Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > trojan agent winlogonhook help!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

trojan agent winlogonhook help!

Reply to Message Icon

Name: alexp
Date: January 6, 2008 at 14:18:19 Pacific
OS: windows xp sp2
CPU/Ram: 1.78 GHz/ 512 mb
Product: Toshiba satellite
Comment:

please i need help with this virus "trojan agent winlogonhook" i cant get rid of it simply with spysweeper or ad-aware, it keeps coming back after i do sweeps, ive read other post and found that im probably gonna need to do the hijackthis log(i just dont know what to do with it), though ill wait for a response to post that

THANKS in advance for any help



Sponsored Link
Ads by Google

Response Number 1
Name: jabuck
Date: January 6, 2008 at 14:23:44 Pacific
Reply:

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


0

Response Number 2
Name: alexp
Date: January 6, 2008 at 14:37:16 Pacific
Reply:

wow that was fast thanks, well here u go

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:10 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint .exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1 .exe
C:\Program Files\PowerISO\PWRISOVM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerISO\PWRISOVM .exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\TEMP\win79.exe
C:\Program Files\QuickTime\QTTask .exe
C:\WINDOWS\mgrs.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\TEMP\win79 .exe
C:\WINDOWS\lsass.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\lsass .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhfe.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\fiajhhku.dll",b
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win79 .exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [EasySpywareCleaner] C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - S-1-5-18 Startup: findfast .exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: findfast .exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: findfast .exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: findfast .exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: findfast.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: findfast .exe (User 'Default user')
O4 - .DEFAULT Startup: findfast .exe (User 'Default user')
O4 - .DEFAULT Startup: findfast .exe (User 'Default user')
O4 - .DEFAULT Startup: findfast .exe (User 'Default user')
O4 - .DEFAULT Startup: findfast.exe (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe (User 'Default user')
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06...
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 16052 bytes


0

Response Number 3
Name: jabuck
Date: January 6, 2008 at 14:45:23 Pacific
Reply:

Go to the this link http://wiki.castlecops.com/Malware_... Follow there to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.


0

Response Number 4
Name: alexp
Date: January 6, 2008 at 16:49:56 Pacific
Reply:

ok that took awhile here you go, once again thank you


ComboFix 08-01-07.1 - user 2008-01-06 19:07:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.217 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Mom\Application Data\printer.exe
C:\Documents and Settings\Mom\Application Data\trant.exe
C:\Documents and Settings\Mom\Application Data\ultra
C:\Documents and Settings\Mom\Application Data\ultra\ultra.inf
C:\Documents and Settings\Mom\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Mom\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Mom\Start Menu\Programs\Startup\findfast.exe
C:\Documents and Settings\user\Application Data\printer.exe
C:\Documents and Settings\user\Application Data\trant.exe
C:\Documents and Settings\user\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\user\Desktop\Free Online Dating.lnk
C:\Documents and Settings\user\Desktop\Go to Casino.lnk
C:\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe
C:\Documents and Settings\user\Start Menu\Programs\Startup\findfast.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
C:\Program Files\3269.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Helper
C:\Program Files\Helper\Helper9.dll
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\lsass.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinFP.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\PowerISO\PWRISOVM.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\spoolsv.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Defender
C:\Program Files\Verizon Online\Help Support\VERIZO~1 .exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\lsass .exe
C:\WINDOWS\lsass .exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\awtqpol.dll
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddcaxwx.dll
C:\WINDOWS\system32\drvkaxr.dll
C:\WINDOWS\system32\drvzogr.dll
C:\WINDOWS\system32\efccabc.dll
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\fiajhhku.dll
C:\WINDOWS\system32\fuhwlggm.exe
C:\WINDOWS\system32\fvkvcsqu.ini
C:\WINDOWS\system32\ixoqungs.ini
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.exe
C:\WINDOWS\system32\nmiycxim.dll
C:\WINDOWS\system32\oxbwhdvh.dll
C:\WINDOWS\system32\printer .exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\RCX48.tmp
C:\WINDOWS\system32\rovwjmqs.dll
C:\WINDOWS\system32\rqrrqrr.dll
C:\WINDOWS\system32\sgnuqoxi.dll
C:\WINDOWS\system32\spoolvs .exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\ukhhjaif.ini
C:\WINDOWS\system32\uqscvkvf.dll
C:\WINDOWS\system32\vturs.exe
C:\WINDOWS\system32\winhoq32.dll
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\wrmpcbjs.exe
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\TEMP\win79 .exe
C:\WINDOWS\Temp\win79 .exe

[code] 


C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---> Reader_sl.exe
C:\Program Files\AIM6\aim6 .exe ---> aim6.exe
C:\Program Files\Common Files\AOL\1140083713\EE\AOLSoftware .exe ---> AOLSoftware.exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe ---> IPHSend.exe
C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe ---> QooBox
C:\Program Files\Common Files\Real\Update_OB\realsched .exe ---> realsched.exe
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner .exe ---> EasySpywareCleaner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> GoogleToolbarNotifier.exe
C:\Program Files\iTunes\iTunesHelper .exe ---> iTunesHelper.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor .exe ---> MMonitor.exe
C:\Program Files\PowerISO\PWRISOVM .exe ---> PWRISOVM.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe ---> OpwareSE2.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg .exe ---> Ereg.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe ---> toscdspd.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint .exe ---> VerizonServicepoint.exe
C:\Program Files\Verizon Online\Help Support\VERIZO~1 .exe ---> QooBox
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe ---> SearchProtection.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe ---> YahooMusicEngine.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\printer .exe ---> QooBox
C:\WINDOWS\system32\spoolvs .exe ---> QooBox
[/code]
.
.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-06 18:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 11:56 . 2008-01-06 11:56 29,824 --a------ C:\WINDOWS\system32\ctfmona .exe
2008-01-06 04:07 . 2008-01-06 04:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-06 04:07 . 2008-01-06 04:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-06 04:06 . 2008-01-06 04:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 03:51 . 2008-01-07 19:36 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-01-06 03:51 . 2008-01-06 03:51 <DIR> d-------- C:\Documents and Settings\user\Application Data\EasySpywareCleaner.com
2008-01-05 22:09 . 2008-01-05 22:09 104,448 --a------ C:\WINDOWS\system32\drvkax.dll
2008-01-05 14:32 . 2008-01-05 14:32 <DIR> d-------- C:\Program Files\UltraISO
2008-01-05 14:32 . 2008-01-05 14:32 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-01-05 14:22 . 2008-01-05 14:22 <DIR> d-------- C:\Program Files\burnatonce
2008-01-04 19:39 . 2008-01-04 19:39 348,672 --a------ C:\WINDOWS\system32\OLD4CE.tmp
2008-01-04 19:35 . 2008-01-04 19:36 1,283,174 --a------ C:\Install
2008-01-04 19:35 . 2008-01-04 19:35 104,448 --a------ C:\WINDOWS\system32\drvzog.dll
2007-12-29 22:18 . 2007-12-29 22:18 <DIR> d-------- C:\Program Files\THQ
2007-12-09 21:07 . 2007-12-09 21:07 <DIR> d-------- C:\Program Files\Pcsx2
2007-12-08 18:31 . 2007-12-08 18:32 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4
2007-12-08 18:30 . 2007-12-08 18:30 <DIR> d-------- C:\Pcsx2_0.9.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 00:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 00:36 --------- d-----w C:\Program Files\PowerISO
2008-01-08 00:36 --------- d-----w C:\Program Files\iTunes
2008-01-08 00:36 --------- d-----w C:\Program Files\AIM6
2008-01-08 00:28 --------- d-----w C:\Program Files\QuickTime
2008-01-06 09:33 --------- d-----w C:\Program Files\FlashGet
2008-01-06 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-06 01:06 --------- d-----w C:\Documents and Settings\user\Application Data\Azureus
2008-01-03 02:51 5,742 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
2007-12-23 04:41 --------- d-----w C:\Program Files\Azureus
2007-11-26 01:55 --------- d-----w C:\Program Files\AviSynth 2.5
2007-11-24 19:32 --------- d-----w C:\Program Files\DivX
2007-11-24 01:45 --------- d-----w C:\Program Files\iPod
2007-11-22 04:12 --------- d-----w C:\Documents and Settings\Mom\Application Data\NASA
2007-11-22 04:10 --------- d-----w C:\Program Files\NASA
2007-11-16 04:19 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-15 03:18 996 ----a-w C:\Documents and Settings\Mom\Application Data\wklnhst.dat
.
[code]


----a-w         1,694,208 2008-01-06 16:56:32  C:\Program Files\Messenger\msmsgs .exe
----a-w            81,920 2008-01-06 01:10:27  C:\Program Files\Sony\SonicStage\SsAAD .exe
----a-w            29,824 2008-01-06 16:56:03  C:\WINDOWS\system32\ctfmona .exe
[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-06 18:45 50528]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 18:45 68856]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-06 18:45 224248]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-01-06 18:46 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2008-01-06 18:45 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2008-01-06 18:45 729088]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2008-01-06 18:45 1880064]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe" [2008-01-06 18:45 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-06 18:45 124520]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [2008-01-06 18:45 6104568]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.exe" [2008-01-06 18:45 200704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-06 18:45 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 02:11 771704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-06 18:45 224248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-06 18:45 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-06 18:45 267048]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]
"EasySpywareCleaner"="C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe" [2008-01-06 18:45 305490]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe [2004-06-12 00:57:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-26 01:41:56]
Metamail Trust Manager.lnk - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2006-06-05 22:37:44]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2006-10-03 13:04:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-10-15 09:29 88203 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-10-06 08:20 122940 C:\WINDOWS\system32\dla\DLACTRLW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 16:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 00:52 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 00:55 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 00:55 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-11-28 13:41 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-12-05 14:37 667718 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2004-08-18 06:37 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\progra~1\mcafee.com\agent\McRegWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2005-03-17 20:37 151552 c:\toshiba\ivp\ism\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-04-26 19:13 122880 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-12-16 03:32 761945 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-12-16 03:34 82009 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
--a------ 2005-03-11 18:03 73728 C:\WINDOWS\system32\TDispVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a------ 2006-01-05 17:02 352256 C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2008-01-06 12:08 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2005-06-01 00:00 282624 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2005-11-30 15:25 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 03:05]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 17:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.exe
\Shell\configure\command - F:\SETUP.exe
\Shell\install\command - F:\SETUP.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 00:41:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - user.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 19:38:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 19:46:17 - machine was rebooted [user]
ComboFix-quarantined-files.txt 2008-01-08 00:46:10
.
2007-12-13 00:46:45 --- E O F ---


0

Response Number 5
Name: jabuck
Date: January 6, 2008 at 17:28:59 Pacific
Reply:

You were heavily infected.

Go to start> control panel>add/remove programs and uninstall "EasySpywareCleaner" if found:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\ctfmona .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmona"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Hijack This log please.



0

Related Posts

See More



Response Number 6
Name: alexp
Date: January 6, 2008 at 18:21:43 Pacific
Reply:

ok b4 u replied i ran spysweeper and the "trojan agent winlogonhook" was gone, but it found a new trojan called "trojan-xlibg", though i got rid of it so hopefuly that went away
well heres my new hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:34 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe
C:\Program Files\PowerISO\PWRISOVM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14492 bytes


0

Response Number 7
Name: jabuck
Date: January 6, 2008 at 18:42:38 Pacific
Reply:

Looks a lot better.

Run Hijack This, cloes all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checkrd":

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe

Exit Hijack This.

To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Navigate to and delete this file if found(hopefully was deleted earlier):

C:\WINDOWS\system32\ctfmona.exe

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.


0

Response Number 8
Name: alexp
Date: January 6, 2008 at 20:36:15 Pacific
Reply:

wow thanks for all ur help once again, im not sure if u meant the log from bitdefender or the hijackthis log so ill post both just incase


Scan report generated at: Mon, Jan 07, 2008 - 23:29:45





Scan path: C:\;D:\;E:\;F:\;







Statistics

Time
01:07:48

Files
286367

Folders
12270

Boot Sectors
3

Archives
9234

Packed Files
17626




Results

Identified Viruses
14

Infected Files
78

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
78




Engines Info

Virus Definitions
885708

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-14018c18.zip=>vmain.class
Infected with: Exploit.Java.Gimsh.B

C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-14018c18.zip=>vmain.class
Deleted

C:\Documents and Settings\Mom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-14018c18.zip
Updated

C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
Infected with: Trojan.Dropper.Vundo.D

C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
Disinfection failed

C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
Deleted

C:\Program Files\QuickTime\QTTask.exe
Infected with: Trojan.Dropper.Vundo.D

C:\Program Files\QuickTime\QTTask.exe
Disinfection failed

C:\Program Files\QuickTime\QTTask.exe
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\Mom\Application Data\printer.exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\Documents and Settings\Mom\Application Data\printer.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\Mom\Application Data\printer.exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\Mom\Start Menu\Programs\Startup\findfast.exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\Documents and Settings\Mom\Start Menu\Programs\Startup\findfast.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\Mom\Start Menu\Programs\Startup\findfast.exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\user\Application Data\printer.exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\Documents and Settings\user\Application Data\printer.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\user\Application Data\printer.exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast .exe.vir
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast.exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\user\Start Menu\Programs\Startup\findfast.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\3269.exe.vir
Infected with: Trojan.Obfus.Gen

C:\QooBox\Quarantine\C\Program Files\3269.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\3269.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\AIM6\aim6.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\AIM6\aim6.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\AIM6\aim6.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\AOL\1140083713\EE\AOLSoftware.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Common Files\AOL\1140083713\EE\AOLSoftware.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Common Files\AOL\1140083713\EE\AOLSoftware.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\AOL\IPHSend\IPHSend.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Common Files\AOL\IPHSend\IPHSend.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Common Files\AOL\IPHSend\IPHSend.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Helper\Helper9.dll.vir
Infected with: Trojan.Downloader.BHO.NXV

C:\QooBox\Quarantine\C\Program Files\Helper\Helper9.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Helper\Helper9.dll.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\PowerISO\PWRISOVM.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\PowerISO\PWRISOVM.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\PowerISO\PWRISOVM.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Verizon Online\Help Support\VERIZO~1.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Verizon Online\Help Support\VERIZO~1.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Verizon Online\Help Support\VERIZO~1.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Yahoo!\Search Protection\SearchProtection.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Yahoo!\Search Protection\SearchProtection.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Yahoo!\Search Protection\SearchProtection.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\lsass .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\lsass .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\lsass .exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\lsass .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\lsass .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\lsass .exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\lsass.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\lsass.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\lsass.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir
Infected with: Generic.Dld.Alpha.06F0A39A

C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\shell.exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\WINDOWS\shell.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\shell.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\awtqpol.dll.vir
Infected with: Trojan.Vundo.DVO

C:\QooBox\Quarantine\C\WINDOWS\system32\awtqpol.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\awtqpol.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcaxwx.dll.vir
Infected with: Trojan.Vundo.DVO

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcaxwx.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcaxwx.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\efccabc.dll.vir
Infected with: Trojan.Vundo.DVO

C:\QooBox\Quarantine\C\WINDOWS\system32\efccabc.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\efccabc.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\fiajhhku.dll.vir
Infected with: Trojan.Vundo.DUP

C:\QooBox\Quarantine\C\WINDOWS\system32\fiajhhku.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\fiajhhku.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\fuhwlggm.exe.vir
Infected with: Trojan.Fotomoto.H

C:\QooBox\Quarantine\C\WINDOWS\system32\fuhwlggm.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\fuhwlggm.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfe.dll.vir
Infected with: Trojan.Vundo.DVD

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfe.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfe.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfe.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfe.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfe.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\nmiycxim.dll.vir
Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\nmiycxim.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\nmiycxim.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\oxbwhdvh.dll.vir
Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\oxbwhdvh.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\oxbwhdvh.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\printer .exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\WINDOWS\system32\printer .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\printer .exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\printer.exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\WINDOWS\system32\printer.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\printer.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\RCX48.tmp.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\system32\RCX48.tmp.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\RCX48.tmp.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\rovwjmqs.dll.vir
Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\rovwjmqs.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\rovwjmqs.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\rqrrqrr.dll.vir
Infected with: Trojan.Vundo.DVO

C:\QooBox\Quarantine\C\WINDOWS\system32\rqrrqrr.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\rqrrqrr.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\sgnuqoxi.dll.vir
Infected with: Trojan.Vundo.DUP

C:\QooBox\Quarantine\C\WINDOWS\system32\sgnuqoxi.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\sgnuqoxi.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs .exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs .exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs.exe.vir
Infected with: Generic.Malware.SDYd!wdld.3DCD5AB6

C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\uqscvkvf.dll.vir
Infected with: Trojan.Vundo.DUP

C:\QooBox\Quarantine\C\WINDOWS\system32\uqscvkvf.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\uqscvkvf.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\vturs.exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\system32\vturs.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\vturs.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\winhoq32.dll.vir
Infected with: MemScan:Trojan.Mezzia.XC

C:\QooBox\Quarantine\C\WINDOWS\system32\winhoq32.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\wrmpcbjs.exe.vir
Infected with: Trojan.Fotomoto.H

C:\QooBox\Quarantine\C\WINDOWS\system32\wrmpcbjs.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\wrmpcbjs.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\xlibgfl254.dll.vir
Infected with: Generic.Malware.Yd!dldg.05675F51

C:\QooBox\Quarantine\C\WINDOWS\system32\xlibgfl254.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\xlibgfl254.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\Temp\win79 .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\Temp\win79 .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\Temp\win79 .exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\Temp\win79 .exe.vir
Infected with: Trojan.Dropper.Vundo.D

C:\QooBox\Quarantine\C\WINDOWS\Temp\win79 .exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\Temp\win79 .exe.vir
Deleted

C:\QooBox\Quarantine\catchme2008-01-07_193811.98.zip=>rqrrqrr.dll
Infected with: Trojan.Vundo.DVO

C:\QooBox\Quarantine\catchme2008-01-07_193811.98.zip=>rqrrqrr.dll
Disinfection failed

C:\QooBox\Quarantine\catchme2008-01-07_193811.98.zip=>rqrrqrr.dll
Deleted

C:\QooBox\Quarantine\catchme2008-01-07_193811.98.zip
Updated

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP356\A0080847.exe
Infected with: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP356\A0080847.exe
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP356\A0080847.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP356\A0080848.exe
Infected with: Trojan.Dropper.Vundo.D

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP356\A0080848.exe
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP356\A0080848.exe
Deleted

C:\WINDOWS\system32\drvkax.dll
Infected with: MemScan:Trojan.Virtumonde.IN

C:\WINDOWS\system32\drvkax.dll
Disinfection failed

C:\WINDOWS\system32\drvkax.dll
Deleted

C:\WINDOWS\system32\drvzog.dll
Infected with: MemScan:Trojan.Virtumonde.IN

C:\WINDOWS\system32\drvzog.dll
Disinfection failed

C:\WINDOWS\system32\drvzog.dll
Deleted

C:\WINDOWS\system32\OLD4CE.tmp
Infected with: Trojan.Dropper.Vundo.D

C:\WINDOWS\system32\OLD4CE.tmp
Disinfection failed

C:\WINDOWS\system32\OLD4CE.tmp
Deleted


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:24 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe
C:\Program Files\PowerISO\PWRISOVM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14868 bytes











0

Response Number 9
Name: jabuck
Date: January 7, 2008 at 03:32:13 Pacific
Reply:

Navigate to and delete this folder:

C:\QooBox

Your java is out of date and can be exploited.
Download the latest version of java from this link Java
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


0

Response Number 10
Name: alexp
Date: January 7, 2008 at 18:13:30 Pacific
Reply:

WOOOW, the computer is running just like it did before i got this, actually slightly faster, i ran spy sweeper again and only a few cookies were found no spyware or trojans, this is amazing

idk how to truly thank you, u did myself a great favor by helping me, THANK YOU SOO MUCH!!!! ur a lifesaver


0

Response Number 11
Name: jabuck
Date: January 7, 2008 at 19:01:27 Pacific
Reply:

Glad we could help.


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: trojan agent winlogonhook help!
Trojan agent Winlogonhook need help www.computing.net/answers/security/trojan-agent-winlogonhook-need-help/19321.html

Trojan agent Winlogonhook! www.computing.net/answers/security/trojan-agent-winlogonhook/18073.html

Trojan Agent Winlogonhook- uy0z74ii www.computing.net/answers/security/trojan-agent-winlogonhook-uy0z74ii/19208.html