Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please help...


  • This topic is locked This topic is locked
23 replies to this topic

#1 btalent

btalent

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 17 February 2007 - 12:22 PM

Having some nasty problems here. Programs automatically closing, windows cannot find rundll32.exe, freezing, sound not working properly, problems logging into windows.(login-logout loop)

Any help will be appreciated greatly. Thank you in advance.

Ive folllowed instuctions using Spybot, adaware , AVG and ATF-cleaner and HJT and here it is :


HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 10:13:20 AM, on 2/17/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\kkeajsyx.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8F2B3E96-94B3-4CA0-919A-531DDC9ABE92} (XUploadPhotos Class) - http://www.hi5.com/f...toUploadLib.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...tupv2.0.0.9.cab?
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Brad\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9E4485-07E3-4A08-ADD7-08B35DDABBD4}: NameServer = 64.59.144.17,64.59.155.17
O18 - Protocol: bw+0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Microsoft Update Service - Unknown owner - C:\WINDOWS\System32\dllcache\wuaucdt.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Secure Socket Layer v6 Encryption - Unknown owner - C:\WINDOWS\System32\dllcache\sslsv6_en.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



AVG LOG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:22:48 AM 2/17/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D123AED6C340E304988D0F6852B28775 -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\49EBC5Q7\84785_nttpm[1].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\49EBC5Q7\84785_nttpm[2].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\49EBC5Q7\84785_nttpm[3].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4X6ROTUJ\84785_nttpm[1].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4X6ROTUJ\84785_nttpm[2].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPY3GXM7\84785_nttpm[1].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPY3GXM7\84785_nttpm[2].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPY3GXM7\84785_nttpm[3].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9Q7CD6Z\84785_nttpm[1].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9Q7CD6Z\84785_nttpm[2].exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dllcache\sslsv6_en.exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dllcache\wuaucdt.exe -> Backdoor.Mytobor.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092485.exe -> Hijacker.Costrat.af : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc18.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc19.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc20.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc21.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc22.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc23.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc24.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc25.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc26.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc27.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc28.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc29.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc30.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc31.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc32.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc33.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc34.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc35.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc36.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc37.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc38.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc39.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc40.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc41.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc42.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc43.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc44.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc45.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc46.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc47.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc48.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc49.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc50.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc51.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc52.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc53.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092273.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092274.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092275.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092276.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092277.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092278.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092279.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092280.exe -> Logger.Small.dg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP567\A0092281.exe -> Logger.Small.dg : Cleaned with backup (quarantined).

Edited by btalent, 17 February 2007 - 12:23 PM.

    Advertisements

Register to Remove


#2 John B..

John B..

    Honors Grad

  • Authentic Member
  • PipPipPip
  • 324 posts

Posted 18 February 2007 - 04:06 AM

Hi! :wavey: and welcome to the Tom Coyote forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.
I am currently looking over your log. As I am a trainee, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Greets, John.

#3 John B..

John B..

    Honors Grad

  • Authentic Member
  • PipPipPip
  • 324 posts

Posted 18 February 2007 - 05:19 AM

Hi,

I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by Mytobor.c
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a backdoor trojan., the worst kind.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.

If you decide to clean please do this first.

Update Your Windows XP
We can definitely help you, but first you need to help us. You are quite behind on your Windows Updates and Patches!!

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here to get WinXP SP1a: http://www.microsoft.com/downloads/details...&DisplayLang=en

Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Do NOT install WinXP SP2 because we have to clean your computer first!)
Click here for Windows Update: http://www.windowsupdate.com/

After installing all the Patches and updates, reboot, then post a fresh Hijack This log.


John.

#4 btalent

btalent

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 18 February 2007 - 03:22 PM

Thank you very much for taking the time to help me. I would like to try to avoid reformatting but if it comes down to it, I will. I've used the computer for online banking in the last few days but I just changed the password over the phone....I should be safe there, correct? I've updated my windows like you said and heres my new hjt log:


Logfile of HijackThis v1.99.1
Scan saved at 1:21:15 PM, on 2/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\kkeajsyx.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8F2B3E96-94B3-4CA0-919A-531DDC9ABE92} (XUploadPhotos Class) - http://www.hi5.com/f...toUploadLib.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...tupv2.0.0.9.cab?
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Brad\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9E4485-07E3-4A08-ADD7-08B35DDABBD4}: NameServer = 64.59.144.17,64.59.155.17
O18 - Protocol: bw+0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Microsoft Update Service - Unknown owner - C:\WINDOWS\System32\dllcache\wuaucdt.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Secure Socket Layer v6 Encryption - Unknown owner - C:\WINDOWS\System32\dllcache\sslsv6_en.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#5 John B..

John B..

    Honors Grad

  • Authentic Member
  • PipPipPip
  • 324 posts

Posted 19 February 2007 - 05:51 AM

Hi,

If you changed the passwords you should be safe now.

Step 1: Rename HijackThis
There is probably an infection which is hiding part of the HijackThis log because it's called hijackthis.exe.
Please rename hijackthis.exe to goodscanner.exe

Step 2: Show your hidden files
To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon (or click Start, then select My Computer)
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.
Step 3: Upload a File to Virustotal
One of our biggest databases is under attack. The attack is done by malware makers...
But that makes malware fighters unable to visit it so I can't tell if one of your files is bad or not.
Please visit Virustotal
* Click the Browse... button
* Navigate to the file C:\WINDOWS\System32\dllcache\sslsv6_en.exe
* Click the Open button
* Click the Send button
* Copy and paste the results back here please together with a fresh hijackthis log

Greets, John.

#6 btalent

btalent

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 19 February 2007 - 09:42 AM

* Navigate to the file C:\WINDOWS\System32\dllcache\sslsv6_en.exe


I could not locate this file, although I do remember deleting it. (it was a bad file, correct?)

I did find these though which I think are bad aswell?


wuauclt1.exe
wuauclt.exe
wuaucpl.cpl
wuaucpl.cpl.manifest
wuaueng1.dll
wuaueng.dll
wuauserv.dll

What do you advise I do next?

Thanks again for your help.

#7 John B..

John B..

    Honors Grad

  • Authentic Member
  • PipPipPip
  • 324 posts

Posted 20 February 2007 - 05:26 AM

Hi, Please post a fresh HijackThis log with the renamed version. Greets, John.

#8 btalent

btalent

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 20 February 2007 - 09:31 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:29:43 AM, on 2/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HJT\goodscanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {47F34364-F788-498B-AD5B-DC362C7A3436} - C:\WINDOWS\System32\ssttu.dll
O2 - BHO: (no name) - {7018F35B-8A89-46D6-BD46-806C064FACF0} - C:\WINDOWS\System32\khfddaa.dll
O2 - BHO: (no name) - {A2EF4577-5B7D-4F96-9CD3-8A4AE6EDF06F} - C:\WINDOWS\System32\ssttu.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\ypxwoykm.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\kkeajsyx.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8F2B3E96-94B3-4CA0-919A-531DDC9ABE92} (XUploadPhotos Class) - http://www.hi5.com/f...toUploadLib.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...tupv2.0.0.9.cab?
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Brad\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9E4485-07E3-4A08-ADD7-08B35DDABBD4}: NameServer = 64.59.144.17,64.59.155.17
O18 - Protocol: bw+0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: khfddaa - C:\WINDOWS\SYSTEM32\khfddaa.dll
O20 - Winlogon Notify: ljjjhgg - C:\WINDOWS\SYSTEM32\ljjjhgg.dll
O20 - Winlogon Notify: ssttu - C:\WINDOWS\System32\ssttu.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Microsoft Update Service - Unknown owner - C:\WINDOWS\System32\dllcache\wuaucdt.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Secure Socket Layer v6 Encryption - Unknown owner - C:\WINDOWS\System32\dllcache\sslsv6_en.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#9 John B..

John B..

    Honors Grad

  • Authentic Member
  • PipPipPip
  • 324 posts

Posted 21 February 2007 - 04:05 AM

Hi,

You seem to have the infection I thought you would.

Step 1: Download and Run VundoFix
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once the scan is completed, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Greets, John.

#10 btalent

btalent

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 February 2007 - 09:09 AM

Thank you again.


HJT

Logfile of HijackThis v1.99.1
Scan saved at 7:06:47 AM, on 2/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\goodscanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {47F34364-F788-498B-AD5B-DC362C7A3436} - C:\WINDOWS\System32\ssttu.dll (file missing)
O2 - BHO: (no name) - {7018F35B-8A89-46D6-BD46-806C064FACF0} - C:\WINDOWS\System32\khfddaa.dll
O2 - BHO: (no name) - {A2EF4577-5B7D-4F96-9CD3-8A4AE6EDF06F} - C:\WINDOWS\System32\ssttu.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\ypxwoykm.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8F2B3E96-94B3-4CA0-919A-531DDC9ABE92} (XUploadPhotos Class) - http://www.hi5.com/f...toUploadLib.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...tupv2.0.0.9.cab?
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Brad\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9E4485-07E3-4A08-ADD7-08B35DDABBD4}: NameServer = 64.59.144.17,64.59.155.17
O18 - Protocol: bw+0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: khfddaa - C:\WINDOWS\SYSTEM32\khfddaa.dll
O20 - Winlogon Notify: ljjjhgg - C:\WINDOWS\SYSTEM32\ljjjhgg.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Microsoft Update Service - Unknown owner - C:\WINDOWS\System32\dllcache\wuaucdt.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Secure Socket Layer v6 Encryption - Unknown owner - C:\WINDOWS\System32\dllcache\sslsv6_en.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

VUNDO

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 6:57:02 AM 2/21/2007

Listing files found while scanning....

C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\aofvrqtt.dll
C:\WINDOWS\system32\bvkfacje.exe
C:\WINDOWS\system32\kihhnkkt.dll
C:\WINDOWS\system32\kkeajsyx.dll
C:\WINDOWS\system32\kvciloen.dll
C:\WINDOWS\system32\neolicvk.ini
C:\WINDOWS\System32\ssttu.dll
C:\WINDOWS\system32\svffrxwh.exe
C:\WINDOWS\system32\tftixevt.ini
C:\WINDOWS\system32\tvexitft.dll
C:\WINDOWS\System32\uttss.bak1
C:\WINDOWS\System32\uttss.bak2
C:\WINDOWS\System32\uttss.ini
C:\WINDOWS\System32\uttss.ini2
C:\WINDOWS\System32\uttss.tmp
C:\WINDOWS\system32\xlvsjmfr.exe
C:\WINDOWS\System32\ypxwoykm.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\aofvrqtt.dll
C:\WINDOWS\system32\aofvrqtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bvkfacje.exe
C:\WINDOWS\system32\bvkfacje.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kihhnkkt.dll
C:\WINDOWS\system32\kihhnkkt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkeajsyx.dll
C:\WINDOWS\system32\kkeajsyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvciloen.dll
C:\WINDOWS\system32\kvciloen.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\neolicvk.ini
C:\WINDOWS\system32\neolicvk.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\ssttu.dll
C:\WINDOWS\System32\ssttu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\svffrxwh.exe
C:\WINDOWS\system32\svffrxwh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tftixevt.ini
C:\WINDOWS\system32\tftixevt.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvexitft.dll
C:\WINDOWS\system32\tvexitft.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.bak1
C:\WINDOWS\System32\uttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.bak2
C:\WINDOWS\System32\uttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.ini
C:\WINDOWS\System32\uttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.ini2
C:\WINDOWS\System32\uttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.tmp
C:\WINDOWS\System32\uttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\xlvsjmfr.exe
C:\WINDOWS\system32\xlvsjmfr.exe Has been deleted!

Performing Repairs to the registry.
Done!

    Advertisements

Register to Remove


#11 btalent

btalent

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 February 2007 - 09:30 AM

I thought I'd post my Spybot log aswell...it's pretty ugly.


Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService

VirtuMonde: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}

VirtuMonde: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}

Smitfraud-C.Toolbar888: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1957994488-1202660629-839522115-1003\Software\Microsoft\Windows\CurrentVersion\t_v_3_4

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Araf15

Smitfraud-C.Toolbar888: Autorun settings (DllRunning) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DllRunning

Smitfraud-C.Toolbar888: Program file (File, nothing done)
C:\WINDOWS\SYSTEM32\rundll32.exe


******This one doesnt look good.... When my computer couldnt find that file before I searched the net and It was recommended to put in my xp disc and exucute a command which I did. After that I could get into control panel. Is there something else I should do about this? Still getting popups after posting the logs from my last post.*****




SeachToolbarCorp.ToolbarVision: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1957994488-1202660629-839522115-1003\Software\Search Toolbar Corp

SeachToolbarCorp.ToolbarVision: Program directory (Directory, nothing done)
C:\Documents and Settings\Brad\Application Data\SearchToolbarCorp\

Smitfraud-C.Toolbar888: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{74DD705D-6834-439C-A735-A6DBE2677452}

Smitfraud-C.Toolbar888: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74DD705D-6834-439C-A735-A6DBE2677452}

Smitfraud-C.Toolbar888: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{74DD705D-6834-439C-A735-A6DBE2677452}

Smitfraud-C.Toolbar888: IE toolbar (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1957994488-1202660629-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74DD705D-6834-439C-A735-A6DBE2677452}

Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


ReliableStats: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


Smitfraud-C.Toolbar888: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


SystemDoctor2006: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


ReliableStats: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


SystemDoctor2006: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


TagASaurus: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)


LinkSynergy: Tracking cookie (Internet Explorer: Brad) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-05 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-02-21 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-02-21 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-02-21 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-02-21 Includes\KeyloggersC.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-02-21 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-02-21 Includes\PUPSC.sbi (*)
2007-02-21 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-02-21 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-02-21 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-02-14 Includes\Trojans.sbi (*)
2007-02-21 Includes\TrojansC.sbi (*)

#12 John B..

John B..

    Honors Grad

  • Authentic Member
  • PipPipPip
  • 324 posts

Posted 21 February 2007 - 11:35 AM

Hi,

Still getting popups after posting the logs from my last post.

I'd like to explain you why.

You've got one particular infection called Vundo. You used a tool to remove it.

There were the files found and removed:

C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\aofvrqtt.dll
C:\WINDOWS\system32\bvkfacje.exe
C:\WINDOWS\system32\kihhnkkt.dll
C:\WINDOWS\system32\kkeajsyx.dll
C:\WINDOWS\system32\kvciloen.dll
C:\WINDOWS\system32\neolicvk.ini
C:\WINDOWS\System32\ssttu.dll
C:\WINDOWS\system32\svffrxwh.exe
C:\WINDOWS\system32\tftixevt.ini
C:\WINDOWS\system32\tvexitft.dll
C:\WINDOWS\System32\uttss.bak1
C:\WINDOWS\System32\uttss.bak2
C:\WINDOWS\System32\uttss.ini
C:\WINDOWS\System32\uttss.ini2
C:\WINDOWS\System32\uttss.tmp
C:\WINDOWS\system32\xlvsjmfr.exe
C:\WINDOWS\System32\ypxwoykm.dll


In your HJT log there are still signs of Vundo being active:

O2 - BHO: (no name) - {7018F35B-8A89-46D6-BD46-806C064FACF0} - C:\WINDOWS\System32\khfddaa.dll
O20 - Winlogon Notify: khfddaa - C:\WINDOWS\SYSTEM32\khfddaa.dll
O20 - Winlogon Notify: ljjjhgg - C:\WINDOWS\SYSTEM32\ljjjhgg.dll


Those are new files. Almost every victim of Vundo will not succeed to remove Vundo in one time because there are always new files. So lets upload these files and add them manually to Vundofix.

Step 1: Upload malware to uploadmalware.com
Please go to http://www.uploadmalware.com/

Put your username in the correct box and give a link to this topic.
In the File(s) To Submit: copy and past the following (one line per box):
C:\WINDOWS\System32\khfddaa.dll
C:\WINDOWS\SYSTEM32\ljjjhgg.dll


Now click Send File and close the window.

Step 2: Download and Run VundoFix
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once the scan is complete, Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the entries below into the boxes (one line per box):
    • C:\WINDOWS\System32\khfddaa.dll
    • C:\WINDOWS\System32\aaddfhk.*
    • C:\WINDOWS\SYSTEM32\ljjjhgg.dll
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Greets, John.

#13 btalent

btalent

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 February 2007 - 07:22 PM

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 6:57:02 AM 2/21/2007

Listing files found while scanning....

C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\aofvrqtt.dll
C:\WINDOWS\system32\bvkfacje.exe
C:\WINDOWS\system32\kihhnkkt.dll
C:\WINDOWS\system32\kkeajsyx.dll
C:\WINDOWS\system32\kvciloen.dll
C:\WINDOWS\system32\neolicvk.ini
C:\WINDOWS\System32\ssttu.dll
C:\WINDOWS\system32\svffrxwh.exe
C:\WINDOWS\system32\tftixevt.ini
C:\WINDOWS\system32\tvexitft.dll
C:\WINDOWS\System32\uttss.bak1
C:\WINDOWS\System32\uttss.bak2
C:\WINDOWS\System32\uttss.ini
C:\WINDOWS\System32\uttss.ini2
C:\WINDOWS\System32\uttss.tmp
C:\WINDOWS\system32\xlvsjmfr.exe
C:\WINDOWS\System32\ypxwoykm.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\aofvrqtt.dll
C:\WINDOWS\system32\aofvrqtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bvkfacje.exe
C:\WINDOWS\system32\bvkfacje.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kihhnkkt.dll
C:\WINDOWS\system32\kihhnkkt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkeajsyx.dll
C:\WINDOWS\system32\kkeajsyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvciloen.dll
C:\WINDOWS\system32\kvciloen.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\neolicvk.ini
C:\WINDOWS\system32\neolicvk.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\ssttu.dll
C:\WINDOWS\System32\ssttu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\svffrxwh.exe
C:\WINDOWS\system32\svffrxwh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tftixevt.ini
C:\WINDOWS\system32\tftixevt.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvexitft.dll
C:\WINDOWS\system32\tvexitft.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.bak1
C:\WINDOWS\System32\uttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.bak2
C:\WINDOWS\System32\uttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.ini
C:\WINDOWS\System32\uttss.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.ini2
C:\WINDOWS\System32\uttss.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\uttss.tmp
C:\WINDOWS\System32\uttss.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\xlvsjmfr.exe
C:\WINDOWS\system32\xlvsjmfr.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 4:45:16 PM 2/21/2007

Listing files found while scanning....

C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\ciunetlr.exe
C:\WINDOWS\System32\gebyx.dll
C:\WINDOWS\system32\qiofxtwv.ini
C:\WINDOWS\system32\vwtxfoiq.dll
C:\WINDOWS\System32\xybeg.bak1
C:\WINDOWS\System32\xybeg.ini
C:\WINDOWS\System32\ypxwoykm.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Brad\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ciunetlr.exe
C:\WINDOWS\system32\ciunetlr.exe Has been deleted!

Attempting to delete C:\WINDOWS\System32\gebyx.dll
C:\WINDOWS\System32\gebyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\khfddaa.dll
C:\WINDOWS\System32\khfddaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ljjjhgg.dll
C:\WINDOWS\SYSTEM32\ljjjhgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qiofxtwv.ini
C:\WINDOWS\system32\qiofxtwv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwtxfoiq.dll
C:\WINDOWS\system32\vwtxfoiq.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\xybeg.bak1
C:\WINDOWS\System32\xybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\xybeg.ini
C:\WINDOWS\System32\xybeg.ini Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of HijackThis v1.99.1
Scan saved at 5:21:08 PM, on 2/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\goodscanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {075D5A02-58B0-4D9D-95E5-385CA43D40E5} - C:\WINDOWS\System32\gebyx.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {47F34364-F788-498B-AD5B-DC362C7A3436} - C:\WINDOWS\System32\ssttu.dll (file missing)
O2 - BHO: (no name) - {7018F35B-8A89-46D6-BD46-806C064FACF0} - C:\WINDOWS\System32\khfddaa.dll (file missing)
O2 - BHO: (no name) - {A2EF4577-5B7D-4F96-9CD3-8A4AE6EDF06F} - C:\WINDOWS\System32\ssttu.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\ypxwoykm.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8F2B3E96-94B3-4CA0-919A-531DDC9ABE92} (XUploadPhotos Class) - http://www.hi5.com/f...toUploadLib.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...tupv2.0.0.9.cab?
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Brad\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9E4485-07E3-4A08-ADD7-08B35DDABBD4}: NameServer = 64.59.144.17,64.59.155.17
O18 - Protocol: bw+0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Microsoft Update Service - Unknown owner - C:\WINDOWS\System32\dllcache\wuaucdt.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Secure Socket Layer v6 Encryption - Unknown owner - C:\WINDOWS\System32\dllcache\sslsv6_en.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#14 John B..

John B..

    Honors Grad

  • Authentic Member
  • PipPipPip
  • 324 posts

Posted 22 February 2007 - 11:23 AM

Hi,

You aren't running Anti Virus Software. Please download and install one of them first!!!

Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
Computer Safety On line - Anti-Virus
I use AVG Anti-Virus (Free Edition)!

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

As you did this, we can begin with the fix.

Step 1: Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop "Secure Socket Layer v6 Encryption"
sc delete "Secure Socket Layer v6 Encryption"
exit


Double click FixServices.bat. A window will open and close. This is normal.

Step 2: Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

    O2 - BHO: (no name) - {075D5A02-58B0-4D9D-95E5-385CA43D40E5} - C:\WINDOWS\System32\gebyx.dll (file missing)
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
    O2 - BHO: (no name) - {47F34364-F788-498B-AD5B-DC362C7A3436} - C:\WINDOWS\System32\ssttu.dll (file missing)
    O2 - BHO: (no name) - {7018F35B-8A89-46D6-BD46-806C064FACF0} - C:\WINDOWS\System32\khfddaa.dll (file missing)
    O2 - BHO: (no name) - {A2EF4577-5B7D-4F96-9CD3-8A4AE6EDF06F} - C:\WINDOWS\System32\ssttu.dll (file missing)
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\ypxwoykm.dll (file missing)

    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
Step 3: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Step 3: Post logs
* Kaspersky log
* Fresh HJT log
* Tell me if you're still having problems/questions

Greets, John.

#15 btalent

btalent

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 22 February 2007 - 08:33 PM

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 22, 2007 6:31:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/02/2007
Kaspersky Anti-Virus database records: 272570
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 204309
Number of viruses found: 14
Number of infected objects: 305 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:11:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\1e4b828a02355adcf90e891420a0b963_a857aa14-e7f7-4b81-8769-1ffb7c757808 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\289778203.exe.bac_a02100 Infected: Trojan-Clicker.Win32.Costrat.af skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\9129837.exe.bac_a02100 Infected: Trojan-PSW.Win32.Small.bs skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\dem[1].exe.bac_a02100 Infected: Trojan-Clicker.Win32.Costrat.af skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00155.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00157.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00159.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00161.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00163.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00165.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00167.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00169.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00171.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00173.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00175.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00177.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00179.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00181.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00183.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00185.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00187.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00189.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00191.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00193.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00195.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00197.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00199.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00201.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00203.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00205.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00207.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00209.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00211.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00213.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00215.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00217.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00219.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00221.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00223.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00225.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00227.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00229.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00231.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00233.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00235.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00237.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00239.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00241.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00243.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00245.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00247.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00249.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00251.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00253.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00255.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00257.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00259.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00261.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00263.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00265.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00267.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00269.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00271.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00273.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00275.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00277.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00279.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00281.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00283.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00285.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00287.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00289.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00291.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00293.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00295.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00297.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00299.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00301.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00303.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00309.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00311.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00313.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00315.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00317.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00319.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00321.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00323.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00325.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00327.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00329.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00331.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00333.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00335.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00337.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00339.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00341.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00343.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00345.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00347.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00349.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00351.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00353.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00357.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00359.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00361.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00363.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00365.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00367.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00369.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00371.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00373.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00375.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00377.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00379.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00381.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00383.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00385.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00387.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00389.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00391.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00393.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00395.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00397.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00399.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00401.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00403.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00405.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00407.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00409.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00411.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00413.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00419.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00421.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00423.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00425.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00427.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00429.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00431.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00433.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00435.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00437.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00439.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00441.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00443.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00445.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00447.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00449.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00451.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00453.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00455.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00457.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00459.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00461.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00463.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00465.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00467.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00469.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00471.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00473.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00475.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00477.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00479.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00481.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00483.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00485.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00487.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00489.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00491.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00493.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00495.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00499.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00501.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00503.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00505.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00507.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00509.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00511.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00513.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00515.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00517.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00519.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00521.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00523.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00525.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00527.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00529.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00531.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00533.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00535.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00537.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00539.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00541.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00543.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00545.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00547.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00549.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00551.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00553.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00555.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00557.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00561.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00563.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00565.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00567.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00569.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00571.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00573.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00575.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00577.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00579.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00581.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00583.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00585.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00587.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00589.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\.housecall6.6\Quarantine\_ibm00591.exe.bac_a02100 Infected: Trojan-Spy.Win32.Small.dg skipped
C:\Documents and Settings\Brad\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\Application Data\Identities\{ECD1DC34-C2EB-46D2-9123-6E88425593D6}\Microsoft\Outlook Express\cleanup.log Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\Application Data\Identities\{ECD1DC34-C2EB-46D2-9123-6E88425593D6}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\Application Data\Identities\{ECD1DC34-C2EB-46D2-9123-6E88425593D6}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\Application Data\Identities\{ECD1DC34-C2EB-46D2-9123-6E88425593D6}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\History\History.IE5\MSHist012007022120070222\index.dat Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\Temp\ywjsrrj.exe Infected: Trojan-Downloader.Win32.Tiny.fl skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\8DUFK563\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\98CV5HGH\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\98CV5HGH\popup[2].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\9G11NH53\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\E9LUZMP8\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\E9LUZMP8\WinAntiVirusPro2006FreeInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\EFWREBQD\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\FXIAE8ZH\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\KHW527GL\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\KHW527GL\popup[2].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\N31VVPS8\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\N31VVPS8\popup[3].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\N31VVPS8\popup[4].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\R43MCG71\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\WLCZGB8N\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Brad\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Brad\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Brad\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QXPQ7ALO\popup[1].php/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QXPQ7ALO\popup[1].php GZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\^_^\Local Settings\Temp\hsperfdata_^_^\2560 Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-02-21.16-59-14.log Object is locked skipped
C:\RECYCLER\S-1-5-21-1957994488-1202660629-839522115-1007\Dc17.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP562\A0082562.exe/data0000.cab/DIABLO~1.EXE Infected: Backdoor.Win32.Ciadoor.13 skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP562\A0082562.exe/data0000.cab Infected: Backdoor.Win32.Ciadoor.13 skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP562\A0082562.exe DotFix NiceProtect: infected - 2 skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0098605.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099659.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099660.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099661.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099662.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099663.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099664.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099665.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099666.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099667.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099668.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099669.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099670.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099671.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099672.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099673.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099674.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099675.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099676.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099677.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099678.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099679.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099680.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099681.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099682.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099683.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099684.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099685.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099686.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099687.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099688.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099689.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099690.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099691.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099692.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099693.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099694.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099696.exe Infected: Backdoor.Win32.Mytobor.c skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP568\A0099697.exe Infected: Backdoor.Win32.Mytobor.c skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP658\A0106873.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP659\A0106892.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP659\A0106893.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP659\A0106894.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP659\A0106895.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP659\A0106898.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP659\A0106900.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP660\A0106921.dll Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP660\A0106922.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP660\A0106924.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP660\A0106925.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP660\A0106927.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{CAC75E06-CBD6-4361-966D-F0FAC2FB3D35}\RP662\change.log Object is locked skipped
C:\VundoFix Backups\aofvrqtt.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\bvkfacje.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ciunetlr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\khfddaa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\kihhnkkt.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\kkeajsyx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\kvciloen.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\ljjjhgg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\svffrxwh.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tvexitft.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\VSAdd-in.dll.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\vwtxfoiq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\xlvsjmfr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\hpgwihmd.dat Object is locked skipped
C:\WINDOWS\system32\iifeedb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\system32\inetmjb1.dat Object is locked skipped
C:\WINDOWS\system32\localbit.dat Object is locked skipped
C:\WINDOWS\system32\MFC7ADEU.dat Object is locked skipped
C:\WINDOWS\system32\msvbvm6e.dat Object is locked skipped
C:\WINDOWS\system32\nnnoljk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\system32\oleaco.dat Object is locked skipped
C:\WINDOWS\system32\opnkjih.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\system32\serialbi.dat Object is locked skipped
C:\WINDOWS\system32\userdnv.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\yayvwwv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped




Logfile of HijackThis v1.99.1
Scan saved at 6:32:39 PM, on 2/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\goodscanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoc...FreeInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8F2B3E96-94B3-4CA0-919A-531DDC9ABE92} (XUploadPhotos Class) - http://www.hi5.com/f...toUploadLib.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...tupv2.0.0.9.cab?
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Brad\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD9E4485-07E3-4A08-ADD7-08B35DDABBD4}: NameServer = 64.59.144.17,64.59.155.17
O18 - Protocol: bw+0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {35AC2325-41CA-428B-9DBB-8D84E1FDF56D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Prog

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users