Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJack log [CLOSED]


  • This topic is locked This topic is locked

#1
freakonature

freakonature

    New Member

  • Member
  • Pip
  • 2 posts
I'm hoping someone can help me with this. Here is the log from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:29:29 AM, on 6/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Windows\system32\sessmgr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WFXSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Windows\system32\PROMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Windows\Twain_32\fjscan32\FjtwSetup.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Windows\System32\NMSSvc.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Windows\system32\wfxsnt40.exe
C:\Windows\system32\wintask.exe
C:\program files\tvs\tvs_b.exe
C:\Windows\system32\mnzkll.exe
C:\Windows\seeve.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\picsvr\picsvr.exe
C:\Program Files\ScanSoft\TextBridge Millennium\Bin\InstantAccess.exe
C:\Windows\system32\exp.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\ScanSoft\Pagis\Monitor.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Windows\system32\dpvpldlg.exe
C:\Windows\system32\dvduclt1.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\VWPM\My Documents\downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Aprps\CxtPls.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwSetup.exe /Station
O4 - HKLM\..\Run: [ScanSoft OmniPage Pro 11 Registration Reminder] "C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NAVBrowser.exe" /r /i "C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NavLoad.ini"
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WinTask driver] C:\Windows\system32\wintask.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteusc32.exe
O4 - HKLM\..\Run: [TVS_B] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [KavSvc] C:\Windows\system32\mnzkll.exe reg_run
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [usbdycm] c:\windows\system32\usbdycm.exe
O4 - HKLM\..\Run: [seeve] C:\Windows\seeve.exe
O4 - HKLM\..\Run: [PS1] C:\Windows\system32\ps1.exe
O4 - HKLM\..\Run: [picsvr] C:\Windows\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [Nsv] C:\Windows\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScanSoft\TextBridge Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [exp.exe] C:\Windows\system32\exp.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [r79k35j] dvduclt1.exe
O4 - HKCU\..\Run: [Nuwqmfrt] C:\Windows\system32\??oolsv.exe
O4 - HKCU\..\Run: [Lerm] C:\Program Files\saar\elat.exe
O4 - HKCU\..\Run: [awqqRRHqU] dpvpldlg.exe
O4 - Startup: AdDestroyer.lnk = AdDestroyer\AdDestroyer.exe
O4 - Startup: Webshots.lnk = Webshots\WebshotsTray.exe
O4 - Global Startup: Controller.LNK = ?
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pagis Schedule Monitor.lnk = ScanSoft\Pagis\Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.handrblock.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...vex/website.ocx
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...12/QDow_AS2.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0019.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local
O17 - HKLM\Software\..\Telephony: DomainName = domain.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domain.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domain.local
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\Windows\System32\NavLogon.dll
O20 - Winlogon Notify: Reinstall - C:\Windows\system32\m846lihs1846.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\Windows\system32\WFXSVC.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)


all help would be greatly appreciated
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Did you read the sticky topic yet? If not:

Please read the first link in my signature and follow the steps outlined there. When you are ready, post the HijackThis log here.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Right click on this link http://www.greyknigh...lO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.

Download and install CleanUp http://cleanup.stevengould.org/
Download KillBox http://www.atribune....ads/KillBox.exe (or at http://www.greyknigh...spy/KillBox.exe if the main link doesn't work)
Download rkfiles http://skads.org/special/rkfiles.zip and unzip the contents to a new folder on your desktop.

Download the remv3.zip at http://forums.skads....hp?showtopic=80 (look for the attachment to download). Make a new folder on the root drive C:\ and unzip remv3.zip files into it.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Run CleanUp program now and logoff.


Download ETRemover and unzip it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

WinTools
AutoUpdate
VBouncer
AdDestroyer
Media Access


Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O4 - HKLM\..\Run: [WinTask driver] C:\Windows\system32\wintask.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteusc32.exe
O4 - HKLM\..\Run: [TVS_B] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [KavSvc] C:\Windows\system32\mnzkll.exe reg_run
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [usbdycm] c:\windows\system32\usbdycm.exe
O4 - HKLM\..\Run: [seeve] C:\Windows\seeve.exe
O4 - HKLM\..\Run: [PS1] C:\Windows\system32\ps1.exe
O4 - HKLM\..\Run: [picsvr] C:\Windows\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [Nsv] C:\Windows\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [exp.exe] C:\Windows\system32\exp.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [r79k35j] dvduclt1.exe
O4 - HKCU\..\Run: [Nuwqmfrt] C:\Windows\system32\??oolsv.exe
O4 - HKCU\..\Run: [Lerm] C:\Program Files\saar\elat.exe
O4 - HKCU\..\Run: [awqqRRHqU] dpvpldlg.exe
O4 - Startup: AdDestroyer.lnk = AdDestroyer\AdDestroyer.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...vex/website.ocx
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...12/QDow_AS2.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0019.exe
O20 - Winlogon Notify: Reinstall - C:\Windows\system32\m846lihs1846.dll


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Windows\system32\wintask.exe
C:\program files\tvs\tvs_b.exe
C:\Windows\system32\mnzkll.exe
C:\Windows\seeve.exe
C:\Windows\system32\exp.exe
C:\Program Files\AutoUpdate\
C:\Windows\system32\dpvpldlg.exe
C:\Windows\system32\dvduclt1.exe
C:\Program Files\Aprps\
c:\Program Files\Fla\
C:\Windows\system32\wintask.exe
C:\windows\system32\eliteusc32.exe
C:\program files\tvs\
C:\Windows\system32\mnzkll.exe
C:\PROGRA~1\COMMON~1\WinTools\
C:\PROGRA~1\VBouncer\
c:\windows\system32\usbdycm.exe
C:\Windows\system32\ps1.exe
C:\Windows\system32\picsvr\
C:\Windows\system32\nsvsvc\
C:\Program Files\Media Access\
C:\Program Files\Common Files\Java\flacpy.exe
C:\Program Files\saar\
C:\Program Files\AdDestroyer\
C:\Windows\system32\m846lihs1846.dll


Run ETRemover.exe now.

Double click rkfiles.bat file to run it. It will scan for a while, so please be patient. Wait until the DOS window closes. Open the C:\log.txt it created and rename it log1.txt.

Now open the folder where you saved remv3.zip files and double click the rem.bat file and let it run. It will delete the files and remove the infection and then make a log of the files it finds. The log file will be C:\log.txt and bad1.txt

**Note** Each tool uses log.txt as itís output file so make sure you save the entries from one tools log before running the other as it will overwrite the file if you donít.

Reboot back to normal mode and post the contents of both the log.txt and log1.txt in your next post.


Do a search for ??oolsv.exe and right click on any of the files found. Go to Properties->Version tab and see if it's from Microsoft. Do this for each file found. If it's not from Microsoft (or doesn't even have a version tab) and it was created recently, then delete it.

Restart and run a new HijackThis scan. Save the log file and post it here.

Download L2MFix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts. Then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter. This will scan your computer and it may appear nothing is happening. After a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 or any other files in the l2mfix folder until you are asked to do so!
  • 0

#3
freakonature

freakonature

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
ok, i think all the steps are complete. first log is from the ewido scan and the second log is from highjackthis:

ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:11:23 PM, 6/9/2005
+ Report-Checksum: A45D7922

+ Date of database: 6/9/2005
+ Version of scan engine: v3.0

+ Duration: 28 min
+ Scanned Files: 52290
+ Speed: 31.12 Files/Second
+ Infected files: 109
+ Removed files: 109
+ Files put in quarantine: 109
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\VWPM\Local Settings\Temp\Cookies\vwpm@ads.addynamix[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\VWPM\Local Settings\Temp\Cookies\vwpm@exitexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\VWPM\Local Settings\Temp\Cookies\vwpm@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\VWPM\Local Settings\Temp\Cookies\vwpm@www.eadexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\VWPM\n20050308.exe -> TrojanDownloader.Delmed.a -> Cleaned with backup
C:\Program Files\Common Files\Java\flaclean.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\Common Files\Java\tvs_re_inst.exe -> Spyware.TopMoxie -> Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\Program Files\Fla\flaclean.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\tvs\tvs_re_inst.exe -> Spyware.TopMoxie -> Cleaned with backup
C:\Program Files\Web Offer\wo.exe -> Spyware.EZula -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000289.exe -> TrojanDownloader.Inservice.F -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000334.exe -> TrojanDownloader.Small.Kl -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000347.EXE -> Spyware.PurityScan.f -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000487.EXE -> Spyware.SaveNow.m -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000497.exe -> Spyware.PurityScan.f -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000629.EXE -> Spyware.PurityScan.f -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000772.exe -> Spyware.PurityScan.f -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000807.exe -> Spyware.BargainBuddy.f -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000808.dll -> Spyware.BargainBuddy -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000872.exe -> Spyware.BargainBuddy.f -> Cleaned with backup
C:\RECYCLER\NPROTECT\00000874.EXE -> Spyware.PurityScan.f -> Cleaned with backup
C:\RECYCLER\NPROTECT\00001003.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\RECYCLER\NPROTECT\00001006.dll -> Spyware.BargainBuddy -> Cleaned with backup
C:\RECYCLER\NPROTECT\00001014.exe -> Spyware.PurityScan.f -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc10.exe -> Trojan.IstSvc.a -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc11.exe -> TrojanDownloader.Dyfuca.bq -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc12.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc13.exe -> Spyware.Save -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc14.exe -> Spyware.SaveNow.v -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc15.dll -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc16.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc17.dll -> TrojanDownloader.IstBar.fb -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc18.exe -> TrojanDownloader.Dyfuca.bq -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc2.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc21.dll -> Spyware.Sidesearch.c -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc22.exe -> TrojanDownloader.IstBar.bp -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc23.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc24.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc25.dll -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc26.exe -> Spyware.SaveNow.i -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc27.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc29.exe -> TrojanDownloader.Dyfuca.ak -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc30.dll -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc31.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc32.dll -> TrojanDownloader.IstBar.fb -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc33.exe -> Trojan.IstSvc.a -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc35.dll -> Spyware.Sidesearch.c -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc36.exe -> Spyware.Purityscan.B -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc37.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc38.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc39.dll -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc40.exe -> Spyware.Purityscan.B -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc41.exe -> Trojan.IstSvc.a -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc42.exe -> TrojanDownloader.Dyfuca.ak -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc43.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc44.dll -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc45.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc46.dll -> TrojanDownloader.IstBar.fb -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc48.dll -> Spyware.Sidesearch.c -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc49.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc5.txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc50.dll -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc6.exe -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc7.dll -> Spyware.180solutions -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1282138258-2745678790-3725260815-1004\Dc9.exe -> Spyware.Purityscan.B -> Cleaned with backup
C:\WINDOWS\Buddy.exe -> Spyware.BetterInternet.d -> Cleaned with backup
C:\WINDOWS\ceres.dll -> Spyware.BetterInternet.d -> Cleaned with backup
C:\WINDOWS\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\DS3.dll -> TrojanDownloader.Agent.jt -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\m67m.ocx -> Spyware.MediaMotor.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0009.exe -> Spyware.Pacer.b -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\website.ocx -> TrojanDownloader.Agent.ex -> Cleaned with backup
C:\WINDOWS\edow.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup
C:\WINDOWS\EDow_AS2.exe -> TrojanDownloader.QDown.m -> Cleaned with backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\seeve.exe -> Spyware.MediaMotor.f -> Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\bvuag.dat -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\system32\dk7vb.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\dkmv2clt.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\dnnu0159e.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\EDow_AS2.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup
C:\WINDOWS\system32\exp.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
C:\WINDOWS\system32\FgTahoe.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\installer_MARKETING30.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\system32\jt4s07h7e.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\k0lqla351d.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\mnzpaa.exe -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\system32\npwdev.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\nsn22.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINDOWS\system32\ps1.exe -> Spyware.Pacer.a -> Cleaned with backup
C:\WINDOWS\system32\Qool.exe -> TrojanDropper.Win32.Small.wc -> Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p -> Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p -> Cleaned with backup
C:\WINDOWS\system32\temperror32.dat -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
C:\WINDOWS\tct101.dll -> TrojanDownloader.Dyfuca.eg -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@a.websponsors[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@targetnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\vwpm@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End

highjackthis

Logfile of HijackThis v1.99.1
Scan saved at 3:15:45 PM, on 6/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Windows\system32\PROMon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Windows\Twain_32\fjscan32\FjtwSetup.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Windows\system32\wfxsnt40.exe
C:\program files\tvs\tvs_b.exe
C:\Windows\system32\mnzkll.exe
C:\Windows\System32\NMSSvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Windows\system32\dvduclt1.exe
C:\Program Files\ScanSoft\TextBridge Millennium\Bin\InstantAccess.exe
C:\Windows\system32\dpvpldlg.exe
C:\Windows\system32\sessmgr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WFXSVC.EXE
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\ScanSoft\Pagis\Monitor.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Windows\system32\userinit.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Windows\system32\rundll32.exe
C:\Documents and Settings\VWPM\My Documents\downloads\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\Windows\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwSetup.exe /Station
O4 - HKLM\..\Run: [ScanSoft OmniPage Pro 11 Registration Reminder] "C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NAVBrowser.exe" /r /i "C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NavLoad.ini"
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteusc32.exe
O4 - HKLM\..\Run: [TVS_B] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [KavSvc] C:\Windows\system32\mnzkll.exe reg_run
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [usbdycm] c:\windows\system32\usbdycm.exe
O4 - HKLM\..\Run: [r79k35j] dvduclt1.exe
O4 - HKLM\..\Run: [picsvr] C:\Windows\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [Nsv] C:\Windows\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScanSoft\TextBridge Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [Nuwqmfrt] C:\Windows\system32\??oolsv.exe
O4 - HKCU\..\Run: [Lerm] C:\Program Files\saar\elat.exe
O4 - HKCU\..\Run: [awqqRRHqU] dpvpldlg.exe
O4 - Startup: AdDestroyer.lnk = AdDestroyer\AdDestroyer.exe
O4 - Startup: Webshots.lnk = Webshots\WebshotsTray.exe
O4 - Global Startup: Controller.LNK = ?
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pagis Schedule Monitor.lnk = ScanSoft\Pagis\Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.handrblock.com
O15 - Trusted Zone: *.media-motor.net
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0019.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain.local
O17 - HKLM\Software\..\Telephony: DomainName = domain.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domain.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = domain.local
O20 - Winlogon Notify: Nls - C:\Windows\system32\s6880glue6q80.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\Windows\system32\WFXSVC.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)



Thanks for all help provided.

freakonature
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is this an updated HijackThis log? Try running another new scan and post that log instead because this one is almost 100% identical to the one you posted originally.

Where are the L2MFix, rkfiles and remv3 logs?
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP