Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virtumonde, .dll problems [RESOLVED]

Started by trouter , Jan 15 2008 10:15 PM

  • This topic is locked This topic is locked

#16
trouter
Posted 21 January 2008 - 01:19 PM

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ahhh, it feels good to delete all those extraneous cookies. Here is the lighter version of the AVG-AS report after manually deleting the C:\Program Files\support.com\backup\co cookies from the .txt file. I tried to upload the Panda report, but once again it seemed to take too long, so I'll edit out the same cookies that AVG found out of the Panda report and post the findings here.

thanks!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:51:12 PM 1/20/2008

+ Scan result:



C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\SecTaskMan\Dot1XCfg .exe.q_A9DF000_q.vir -> Downloader.Adload.pr : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{38D2CAF4-CA69-46A8-9E28-F412610BFF24} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{3FD0F1D8-E85C-419E-96F0-76D0FDDCDB41} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{447711E5-1524-43E1-9E7C-06795D3B32C1} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{48968133-2CF3-4227-B250-402D9BE9EEB7} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{491ED91F-4205-475F-9BCC-B403B2CF28DF} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{4FE63CA3-B57C-4087-80BB-D1AE85F760B6} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5B936FB7-643C-4574-BB29-B477C0FDC49D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5D6180CB-7D75-42EE-97BD-2585EFDF742D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{626C20CD-5D6C-4929-8C78-C773B1809A17} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{6D95657E-076B-4767-AFE5-FFCA2BF9AAE7} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{949A6604-8422-4975-BDB8-C7338DF9404A} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{966DECF9-ECB0-4B19-987D-937EEBEEC806} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C1EC6080-A8D1-413A-BB90-C6F61659A63F} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C2CEC244-8069-4B1D-B820-451603406EF2} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C76164E0-6CC6-4BF9-B2CC-6392F5AD9870} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C881B0DB-B296-4104-B033-2585C1DEC3B5} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{CA5423CE-6135-4048-9C8A-644C60C59703} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{CEFA1FFC-D3F1-4294-BCE2-C4375685949C} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{D36755AA-7C48-4AE6-8F7F-06A0E1AE32A5} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{D97FDDE2-A29A-4E59-8FE5-4F2F0E512E43} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{F99EC897-BF17-496A-AFE3-007FA2D95F74} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{FC9901EC-1984-4077-8431-2662617CD926} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{FDD36147-9904-455D-A44B-8B82E745958D} -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jkhhf.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2008-01-20_122034.39.zip/SpySweeperUI.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1683\A0071248.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1683\A0071249.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071261.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071262.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1684\A0071263.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1685\A0071271.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1685\A0071272.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071275.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071277.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1686\A0071278.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\ctfmon.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5B9ED28A-B506-4F74-A714-2E308690DD3E} -> Hijacker.IFrame.dn : Cleaned with backup (quarantined).
C:\Documents and Settings\Teresa\Cookies\teresa@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Trevan\Cookies\trevan@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.6:C:\Documents and Settings\Teresa\Application Data\Mozilla\Firefox\Profiles\cf5089bp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{41E25296-F459-41C6-A0A3-48E367469E33} -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C9D21C75-C72B-4ED1-A97D-FA7CE2EE1004} -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{DF45CDD7-92A5-4602-9674-D8DB3C6D78D0} -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{2519C019-1AE5-4A30-83F9-107F173F47F0} -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{8EC10DEC-F8A7-45F1-922A-2B857C161A4E} -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{E9D9131E-8E11-4C7F-A4D9-43E10E1C774D} -> TrackingCookie.Adtrak : Cleaned.

C:\Documents and Settings\Trevan\Cookies\trevan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

:mozilla.35:C:\Documents and Settings\Trevan\Application Data\Mozilla\Firefox\Profiles\s1zpokxq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Teresa\Cookies\teresa@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Trevan\Cookies\trevan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.


C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{90DC0D56-C9E2-45CA-BF4B-6D2185D846D4} -> TrackingCookie.Findwhat : Cleaned.

:mozilla.62:C:\Documents and Settings\Trevan\Application Data\Mozilla\Firefox\Profiles\s1zpokxq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{9F6471ED-7B80-4DAC-B16F-7DA3C8080430} -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{85D0F6DB-800F-439B-8FCC-772E745F8579} -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{E1ACCDF3-9AC0-404F-82C0-A4CBC97EEFC9} -> Trojan.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{63296263-1062-465D-9640-8695F1068F52} -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{ED549852-0115-4AA4-B8C6-C3459DF6D2BD} -> Trojan.Small : Cleaned with backup (quarantined).


::Report end



Activescan

Incident Status Location

Adware:adware/bookedspace Not disinfected c:\windows\cfgmgr52.ini
Adware:adware/maxifiles Not disinfected Windows Registry
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Teresa\Application Data\Mozilla\Profiles\default\wmsl3a4k.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@com[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Teresa\Cookies\teresa@target[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Teresa\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Trevan\Application Data\Mozilla\Firefox\Profiles\s1zpokxq.default\Cache\C2152591d01[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Trevan\Application Data\Mozilla\Firefox\Profiles\s1zpokxq.default\Cache\C2152591d01[nircmd.cfexe]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Trevan\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\cookies.txt[.xiti.com/]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{2915307C-FF9F-4DA5-AF05-499B8FB8A17C}
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{406C9BF6-A789-4BE9-B676-CC3BDC7F1E91}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{5FA94C56-4CB5-4948-8A9B-02820D12F85B}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{9ABC63CE-115A-46B6-B111-3F41584AC739}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{BD648AFE-C0B0-4837-A97E-CAB5F558AD7B}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{C1A11BB2-B39B-4781-80E4-657C49093BE6}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{DF909D7D-6AD4-466E-AFC9-D70BD65AD998}
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Trevan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-14-2008 - 19-52-43\{F0D43BA9-9B71-4D0D-AF8B-0057889EBFE3}
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Trevan\Cookies\trevan@atdmt[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Trevan\Desktop\ComboFix.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Trevan\Desktop\ComboFix.exe[nircmd.cfexe]
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Aphex.exe
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll

Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Teresa\.jpi_cache\jar\1.0\count.jar-f2473c1-5c360342.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip.vir[B.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip.vir[V.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip.vir[Dummy.class]
Virus:Trojan Horse Disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\ar2.jar-585dc65d-49a3c12b.zip.vir[A.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[VBUG.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[Dummy.class]
Adware:Adware/Startpage.JU Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[Beyond.class]
Dialer:Dialer.TY Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[winmodem.exe]
Adware:Adware/Startpage.RJ Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\archive.jar-487b52a0-7c0195ec.zip.vir[rundll32.exe]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip.vir[Dummy.class]
Adware:Adware/StartPage.APE Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-4d094f49-62615f61.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-170b1986.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a77-693ad66d.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-6f603a78-3327dc8a.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count.jar-bb80bfb-24180444.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-27bc085e-3a83aec0.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip.vir[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e1a93af-4f9b98d7.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip.vir[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip.vir[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\count1.jar-5e2deec6-2c74200c.zip.vir[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\QooBox\Quarantine\C\Documents and Settings\Trevan\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-53294b99.zip.vir[javainstaller/InstallerApplet.class]
Virus:Trj/Downloader.SCI Disinfected C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2008-01-16_180148.67.zip[jkhhf.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\htvowowq.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jkhhf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mllmj.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nnxlwxpy.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ynyvwtvf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\zonijlus.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:44 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khfebbx - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9524 bytes
  • 0

Advertisements

#17
Cookiegal
Posted 21 January 2008 - 02:49 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
It looks like SpySweeper will also have to be reinstalled if you want to keep it as one of its components was damaged by malware.


Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

O20 - Winlogon Notify: khfebbx - C:\WINDOWS\

HijackThis may throw off an error but it is of no concern.


Let's see if we can salvage McAfee. Please do a search for this file and let me know if it's found and if so, in what locations. You may get a result returned with the same name but with a space or two after it (i.e. mcupdate .exe) if so, include it as well please.

mcupdate


Please delete this file:

c:\windows\cfgmgr52.ini

and if you also see this one there, delete it as well:

c:\windows\cfgmgr52.dll

Edited by Cookiegal, 21 January 2008 - 02:52 PM.

  • 0

#18
trouter
Posted 21 January 2008 - 03:46 PM

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I fixed the O20 - Winlogon Notify: khfebbx - C:\WINDOWS\ file
Couldn't find mcupdate with an expanded search including hidden files. The closest was MCUPDA~2.exe in C:\Program Files\McAfee.com\Agent.
I deleted c:\windows\cfgmgr52.ini, but didn't see the c:\windows\cfgmgr52.dll file.

Many thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:17 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9477 bytes
  • 0

#19
Cookiegal
Posted 21 January 2008 - 05:45 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
It looks like there are other components of McAfee missing as well. I think it would be best to uninstall it and since you can't reinstall, you could get AVG Free from the following link (the third column).

http://free.grisoft.com/doc/2/


You should also get a third party firewall such as Zone Alarm.


How are things now?
  • 0

#20
trouter
Posted 21 January 2008 - 08:45 PM

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
The computer is running much faster than a week ago, and the pop-ups of internet sites and MS Money trying to install are gone.
Everything is better thanks to you, but one can't help but be a little wary.

When my wife logs in she still gets a "can't find C:\WINDOWS\system32\jkhhf.exe" warning. The file is gone, but something is still looking for it?

Security task manager still comes up with a dva.386 file that it considers potentially harmful. Should I worry?

Other than that, I'll uninstall Spysweeper and McAfee, then reinstall Spysweeper and AVG Free and check out a firewall.
Thanks again for your help.
  • 0

#21
Cookiegal
Posted 22 January 2008 - 10:50 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Processes group click ALL
  • In the Win32 Services group click ALL
  • In the Driver Services group click ALL
  • In the Registry group click ALL
  • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
  • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
  • In the File String Search group click SELECT ALL
  • in the Additional Scans sections please press select ALL and make sure Non-Microsoft only is UNCHECKED.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
Please post the resulting log here as an attachment.
  • 0

#22
trouter
Posted 22 January 2008 - 08:57 PM

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
here you go, thanks.

Attached Files


  • 0

#23
Cookiegal
Posted 24 January 2008 - 02:58 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
I'm terribly sorry about the delay but I have not forgotten you. I was planning on reviewing your log first thing this morning and then my phone line went dead. After several hours and a report to the phone company, it's back now but I have work for my real job that I need to get done so I will try to reply later this evening or tomorrow.
  • 0

#24
Cookiegal
Posted 24 January 2008 - 06:55 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Before I post the fix, can you please tell me what files are in this folder?

C:\Windows\VHJldmFu
  • 0

#25
trouter
Posted 24 January 2008 - 10:15 PM

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
No problem with the timing. I've been busy myself, and in any case, I feel lucky to receive your help.

I've looked for and did a search for the C:\Windows\VHJldmFu folder, but couldn't find it. Hmmmm. Let me know if there is a better way to search for it.

thanks!
  • 0

Advertisements

#26
Cookiegal
Posted 25 January 2008 - 07:52 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Try unhiding files and folders:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders".
Click "Apply" then "OK".

Go to Start > Search - All Files and Folders and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"



I take it it's not something you recognize or created?
  • 0

#27
trouter
Posted 25 January 2008 - 10:14 AM

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Aha!, there it is. I unchecked the "Hide protected operating system files" box and it showed up.

The folder C:\Windows\VHJldmFu is empty. I don't recognize it. It was created Jan. 12, 2008, which was around the time when the problems started showing up.
  • 0

#28
Cookiegal
Posted 25 January 2008 - 10:39 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
That's exactly what I suspected.


Disconnect from the Internet and disable your anti-virus and firewall programs. Be sure to remember to re-start them before going on-line again.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Copy and paste the information in the box below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log) back here along with a new HijackThis log please.



[Kill Explorer]
[Files/Folders - Created Within 60 days]
NY -> 252.tmp -> %SystemDrive%\252.tmp
[Files/Folders - Modified Within 30 days]
NY -> 252.tmp -> %SystemDrive%\252.tmp
NY -> VHJldmFu -> %SystemRoot%\VHJldmFu
[Empty Temp Folders]
[Start Explorer]
[Reboot]


  • 0

#29
trouter
Posted 25 January 2008 - 12:16 PM

trouter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
here are the logs.
Cheers!

from WinPFind3u

Explorer killed successfully
[Files/Folders - Created Within 60 days]
C:\252.tmp moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\252.tmp not found!
C:\WINDOWS\VHJldmFu moved successfully.
[Empty Temp Folders]
C:\DOCUME~1\Trevan\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Trevan\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 01/25/2008 10:02:44


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:56 AM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Trevan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\TREVAN\Application Data\Mozilla\Profiles\default\8gfaju0c.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9833 bytes
  • 0

#30
Cookiegal
Posted 25 January 2008 - 06:26 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
The log looks good. How are things now?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP