgclient
2007-08-08 18:38 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-08-08 18:13 <DIR> d

C:\WINDOWS\system32\ActiveScan
2007-08-08 11:37 <DIR> d

C:\Program Files\Lavasoft
2007-08-08 11:37 <DIR> d

C:\Program Files\Common Files\Wise Installation Wizard
2007-08-08 11:37 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-08 02:01 8,004 --a

C:\dnsbak.reg
2007-08-06 12:45 <DIR> d

C:\DOCUME~1\ANGIEC~1\.housecall6.6
2007-08-06 12:30 <DIR> d

C:\VundoFix Backups
2007-08-06 11:18 <DIR> d

C:\WINDOWS\CSC
2007-08-06 10:34 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-05 12:27 92,730 --a

C:\WINDOWS\system32\c_1ntr.dll.vir
2007-08-03 11:13 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-08-03 11:07 <DIR> d

C:\Program Files\Common Files\LightScribe
2007-08-03 08:36 <DIR> d

C:\DOCUME~1\ANGIEC~1\APPLIC~1\Ahead
2007-08-03 08:34 <DIR> d

C:\Program Files\Nero
2007-08-03 08:34 <DIR> d

C:\Program Files\Common Files\Ahead
2007-08-02 13:21 <DIR> d

C:\Program Files\PartyGaming
2007-08-01 02:51 <DIR> d

C:\Program Files\DivX
2007-07-26 20:28 <DIR> d

C:\DOCUME~1\ANGIEC~1\APPLIC~1\vlc
2007-07-26 20:25 <DIR> d

C:\Program Files\VideoLAN
2007-07-26 19:06 200,704 --a

C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06 1,044,480 --a

C:\WINDOWS\system32\libdivx.dll
2007-07-24 20:48 134,136 --a

C:\WINDOWS\ColorPic Uninstaller.exe
2007-07-24 20:48 <DIR> d

C:\Program Files\ColorPic 4.1
2007-07-24 20:29 <DIR> d

C:\Program Files\Common Files\Research In Motion
2007-07-24 10:47 <DIR> d

C:\DOCUME~1\ANGIEC~1\APPLIC~1\WinRAR
2007-07-24 10:15 <DIR> d

C:\Program Files\Trillian
2007-07-17 22:48 <DIR> d

C:\Program Files\Common Files\SolidWorks Shared
2007-07-17 22:48 <DIR> d

C:\Program Files\Common Files\eDrawings2007
2007-07-17 19:18 221,184 --a

C:\WINDOWS\system32\wmpns.dll
2007-07-16 11:16 <DIR> d

C:\Program Files\RemoteCalendars
2007-07-16 11:16 <DIR> d

C:\DOCUME~1\ANGIEC~1\APPLIC~1\RemoteCalendars
2007-07-16 11:15 <DIR> d

C:\Program Files\Microsoft.NET
2007-07-15 23:35 <DIR> d

C:\WINDOWS\system32\appmgmt
2007-07-15 15:59 <DIR> d

C:\DOCUME~1\ANGIEC~1\Contacts
2007-07-13 11:55 <DIR> d

C:\Program Files\MSN Messenger
2007-07-12 19:19 247,808 --a

C:\WINDOWS\system32\npscan.dll
2007-07-12 19:13 <DIR> d

C:\Program Files\NCsoft
2007-07-12 19:12 <DIR> d

C:\DOCUME~1\ANGIEC~1\APPLIC~1\InstallShield
2007-07-12 18:48 <DIR> d

C:\Program Files\Webteh
2007-07-12 16:36 983,101 --a

C:\WINDOWS\system32\LXBKGF.DLL
2007-07-12 16:36 90,112 --a

C:\WINDOWS\system32\LXBKCUR.DLL
2007-07-12 16:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-07-12 16:36 87,040 --a

C:\WINDOWS\system32\wiafbdrv.dll
2007-07-12 16:36 86,016 --a

C:\WINDOWS\system32\LXBKIH.EXE
2007-07-12 16:36 77,824 --a

C:\WINDOWS\system32\LXBKLCNP.DLL
2007-07-12 16:36 73,728 --a

C:\WINDOWS\system32\lxbkpwr.dll
2007-07-12 16:36 69,632 --a

C:\WINDOWS\system32\lxbkscin.dll
2007-07-12 16:36 69,632 --a

C:\WINDOWS\system32\LXBKCU.DLL
2007-07-12 16:36 57,344 --a

C:\WINDOWS\system32\lxbkcinf.dll
2007-07-12 16:36 544,768 --a

C:\WINDOWS\system32\LXBKLSNT.EXE
2007-07-12 16:36 49,152 --a

C:\WINDOWS\system32\lxbkcoin.dll
2007-07-12 16:36 454,656 --a

C:\WINDOWS\system32\LXBKJSWR.DLL
2007-07-12 16:36 40,960 --a

C:\WINDOWS\system32\lxbkvs.dll
2007-07-12 16:36 40,960 --a

C:\WINDOWS\system32\INSTMON.EXE
2007-07-12 16:36 352,256 --a

C:\WINDOWS\system32\LXBKUTIL.DLL
2007-07-12 16:36 303,104 --a

C:\WINDOWS\system32\LEXBCES.EXE
2007-07-12 16:36 286,720 --a

C:\WINDOWS\system32\LXBKPMNT.DLL
2007-07-12 16:36 286,720 --a

C:\WINDOWS\system32\lxbkcomm.dll
2007-07-12 16:36 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-07-12 16:36 25,856 --a

C:\WINDOWS\system32\drivers\usbprint.sys
2007-07-12 16:36 217,088 --a

C:\WINDOWS\system32\LXBKLCNT.DLL
2007-07-12 16:36 201,216 --a

C:\WINDOWS\system32\LEXP2P32.DLL
2007-07-12 16:36 196,096 --a

C:\WINDOWS\system32\LEX2KUSB.DLL
2007-07-12 16:36 192,512 --a

C:\WINDOWS\system32\LEXLMPM.DLL
2007-07-12 16:36 174,592 --a

C:\WINDOWS\system32\LEXPPS.EXE
2007-07-12 16:36 155,648 --a

C:\WINDOWS\system32\LEXPING.EXE
2007-07-12 16:36 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-12 16:36 15,104 --a

C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-12 16:36 147,456 --a

C:\WINDOWS\system32\LEXBCE.DLL
2007-07-12 16:36 126,976 --a

C:\WINDOWS\system32\LXBKCFG.EXE
2007-07-12 16:36 <DIR> d

C:\Program Files\Lexmark X1100 Series
2007-07-12 16:35 299,520 --a

C:\WINDOWS\uninst.exe
2007-07-12 16:35 <DIR> d

C:\Lxk1100
2007-07-12 16:35 <DIR> d

C:\DOCUME~1\ANGIEC~1\WINDOWS
2007-07-12 12:54 <DIR> d

C:\DOCUME~1\ANGIEC~1\APPLIC~1\Google
2007-07-12 12:53 <DIR> d

C:\Program Files\Google
2007-07-12 12:53 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-07-12 12:53 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-12 11:24 <DIR> d

C:\DOCUME~1\ANGIEC~1\APPLIC~1\AdobeUM
2007-07-12 09:24 <DIR> d

C:\Program Files\DAEMON Tools
2007-07-12 09:22 682,232 --a

C:\WINDOWS\system32\drivers\sptd.sys
2007-07-12 09:20 48,816 --a

C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-12 09:20 110,256 --a

C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-12 09:20 <DIR> d

C:\WINDOWS\RegisteredPackages
2007-07-12 09:19 <DIR> d

C:\Program Files\Symantec AntiVirus
2007-07-12 09:19 <DIR> d

C:\Program Files\Symantec
2007-07-12 09:19 <DIR> d

C:\Program Files\Common Files\Symantec Shared
2007-07-12 09:19 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-12 02:57 <DIR> d

C:\Program Files\Azureus
2007-07-12 02:57 <DIR> d

C:\DOCUME~1\ANGIEC~1\APPLIC~1\Azureus

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-12 01:23 0 --a

C:\WINDOWS\system32\drivers\SET2B.tmp

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-08 18:18]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-08 18:18]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-08 18:18]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-08 18:19]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-08-08 18:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-13 20:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-08-08 18:18]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-08-08 20:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-07-12 11:20:23]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-12 02:55:04]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-12 12:53:30]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-07-12 01:30:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\vtuttsq.dll
R0 iaStor;Intel AHCI Controller;C:\WINDOWS\system32\drivers\iaStor.sys
R1 eabfiltr;eabfiltr;C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
R3 rismxdp;Ricoh xD-Picture Card Driver;C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
S3 RimUsb;RIM Handheld;C:\WINDOWS\system32\Drivers\RimUsb.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S3 usbvideo;USB Video Device (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea73842-307b-11dc-9d09-0016d304a3b6}]
Auto\command- F:\infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
Contents of the 'Scheduled Tasks' folder
2007-08-09 04:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 13:00:00 C:\WINDOWS\Tasks\At10.job
2007-08-09 14:00:00 C:\WINDOWS\Tasks\At11.job
2007-08-08 15:01:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-08 16:01:02 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-06 17:01:02 C:\WINDOWS\Tasks\At14.job
2007-08-06 18:01:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-05 14:59:15 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-06 20:01:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-06 21:01:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-08 22:01:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 05:00:00 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-08 23:01:01 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 00:01:02 C:\WINDOWS\Tasks\At21.job
2007-08-09 01:00:00 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 02:00:00 C:\WINDOWS\Tasks\At23.job
2007-08-09 03:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 06:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 07:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 08:00:00 C:\WINDOWS\Tasks\At5.job
2007-08-09 09:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 10:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 11:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\8L7FEeDQ.exe
2007-08-09 12:00:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\8L7FEeDQ.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 10:43:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-09 10:46:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 10:45
--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 10:48:22 AM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\system32\vtuttsq.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Baabiouz · August 2007

Hi!

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O20 - AppInit_DLLs: c:\windows\system32\vtuttsq.dll

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
____________________

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\c_1ntr.dll.vir
C:\WINDOWS\system32\drivers\SET2B.tmp

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
_____________________

Please, run Panda Active Scan:

Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Do NOT lose it!

Please, send the Panda activescan report.
_____________________

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u2 .
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
- J2SE Runtime Environment 6.0 Update 1
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

_____________________

Please, post a fresh hijackthis log, Combofix log and Panda Active Scan report.

unju · August 2007

I've completed the above steps as well as updated my java. I've noticed that I'm not getting the symantec virus notifications and that I'm not getting pop-ups, but I'm having trouble posting my logs, because they contain links and I do not as of yet have permission. I've messaged Keebler, and I will post them ASAP.

Thanks,
Angie

unju · August 2007

Logs below:

ComboFix 07-08-09.3 - "Angie Cheung" 2007-08-09 13:02:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Angie Cheung\Desktop\CFScript.txt
FILE::
C:\WINDOWS\system32\c_1ntr.dll.vir
C:\WINDOWS\system32\drivers\SET2B.tmp

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\c_1ntr.dll.vir
C:\WINDOWS\system32\drivers\SET2B.tmp

((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))

2007-08-09 10:32 51,200 --a