The WnvDStatus.exe file is a necessary file for a programming project I am working on.
I do not have a ctmaddin.dll to upload, so I do not know what to do on this part.
Here is the New HijackThis Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 03:20:27 PM, on 6/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Cas\Client\casclient.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\24-7 Alert\TrueWeather.exe
C:\Program Files\Winnov\Videum\WnvDStatus.exe
C:\WINDOWS\system32\userinit.exe
C:\My Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://companywebO4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [do33RXc2j] mdmcurs.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: 24-7 Alert.lnk = C:\Program Files\Common Files\24-7 Alert\TrueWeather.exe
O4 - Global Startup: Status Tool.lnk = C:\Program Files\Winnov\Videum\WnvDStatus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) -
http://public.ansi.o...rces/msddsc.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1114381910093O16 - DPF: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} (LiveX(v6.0)) -
http://www.vs-us.com...vers/Live60.cabO16 - DPF: {BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B} (LiveX(5.4.0.0) Control) -
http://www.vs-us.com...vers/live54.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = isis.local
O17 - HKLM\Software\..\Telephony: DomainName = isis.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = isis.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = isis.local
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\ctmaddin.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
and here is the Edwido Logfile:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 03:02:13 PM, 6/13/2005
+ Report-Checksum: 3F8538CA
+ Date of database: 6/13/2005
+ Version of scan engine: v3.0
+ Duration: 39 min
+ Scanned Files: 57453
+ Speed: 24.01 Files/Second
+ Infected files: 108
+ Removed files: 107
+ Files put in quarantine: 107
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ntcc.exe -> TrojanDownloader.Qoologic.n -> Error during cleaning
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@11199995[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@18787707[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@26606202[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@35283272[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@55674483[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@63392527[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@65679750[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@67265735[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@70307935[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@72597726[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@77421188[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@79777648[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@87738116[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@bcentral[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@burstnet[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@com[4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@dcsc5k1y36twkfwddu2xlbvwn_2p6y[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@dcskf5ra3wievv2j7rl2dzj9r_8m4t[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@dcspmlfn66twkfocu55nbix84_4c4t[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@link[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@S005-01-3-19-233247-61503[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@S109868[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@S109869[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@S118485[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@S141588[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@S147432[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@search123[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Cookies\salexander@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Local Settings\Temp\temp.fr9D0B\EliteToolBar version 60.dll -> Spyware.EliteBar.af -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Local Settings\Temporary Internet Files\Content.IE5\BXZL86Z7\Gummy[1].class -> Trojan.Java.Femad -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Local Settings\Temporary Internet Files\Content.IE5\EPNUIS8O\web[2].htm -> TrojanDownloader.VBS.Psyme.ap -> Cleaned with backup
C:\Documents and Settings\SAlexander.isis\Local Settings\Temporary Internet Files\Content.IE5\MSA8W0HC\pcs_0002[1].exe -> Spyware.Pacer.b -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@11199995[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@18787707[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@26606202[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@35283272[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@55674483[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@63392527[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@65679750[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@67265735[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@70307935[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@72597726[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@77421188[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@79777648[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@87738116[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@bcentral[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@burstnet[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@dcsc5k1y36twkfwddu2xlbvwn_2p6y[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@dcskf5ra3wievv2j7rl2dzj9r_8m4t[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@dcspmlfn66twkfocu55nbix84_4c4t[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@link[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@S005-01-3-19-233247-61503[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@S109868[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@S109869[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@S118485[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@S141588[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@S147432[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Laptop\Zips\Cookies\salexander@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaAccX.dll -> Spyware.WinAD -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0002.exe -> Spyware.Pacer.b -> Cleaned with backup
C:\WINDOWS\protector.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\boqqbxd.exe -> TrojanDownloader.Qoologic.q -> Cleaned with backup
C:\WINDOWS\system32\COMMCOS2.DLL -> Spyware.SafeSurfing -> Cleaned with backup
C:\WINDOWS\system32\ctmaddin.dll -> Spyware.Look2Me.ab -> Cleaned with backup
C:\WINDOWS\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\system32\pdqqp.dll -> TrojanDownloader.Qoologic.q -> Cleaned with backup
C:\WINDOWS\system32\pvyyp.dat -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p -> Cleaned with backup
C:\WINDOWS\system32\regsync.exe -> Spyware.SafeSurfing -> Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p -> Cleaned with backup
C:\WINDOWS\system32\vbrundll.dll -> Spyware.SafeSurfing -> Cleaned with backup
C:\WINDOWS\system32\vnaavl.exe -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\system32\zgbbzno.dll -> TrojanDownloader.Qoologic.q -> Cleaned with backup
::Report End
Looking at this Norton and Ad-Aware missed a few things.
I also noticed that when I came back up, there was a New Icon on my desktop, named...Wasssssup!
Any advice on getting rid of this one?