Hi again,
Below is the Kaspersky log and HJT log.
I've uninstalled the old Java and installed the new.
I discovered that I had only placed a shortcut to HJT in the HJT folder, so I had to cut and paste it from the VIPGeek folder to the HJT folder.
The computer is running nicely now. You eliminated the error messages at start up that the tech I
paid couldn't get rid of! What a wonderful job you did!!!
Unfortunately Kaspersky says it found 35 viruses.
I did uninstall Viewpoint Media Player, but there is still a folder in Program Files. Should I delete that too? Here are the contents
[attachment=10514:attachment]
Once again, I can't thank you enough for your help. I will be home tomorrow, so I will try to respond to your posts more quickly.... after I mow the lawn, do the laundry, brush the dog etc.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 01, 2006 6:41:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/09/2006
Kaspersky Anti-Virus database records: 220099
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
K:\
M:\
N:\
O:\
Scan Statistics:
Total number of scanned objects: 107343
Number of viruses found: 35
Number of infected objects: 102 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:19:19
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05062006-080456.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Owner\triggers.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe/data0003 Infected: Trojan-Downloader.Win32.Agent.nj skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe/data0004/data0001 Infected: Trojan-Downloader.Win32.Agent.om skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe/data0004 Infected: Trojan-Downloader.Win32.Agent.om skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QMO2U91W\thin_poker_installer[1].exe NSIS: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WZQJ0DI1\thin_poker[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WZQJ0DI1\thin_poker[1].exe/data0003 Infected: Trojan-Downloader.Win32.Agent.nj skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WZQJ0DI1\thin_poker[1].exe NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CD7D4AA5-163C-44FE-B481-9FA0F8E4F45C} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006090120060902\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frA827 Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCD3F.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\AOL\ACS\US\forms.fdb Object is locked skipped
C:\Program Files\Common Files\AOL\ACS\US\static Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\qbpos.db Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\qbpos.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\data\My company\SvrMsgs20060901QBPR AT5QGAAC3Z my company.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\qbpos.db Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\qbpos.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 4.0\practice\Al's Sports Hut\SvrMsgs20060901QBPP AT5QGAAC3Z Al's Sports Hut.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP335\A0198512.exe Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP344\A0198659.exe Infected: not-a-virus:AdWare.Win32.PurityScan.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP345\A0198689.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP345\A0198691.dll Infected: not-a-virus:AdWare.Win32.DealHelper.j skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP345\A0198692.exe Infected: not-a-virus:AdWare.Win32.DealHelper.u skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP345\A0198693.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP356\A0198926.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP376\A0199717.exe Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP376\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.PurityScan.et skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199752.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199754.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199755.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199760.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199761.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199762.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199764.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199765.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199766.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199767.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199768.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199769.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199770.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199771.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199774.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199778.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199779.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199780.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199782.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP378\A0199783.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP379\A0199874.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP379\A0199875.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP379\A0199879.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP379\A0199880.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP380\A0199898.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199932.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199932.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199932.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199933.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199933.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP381\A0199933.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP383\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\greenuns.exe Infected: Trojan-Downloader.Win32.Vivia.y skipped
C:\WINDOWS\msnavpklog.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{574EC2E0-D08B-420B-82AF-6E5E791C4E4F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\ssqb.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\ssqb.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\ssqb.exe NSIS: infected - 2 skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\aisysUS.exe/data0002 Infected: Trojan-Downloader.Win32.Apropo.e skipped
C:\WINDOWS\system32\aisysUS.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\betterinternet.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\WINDOWS\system32\betterinternet.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\broadcastpc.exe/data0002 Infected: not-a-virus:AdWare.Win32.Broadcap.a skipped
C:\WINDOWS\system32\broadcastpc.exe/data0003/data0002 Infected: not-a-virus:AdWare.Win32.Broadcap.a skipped
C:\WINDOWS\system32\broadcastpc.exe/data0003 Infected: not-a-virus:AdWare.Win32.Broadcap.a skipped
C:\WINDOWS\system32\broadcastpc.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dmvlite.exe Infected: not-a-virus:AdWare.Win32.EZula.ah skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\horoscope.exe/data0001 Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\WINDOWS\system32\horoscope.exe AWInstall: infected - 1 skipped
C:\WINDOWS\system32\horoscope.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\mipch.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\WINDOWS\system32\mipch.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\mssysapps\betterinternet.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\WINDOWS\system32\mssysapps\betterinternet.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\mssysapps\webrebates.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\pdfgk.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\WINDOWS\system32\pdfgk.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\qjcfx.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\qjcfx.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\qjcfx.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\qjcfx.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\qjcfx.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\qjcfx.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\vertone.exe/data0002 Infected: Trojan-Downloader.Win32.Envolo.b skipped
C:\WINDOWS\system32\vertone.exe/data0004 Infected: Trojan-Downloader.Win32.Envolo.c skipped
C:\WINDOWS\system32\vertone.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\webrebates_installas.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\webrebates_installas.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\wrxuao.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\wrxuao.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\wrxuao.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\wrxuao.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\wrxuao.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\wrxuao.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\wtta.exe Infected: not-a-virus:AdWare.Win32.PurityScan.v skipped
C:\WINDOWS\temp\asat0000.tmp Object is locked skipped
C:\WINDOWS\temp\asat0001.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\woinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\WINDOWS\woinstall.exe WiseSFX: infected - 1 skipped
C:\WINDOWS\ΑppPatch\alg.exe Object is locked skipped
D:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP383\change.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 8:37:09 PM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\Common Files\Intuit\DatabaseServer\QBDBMgrN.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://yahoo.sbc.com/dialR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft....ink/?LinkId=488R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CheckHO Class - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/ (file missing)
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Cosmo Popup Blocker\TRReaderBar_.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplane...DC_2.2.2.89.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBPOS Database Manager (QBPOSDBServices) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DatabaseServer\QBPOSDBService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe