Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with Spyware removal

Started by Fernandez , Nov 10 2006 02:56 PM

  • Please log in to reply

#1
Fernandez
Posted 10 November 2006 - 02:56 PM

Fernandez

    Member

  • Member
  • PipPip
  • 13 posts
Dear Geeks to go helper,

I have been having balloon popups from winantivirus 2006 and sometimes internet explorer launches the amoena.com website. I have tried everything out there to remove these things. I have already done the suggested cleanings in geekstogo.com prior to posting the hijackthis log. I appreciate any help that can be provided. Thanks


Here is my Panda Activescan log:

Incident Status Location

Dialer:Dialer.IBW Not disinfected C:\WINDOWS\TEMP\idd29.tmp.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ctkebooy.dll
Adware:adware/securityerror Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Favorites\Antivirus Test Online.url
Possible Virus. Not disinfected C:\dell\Utilities\DSR\demo\DEMO.EXE
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[a.as-us.falkag.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.advertising.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[fe.lea.lycos.es/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.overture.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.revenue.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[server.iad.liveperson.net/hc/28226237]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla\Firefox\Profiles\oixbpq7c.default\cookies.txt[www.drivecleaner.com/.freeware/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Desktop\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Desktop\SmitfraudFix\swsc.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\wlzip32[1].exe[²ÜÇ\nsProcess.dll]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\wlzip32[1].exe[¦++\{²íÇ}\Update.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\wlzip32[1].exe[¦++\{²íÇ}\services.dll]
Potentially unwanted tool:Application/MonacoGoldCasino Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\srvfhd[1].exe
Potentially unwanted tool:Application/MonacoGoldCasino Not disinfected C:\Documents and Settings\FERNANDEZ FAMILY\Local Settings\Temporary Internet Files\Content.IE5\W5Q74TU7\srvbil[1].exe
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Program Files\VSAdd-in\VSAdd-in.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-4137721591-1095201728-3533046941-1006\Dc6.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-4137721591-1095201728-3533046941-1006\Dc6.zip[SmitfraudFix/swsc.exe]
Possible Virus. Not disinfected C:\VundoFix Backups\gebyx.dll.bad
Possible Virus. Not disinfected C:\WINDOWS\system32\components\flx7.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ctjcauro.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ivcctfoo.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\nnnlmlj.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\opnnllj.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\riykhhob.exe
Dialer:Dialer.IBW Not disinfected C:\WINDOWS\Temp\idd270.tmp.exe
Dialer:Dialer.IBW Not disinfected C:\WINDOWS\Temp\idd2A7.tmp.exe
Dialer:Dialer.IBW Not disinfected C:\WINDOWS\Temp\idd301.tmp.exe
Dialer:Dialer.IBW Not disinfected C:\WINDOWS\Temp\idd36.tmp.exe
Dialer:Dialer.IBW Not disinfected C:\WINDOWS\Temp\idd7.tmp.exe
Potentially unwanted tool:Application/MonacoGoldCasino Not disinfected C:\WINDOWS\Temp\win17.tmp.exe
Potentially unwanted tool:Application/MonacoGoldCasino Not disinfected C:\WINDOWS\Temp\win26F.tmp.exe
Potentially unwanted tool:Application/MonacoGoldCasino Not disinfected C:\WINDOWS\Temp\win28.tmp.exe
Potentially unwanted tool:Application/MonacoGoldCasino Not disinfected C:\WINDOWS\Temp\win2A6.tmp.exe
Potentially unwanted tool:Application/MonacoGoldCasino Not disinfected C:\WINDOWS\Temp\win35.tmp.exe
Virus:Trj/Zapchast.I Not disinfected E:\Programs\Utilities\MailPassView.exe

This is the log from Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 9:52:32 PM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\TEMP\idd29.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\idd270.tmp.exe
C:\WINDOWS\TEMP\idd301.tmp.exe
C:\WINDOWS\TEMP\idd4B1.tmp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\FERNANDEZ FAMILY\Desktop\cojonudo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {3E011378-3ADD-6654-E8B9-03DEED635178} - (no file)
O2 - BHO: (no name) - {65B3DE7E-BE40-498F-8B60-EE6BAD1745AB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {DBBE64D5-5773-45C7-9E52-97EADA05AC39} - C:\WINDOWS\system32\awvtr.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ctkebooy.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvec.dll,startup
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163176859750
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

Advertisements

#2
Wizard
Posted 10 November 2006 - 05:05 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Fernandez and Welcome to GeekstoGo!


I need to see a couple of files from your system,please.

Navigate to this Upload Site and upload the 2 files listed below

C:\WINDOWS\system32\components\flx7.dll

E:\Programs\Utilities\MailPassView.exe


Look in Add\Remove Programs and Remove VSAdd-in if found.


Please download Combofix to your Root Drive C:\ but dont run it just yet.
http://download.blee...Bs/combofix.exe


Next,please run these tools in the order I specify and please be sure you are disconnected from the Internet until you are ready to post back with the logs I ask for.


Please download and Run the ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


  • Double-click VundoFix.exe to run it again.
  • Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the entries below into the open boxes
    • C:\WINDOWS\system32\ctkebooy.dll
    • C:\WINDOWS\system32\awvtr.dll
    • C:\WINDOWS\SYSTEM32\winxtx32.dll
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.

Once VundoFix has rebooted the machine,Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt



Please post the contents of C:\vundofix.txt--> combofix.txt and a new HiJackThis log.


After posting those 3 logs,please restart the PC in Safe Mode (Tap F8 when restarting) and be sure Windows is Showing Hidden Files
http://www.bleepingc...al62.html#winxp


Search for and Delete the following,please:

C:\Documents and Settings\FERNANDEZ FAMILY\Favorites\Antivirus Test Online.url<-- File

C:\WINDOWS\system32\ctjcauro.exe<-- File

C:\WINDOWS\system32\ivcctfoo.exe<-- File

C:\WINDOWS\system32\nnnlmlj.dll<-- File

C:\WINDOWS\system32\opnnllj.dll<-- File

C:\WINDOWS\system32\riykhhob.exe<-- File

C:\Program Files\VSAdd-in<-- Folder


While you are in Safe Mode,I want you to manually inspect and empty out all Temp files on this system.

This is just a precaution but I prefer to do it this way.


Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself)

C:\Temp

C:\Windows\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\FERNANDEZ FAMILY\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"


If you dont find a folder labeled Temp in the location specified,move onto the next.


Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)


Open FireFox,
Select Tools,
Select Options,
Select Advanced,
Click the Clear tab for all items except Saved Passwords


Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)


Restart Normal and have the files I asked you to submit,scanned Here


C:\WINDOWS\system32\components\flx7.dll

E:\Programs\Utilities\MailPassView.exe


Save the results from Virus Total to Notepad and post them back here,please.
  • 0

#3
Fernandez
Posted 11 November 2006 - 03:10 PM

Fernandez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Dear Cretemonster,

First of all, thank you very much for your help. I hope that we can get this annoying thing off my laptop. I went ahead and did what you suggested and here are the logs:


COMBOFIX LOG



FERNANDEZ FAMILY - 06-11-11 21:54:47.06 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{34202B06-063C-1033-0728-060001}


((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-11-11 20:02 110,612 --a------ C:\WINDOWS\system32\byyprlft.exe
2006-11-10 22:24 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-10 16:13 110,612 --a------ C:\WINDOWS\system32\ivcctfoo.exe
2006-11-10 00:03 110,612 --a------ C:\WINDOWS\system32\riykhhob.exe
2006-11-09 01:55 40,973 ---hs---- C:\WINDOWS\system32\opnnllj.dll
2006-11-09 01:06 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-09 00:03 110,612 --a------ C:\WINDOWS\system32\ctjcauro.exe
2006-11-08 23:57 40,973 ---hs---- C:\WINDOWS\system32\nnnlmlj.dll
2006-11-08 23:57 101,888 --a------ C:\WINDOWS\system32\drvvec.dll
2006-11-08 20:10 277,182 --a------ C:\combofix.exe
2006-11-07 12:27 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-07 12:27 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-25 21:31 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-10-25 21:31 3,051,520 --------- C:\WINDOWS\UNNeroVision.exe
2006-10-25 21:31 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-10-25 20:55 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-10-25 20:55 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-10-25 20:55 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-10-25 20:55 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-10-25 20:55 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-10-25 20:55 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-25 20:55 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-10-25 20:55 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2006-10-25 20:55 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-10-24 21:25 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-24 01:33 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-10-24 01:33 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-10-24 01:33 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-10-22 17:46 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-18 22:47 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-18 22:47 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-18 22:47 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-18 22:47 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-18 22:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-18 01:33 23,040 --------- C:\WINDOWS\kb913800.exe
2006-10-17 15:19 2,353,981 --a------ C:\WINDOWS\UninsTG.exe
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 09:16 88 -r-hs---- C:\WINDOWS\system32\451AEEA8AD.sys
2006-10-17 09:16 3,766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 21:55 -------- d-------- C:\Program Files\Common Files
2006-11-11 21:34 -------- d-------- C:\Program Files\FlashGet
2006-11-11 21:23 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-11 03:01 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-10 18:58 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 18:57 -------- d-------- C:\Program Files\Digital Line Detect
2006-11-10 17:50 -------- d-------- C:\Program Files\Lavasoft
2006-11-10 03:27 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\uTorrent
2006-11-09 23:43 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Security Alert
2006-11-09 18:49 -------- d-------- C:\Program Files\RA Tradewinds Legends v1.0 T.D.H.Legend
2006-11-09 02:30 -------- d-------- C:\Program Files\Opera
2006-11-09 02:30 -------- d-------- C:\Program Files\%ramdrv%Opera
2006-11-09 02:30 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Opera
2006-11-09 02:29 -------- d---s---- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Microsoft
2006-11-09 01:46 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Lavasoft
2006-11-09 00:37 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-11-09 00:30 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-09 00:03 -------- d-------- C:\Program Files\VSAdd-in
2006-11-08 18:36 -------- d-------- C:\Program Files\eMule
2006-11-08 16:29 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\PlayFirst
2006-11-08 16:29 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Macromedia
2006-11-07 21:02 191 --a------ C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2006-11-07 12:27 -------- d-------- C:\Program Files\4Musics OGG to WAV Converter
2006-11-02 09:28 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-30 18:25 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Apple Computer
2006-10-30 12:44 -------- d-------- C:\Program Files\RapidCheck
2006-10-29 03:11 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\BitTorrent
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-27 02:22 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Ahead
2006-10-26 13:35 -------- d-------- C:\Program Files\BitTorrent
2006-10-26 01:09 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Otto
2006-10-25 21:31 -------- d-------- C:\Program Files\Ahead
2006-10-25 21:31 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\CyberLink
2006-10-25 20:55 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-25 18:41 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Sonic
2006-10-25 18:29 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Leadertech
2006-10-25 18:05 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-24 18:41 -------- d-------- C:\Program Files\Yahoo!
2006-10-24 16:30 -------- d-------- C:\Program Files\Windows Media Player
2006-10-24 01:37 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Help
2006-10-24 01:32 -------- d-------- C:\Program Files\Won
2006-10-24 01:32 -------- d-------- C:\Program Files\Sierra On-Line
2006-10-22 12:25 -------- d-------- C:\Program Files\Apple Software Update
2006-10-21 20:35 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Real
2006-10-21 20:30 -------- d-------- C:\Program Files\Common Files\xing shared
2006-10-21 20:29 -------- d-------- C:\Program Files\Common Files\Real
2006-10-21 19:51 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\DivX
2006-10-21 19:50 -------- d-------- C:\Program Files\DivX
2006-10-21 13:22 -------- d-------- C:\Program Files\BAE
2006-10-20 20:49 -------- d-------- C:\Program Files\uTorrent
2006-10-20 17:34 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\AdobeUM
2006-10-18 02:57 -------- d-------- C:\Program Files\IrfanView
2006-10-17 14:42 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Adobe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 09:16 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Corel Photo Album
2006-10-17 05:21 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Sun
2006-10-17 02:35 -------- d-------- C:\Program Files\directx
2006-10-17 02:28 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-17 00:50 -------- d-------- C:\Program Files\Dell Support
2006-10-17 00:45 -------- d-------- C:\Program Files\QuickTime
2006-10-17 00:42 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-18 15:08 -------- d-------- C:\Program Files\Dell
2006-09-18 15:07 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-09-18 15:06 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-09-18 15:06 -------- d-------- C:\Program Files\Microsoft Small Business
2006-09-18 15:06 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-09-18 15:04 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-18 15:02 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-18 15:02 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-18 15:02 -------- d-------- C:\Program Files\Microsoft Office
2006-09-18 15:02 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-18 15:02 -------- d-------- C:\Program Files\Common Files\System
2006-09-18 15:02 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-18 15:01 -------- d-------- C:\Program Files\Microsoft Works
2006-09-18 15:01 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-18 15:01 -------- d-------- C:\Program Files\Adobe
2006-09-18 14:58 -------- d-------- C:\Program Files\Google
2006-09-18 14:56 -------- d-------- C:\Program Files\Trend Micro
2006-09-18 14:55 -------- d-------- C:\Program Files\Corel Corporation
2006-09-18 14:55 -------- d-------- C:\Program Files\Corel
2006-09-18 14:55 -------- d-------- C:\Program Files\Common Files\Corel
2006-09-18 14:53 -------- d-------- C:\Program Files\MUSICMATCH
2006-09-18 14:51 -------- d-------- C:\Program Files\Symantec
2006-09-18 14:51 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Symantec
2006-09-18 14:50 -------- d--h----- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Gtek
2006-09-18 14:50 -------- d-------- C:\Program Files\WebCyberCoach
2006-09-18 14:49 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-18 14:48 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-09-18 14:48 -------- d-------- C:\Program Files\Viewpoint
2006-09-18 14:48 -------- d-------- C:\Program Files\Real
2006-09-18 14:48 -------- d-------- C:\Program Files\Learn2.com
2006-09-18 14:48 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-18 14:46 -------- d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2006-09-18 14:46 -------- d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2006-09-18 14:45 -------- d-------- C:\Program Files\CyberLink
2006-09-18 14:44 -------- d-------- C:\Program Files\Synaptics
2006-09-18 14:44 -------- d-------- C:\Program Files\NetWaiting
2006-09-18 14:44 -------- d-------- C:\Program Files\Modem Helper
2006-09-18 14:44 -------- d-------- C:\Program Files\Broadcom
2006-09-18 14:41 -------- d-------- C:\Program Files\Sigmatel
2006-09-18 14:41 -------- d-------- C:\Program Files\CONEXANT
2006-09-18 14:39 -------- d-------- C:\Program Files\Outlook Express
2006-09-18 14:37 -------- d-------- C:\Program Files\Messenger
2006-09-18 14:36 -------- d-------- C:\Program Files\Java
2006-09-18 14:36 -------- d-------- C:\Program Files\Common Files\Java
2006-09-13 06:01 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 00:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 00:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvvec.dll,startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-11 21:55:19.40
C:\ComboFix.txt ... 06-11-11 21:55




VUNDOFIX LOG



VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Scan started at 3:50:19 PM 11/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\wttwblj.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\wttwblj.dll
C:\WINDOWS\system32\wttwblj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gebyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.bak2 Has been deleted
Performing Repairs to the registry.
Done!



VUNDOFIX LOG



VundoFix V6.2.8

Checking Java version...

Java version is 1.5.0.6

Scan started at 9:36:17 PM 11/11/2006

Listing files found while scanning....

C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvtr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ctkebooy.dll
C:\WINDOWS\system32\ctkebooy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\winxtx32.dll
C:\WINDOWS\SYSTEM32\winxtx32.dll Has been deleted!

Performing Repairs to the registry.
Done!




HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 10:02:19 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\FERNANDEZ FAMILY\Desktop\cojonudo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {312A263B-DA45-4771-8D6F-EAF80AB69BBD} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)
O2 - BHO: (no name) - {3E011378-3ADD-6654-E8B9-03DEED635178} - (no file)
O2 - BHO: (no name) - {65B3DE7E-BE40-498F-8B60-EE6BAD1745AB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ctkebooy.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvec.dll,startup
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163176859750
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#4
Wizard
Posted 11 November 2006 - 03:40 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {312A263B-DA45-4771-8D6F-EAF80AB69BBD} - C:\WINDOWS\system32\awvtr.dll (file missing)

O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - (no file)

O2 - BHO: (no name) - {3E011378-3ADD-6654-E8B9-03DEED635178} - (no file)

O2 - BHO: (no name) - {65B3DE7E-BE40-498F-8B60-EE6BAD1745AB} - (no file)

O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ctkebooy.dll (file missing)

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvec.dll,startup

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Restart in Safe Mode--> Search for and delete:

C:\WINDOWS\system32\byyprlft.exe<-- File

C:\WINDOWS\system32\ivcctfoo.exe<-- File

C:\WINDOWS\system32\riykhhob.exe<-- File

C:\WINDOWS\system32\ctjcauro.exe<-- File

C:\Program FilesVSAdd-in<-- Folder


Still in safe mode--> Click Start--> Click Run--> Copy&Paste the bold text below into the open Run box and Click OK.

%systemdrive%\combofix.exe /v opnnllj nnnlmlj drvvec


Let ComboFix run and do its thing,be sure to save the log it generates.


Restart Normal and post back with a fresh HijackThis log and the log from combofix.


Were you able to find the files I asked for?


After you post those 2 logs,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#5
Fernandez
Posted 11 November 2006 - 04:46 PM

Fernandez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Dear Cretemaster,

In regards to the files, I did not notice that I had a CD in my E: at the time and that is why it appeared. In regards to the flx7.dll, I can not find it. Also, the balloon popup is no longer appearing. I guess those are good news. I am now going to run the F-secure scan. Here are the new logs:


HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 11:37:17 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\FERNANDEZ FAMILY\Desktop\cojonudo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163176859750
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



COMBOFIX LOG




FERNANDEZ FAMILY - 06-11-11 23:33:46.50 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\"
Command switches used :: /v opnnllj nnnlmlj drvvec

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drvvec.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-11-10 22:24 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-09 01:06 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-08 20:10 277,182 --a------ C:\combofix.exe
2006-11-07 12:27 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-07 12:27 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-25 21:31 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-10-25 21:31 3,051,520 --------- C:\WINDOWS\UNNeroVision.exe
2006-10-25 21:31 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-10-25 20:55 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-10-25 20:55 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-10-25 20:55 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-10-25 20:55 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-10-25 20:55 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-10-25 20:55 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-25 20:55 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-10-25 20:55 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2006-10-25 20:55 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-10-24 21:25 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-24 01:33 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-10-24 01:33 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-10-24 01:33 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-10-22 17:46 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-18 22:47 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-18 22:47 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-18 22:47 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-18 22:47 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-18 22:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-18 01:33 23,040 --------- C:\WINDOWS\kb913800.exe
2006-10-17 15:19 2,353,981 --a------ C:\WINDOWS\UninsTG.exe
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 09:16 88 -r-hs---- C:\WINDOWS\system32\451AEEA8AD.sys
2006-10-17 09:16 3,766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 23:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-11 21:55 -------- d-------- C:\Program Files\Common Files
2006-11-11 21:34 -------- d-------- C:\Program Files\FlashGet
2006-11-11 03:01 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-10 18:58 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 18:57 -------- d-------- C:\Program Files\Digital Line Detect
2006-11-10 17:50 -------- d-------- C:\Program Files\Lavasoft
2006-11-10 03:27 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\uTorrent
2006-11-09 23:43 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Security Alert
2006-11-09 18:49 -------- d-------- C:\Program Files\RA Tradewinds Legends v1.0 T.D.H.Legend
2006-11-09 02:30 -------- d-------- C:\Program Files\Opera
2006-11-09 02:30 -------- d-------- C:\Program Files\%ramdrv%Opera
2006-11-09 02:30 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Opera
2006-11-09 02:29 -------- d---s---- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Microsoft
2006-11-09 01:46 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Lavasoft
2006-11-09 00:37 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-11-09 00:30 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-08 18:36 -------- d-------- C:\Program Files\eMule
2006-11-08 16:29 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\PlayFirst
2006-11-08 16:29 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Macromedia
2006-11-07 21:02 191 --a------ C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2006-11-07 12:27 -------- d-------- C:\Program Files\4Musics OGG to WAV Converter
2006-11-02 09:28 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-30 18:25 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Apple Computer
2006-10-30 12:44 -------- d-------- C:\Program Files\RapidCheck
2006-10-29 03:11 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\BitTorrent
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-27 02:22 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Ahead
2006-10-26 13:35 -------- d-------- C:\Program Files\BitTorrent
2006-10-26 01:09 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Otto
2006-10-25 21:31 -------- d-------- C:\Program Files\Ahead
2006-10-25 21:31 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\CyberLink
2006-10-25 20:55 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-25 18:41 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Sonic
2006-10-25 18:29 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Leadertech
2006-10-25 18:05 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-24 18:41 -------- d-------- C:\Program Files\Yahoo!
2006-10-24 16:30 -------- d-------- C:\Program Files\Windows Media Player
2006-10-24 01:37 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Help
2006-10-24 01:32 -------- d-------- C:\Program Files\Won
2006-10-24 01:32 -------- d-------- C:\Program Files\Sierra On-Line
2006-10-22 12:25 -------- d-------- C:\Program Files\Apple Software Update
2006-10-21 20:35 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Real
2006-10-21 20:30 -------- d-------- C:\Program Files\Common Files\xing shared
2006-10-21 20:29 -------- d-------- C:\Program Files\Common Files\Real
2006-10-21 19:51 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\DivX
2006-10-21 19:50 -------- d-------- C:\Program Files\DivX
2006-10-21 13:22 -------- d-------- C:\Program Files\BAE
2006-10-20 20:49 -------- d-------- C:\Program Files\uTorrent
2006-10-20 17:34 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\AdobeUM
2006-10-18 02:57 -------- d-------- C:\Program Files\IrfanView
2006-10-17 14:42 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Adobe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 09:16 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Corel Photo Album
2006-10-17 05:21 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Sun
2006-10-17 02:35 -------- d-------- C:\Program Files\directx
2006-10-17 02:28 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-17 00:50 -------- d-------- C:\Program Files\Dell Support
2006-10-17 00:45 -------- d-------- C:\Program Files\QuickTime
2006-10-17 00:42 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Mozilla
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-18 15:08 -------- d-------- C:\Program Files\Dell
2006-09-18 15:07 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-09-18 15:06 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-09-18 15:06 -------- d-------- C:\Program Files\Microsoft Small Business
2006-09-18 15:06 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-09-18 15:04 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-18 15:02 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-18 15:02 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-18 15:02 -------- d-------- C:\Program Files\Microsoft Office
2006-09-18 15:02 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-18 15:02 -------- d-------- C:\Program Files\Common Files\System
2006-09-18 15:02 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-18 15:01 -------- d-------- C:\Program Files\Microsoft Works
2006-09-18 15:01 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-18 15:01 -------- d-------- C:\Program Files\Adobe
2006-09-18 14:58 -------- d-------- C:\Program Files\Google
2006-09-18 14:56 -------- d-------- C:\Program Files\Trend Micro
2006-09-18 14:55 -------- d-------- C:\Program Files\Corel Corporation
2006-09-18 14:55 -------- d-------- C:\Program Files\Corel
2006-09-18 14:55 -------- d-------- C:\Program Files\Common Files\Corel
2006-09-18 14:53 -------- d-------- C:\Program Files\MUSICMATCH
2006-09-18 14:51 -------- d-------- C:\Program Files\Symantec
2006-09-18 14:51 -------- d-------- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Symantec
2006-09-18 14:50 -------- d--h----- C:\Documents and Settings\FERNANDEZ FAMILY\Application Data\Gtek
2006-09-18 14:50 -------- d-------- C:\Program Files\WebCyberCoach
2006-09-18 14:49 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-18 14:48 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-09-18 14:48 -------- d-------- C:\Program Files\Viewpoint
2006-09-18 14:48 -------- d-------- C:\Program Files\Real
2006-09-18 14:48 -------- d-------- C:\Program Files\Learn2.com
2006-09-18 14:48 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-18 14:46 -------- d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2006-09-18 14:46 -------- d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2006-09-18 14:45 -------- d-------- C:\Program Files\CyberLink
2006-09-18 14:44 -------- d-------- C:\Program Files\Synaptics
2006-09-18 14:44 -------- d-------- C:\Program Files\NetWaiting
2006-09-18 14:44 -------- d-------- C:\Program Files\Modem Helper
2006-09-18 14:44 -------- d-------- C:\Program Files\Broadcom
2006-09-18 14:41 -------- d-------- C:\Program Files\Sigmatel
2006-09-18 14:41 -------- d-------- C:\Program Files\CONEXANT
2006-09-18 14:39 -------- d-------- C:\Program Files\Outlook Express
2006-09-18 14:37 -------- d-------- C:\Program Files\Messenger
2006-09-18 14:36 -------- d-------- C:\Program Files\Java
2006-09-18 14:36 -------- d-------- C:\Program Files\Common Files\Java
2006-09-13 06:01 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 00:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 00:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SigmatelSysTrayApp"="stsystra.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-11 23:35:32.43
C:\ComboFix.txt ... 06-11-11 23:35
C:\ComboFix2.txt ... 06-11-11 21:55
  • 0

#6
Wizard
Posted 11 November 2006 - 04:49 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I still want that file--> E:\Programs\Utilities\MailPassView.exe

It will assist me in some research im doing.

If its a true reflection of the files nature,then I suggest checking that whole disc you say was loaded in the CD Rom while the Panada Scan was running.
  • 0

#7
Fernandez
Posted 11 November 2006 - 05:13 PM

Fernandez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Dear Cretemonster,

This is what happened, when I noticed that the file was from the E:, I took the CD out and did all the steps you recommended. I have inserted it back in and I went ahead and uploaded both of them into virustotal. I am currently running the F-secure online scan.

Here are the results:

Complete scanning result of "flx7.dll", received in VirusTotal at 11.12.2006, 00:07:27 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.39 11.10.2006 no virus found
Authentium 4.93.8 11.10.2006 no virus found
Avast 4.7.892.0 11.09.2006 no virus found
AVG 386 11.11.2006 no virus found
BitDefender 7.2 11.11.2006 no virus found
CAT-QuickHeal 8.00 11.11.2006 no virus found
ClamAV devel-20060426 11.11.2006 no virus found
DrWeb 4.33 11.11.2006 no virus found
eTrust-InoculateIT 23.73.52 11.11.2006 no virus found
eTrust-Vet 30.3.3186 11.10.2006 no virus found
Ewido 4.0 11.11.2006 no virus found
Fortinet 2.82.0.0 11.11.2006 no virus found
F-Prot 3.16f 11.10.2006 no virus found
F-Prot4 4.2.1.29 11.10.2006 no virus found
Ikarus 0.2.65.0 11.10.2006 no virus found
Kaspersky 4.0.2.24 11.11.2006 no virus found
McAfee 4893 11.10.2006 no virus found
Microsoft 1.1609 11.11.2006 no virus found
NOD32v2 1862 11.10.2006 no virus found
Norman 5.80.02 11.10.2006 no virus found
Panda 9.0.0.4 11.11.2006 no virus found
Sophos 4.11.0 11.07.2006 no virus found
TheHacker 6.0.1.116 11.09.2006 no virus found
UNA 1.83 11.10.2006 no virus found
VBA32 3.11.1 11.10.2006 no virus found
VirusBuster 4.3.15:9 11.11.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709





Complete scanning result of "MailPassView.exe", received in VirusTotal at 11.12.2006, 00:00:37 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.39 11.10.2006 no virus found
Authentium 4.93.8 11.10.2006 no virus found
Avast 4.7.892.0 11.09.2006 Win32:Trojan-gen. {UPX!}
AVG 386 11.11.2006 no virus found
BitDefender 7.2 11.11.2006 Trojan.Zapchas.F
CAT-QuickHeal 8.00 11.11.2006 PSWTool.MailPassView.130 (Not a Virus)
ClamAV devel-20060426 11.11.2006 no virus found
DrWeb 4.33 11.11.2006 no virus found
eTrust-InoculateIT 23.73.52 11.11.2006 no virus found
eTrust-Vet 30.3.3186 11.10.2006 no virus found
Ewido 4.0 11.11.2006 Not-A-Virus.PSWTool.Win32.MailPassView.130
Fortinet 2.82.0.0 11.11.2006 Misc/Passview
F-Prot 3.16f 11.10.2006 no virus found
F-Prot4 4.2.1.29 11.10.2006 W32/PWStealer.DV
Ikarus 0.2.65.0 11.10.2006 no virus found
Kaspersky 4.0.2.24 11.11.2006 not-a-virus:PSWTool.Win32.MailPassView.130
McAfee 4893 11.10.2006 potentially unwanted program PWCrack-PassView
Microsoft 1.1609 11.11.2006 no virus found
NOD32v2 1862 11.10.2006 no virus found
Norman 5.80.02 11.10.2006 no virus found
Panda 9.0.0.4 11.11.2006 Trj/Zapchast.I
Sophos 4.11.0 11.07.2006 no virus found
TheHacker 6.0.1.116 11.09.2006 Trojan/MailPassView.130
UNA 1.83 11.10.2006 no virus found
VBA32 3.11.1 11.10.2006 no virus found
VirusBuster 4.3.15:9 11.11.2006 no virus found

Aditional Information
File size: 41984 bytes
MD5: 22029742dcdd429b3904736ee99e3134
SHA1: d9bcbe33b11f0f118f05b961dcf1777bf5c5a732
packers: UPX
packers: UPX
  • 0

#8
Wizard
Posted 11 November 2006 - 05:21 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Thats fine,the folder that dll was in should be gone now that combofix has removed it.

Go ahead with the F Secure scan and post back when your ready.
  • 0

#9
Fernandez
Posted 11 November 2006 - 05:31 PM

Fernandez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Dear Cretemonster,

Here is the report from F-secure:


Scanning Report
Saturday, November 11, 2006 23:55:28 - 00:29:31

Computer name: D5Z12TB1
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 0 malware found
Statistics
Scanned:
Files: 25376
System: 4522
Not scanned: 5
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2006-11-10
F-Secure AVP: 7.0.171, 2006-11-10
F-Secure Orion: 1.2.37, 2006-11-10
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
  • 0

#10
Wizard
Posted 11 November 2006 - 05:43 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I like those results! :whistling:


Please Install these 2 to add to the Security of the PC

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements

#11
Fernandez
Posted 11 November 2006 - 06:28 PM

Fernandez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Dear Cretemonster,

I am trying to do the online scan from Kaspersky but I am having a little problem. When I click on the online scanner button, it directs me to a new window where it apparently tries to download the files it needs. The yellow bar comes up from the top to download Active X, and I accept it. Afterwards, nothing happens - it just stays with this screen:

Welcome to the Kaspersky Online Scanner! Use it to scan your PC for viruses and other malware for free
Warning: if you have installed Kaspersky Online Scanner BETA, please manually uninstall it using "Add/Remove Programs" before installing this version! Otherwise this version will not function correctly.

Benefits:


Kaspersky Anti-Virus exceptional detection rates and thorough scanning
Hourly AV database updates available each time the Online Scanner is launched
Heuristic analysis to detect unknown viruses
Simple installation (just click on a link)

It doesn't start downloading the files for Active X or give me any sort of link for the scan. What should I do?

Thanks
  • 0

#12
Wizard
Posted 11 November 2006 - 06:40 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Thats odd,lets see if this scanner works.

Please run the Bit Defender Online Scan
http://www.bitdefend...m/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here
  • 0

#13
Fernandez
Posted 11 November 2006 - 06:46 PM

Fernandez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Dear Cretemonster,

It is working now. This one seems to be a very lengthy scan. I will post the results when I get them.
  • 0

#14
Wizard
Posted 11 November 2006 - 06:48 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
:whistling: Thank You.
  • 0

#15
Fernandez
Posted 11 November 2006 - 07:34 PM

Fernandez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Dear Cretemonster,

Here is the report from Bitdefender.


BitDefender Online Scanner



Scan report generated at: Sun, Nov 12, 2006 - 02:28:38





Scan path: C:\;D:\;E:\;F:\;







Statistics

Time
00:44:04

Files
299410

Folders
4404

Boot Sectors
5

Archives
3701

Packed Files
33028




Results

Identified Viruses
4

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
7




Engines Info

Virus Definitions
313794

Engine build
AVCORE v1.0 (build 2355) (i386) (Sep 25 2006 13:46:24)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3A.tmp=>(Quarantine-4)
Infected with: Trojan.Klone.H

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3A.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3A.tmp=>(Quarantine-4)
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004596.dll
Infected with: Trojan.BHO.G

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004596.dll
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004596.dll
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004649.dll
Infected with: Trojan.Vundo.G

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004649.dll
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004649.dll
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004650.dll
Infected with: Trojan.Vundo.G

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004650.dll
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004650.dll
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004695.dll
Infected with: Trojan.Progminj.A

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004695.dll
Disinfection failed

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP41\A0004695.dll
Deleted

C:\VundoFix Backups\ctkebooy.dll.bad
Infected with: Trojan.BHO.G

C:\VundoFix Backups\ctkebooy.dll.bad
Disinfection failed

C:\VundoFix Backups\ctkebooy.dll.bad
Deleted
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP