Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winfixer and Dr. Watson problems

Started by joflo1331 , Sep 02 2005 05:57 PM

  • Please log in to reply

#1
joflo1331
Posted 02 September 2005 - 05:57 PM

joflo1331

    New Member

  • Member
  • Pip
  • 2 posts
Following is the logfile of a run of HijackThis that I performed tonight at 6:54 p.m. I have been experiencing a myriad of problems such as odd crashings of Dr. Watson's Post Mortem Debugger and attempted WinFixer auto-installations on startup.
I hope for, will appreciate, and await any help anyone around can offer.

Logfile of HijackThis v1.99.1
Scan saved at 6:52:06 PM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 127so.offeroptimizer.com
O1 - Hosts: 127
O1 - Hosts: 0.0.1 bidclix.net
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: www1.iwon.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: toolbar.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O2 - BHO: (no name) - {04079851-5845-4DEA-848C-3ECD647AA554} - (no file)
O2 - BHO: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TChkBHO Class - {12C1DEEB-E58B-4700-B8CA-33AA3924A35D} - C:\WINDOWS\system32\nvmlmkxz.dll
O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Cursors\regmain.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: swdlwgupp Class - {F0E2AD1E-0FD3-463A-BF51-80DE6B92ABB1} - C:\WINDOWS\system32\moz030715s.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: regmain - C:\WINDOWS\Cursors\regmain.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Edited by joflo1331, 02 September 2005 - 06:13 PM.

  • 0

Advertisements

#2
Wizard
Posted 03 September 2005 - 05:47 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi joflo1331 and Welcome to GeekstoGo!

Go to Add\Remove Programs and Remove

ViewPoint
WeatherBug
WindUpdates
WinFixer

Download the Hoster from here:
http://www.funkytoad...load/hoster.zip

Unzip and Extract all Files

Press "Restore Original Hosts" and press "OK"!

Exit Program!


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • Please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\Cursors\regmain.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html

    O2 - BHO: (no name) - {04079851-5845-4DEA-848C-3ECD647AA554} - (no file)

    O2 - BHO: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)

    O2 - BHO: TChkBHO Class - {12C1DEEB-E58B-4700-B8CA-33AA3924A35D} - C:\WINDOWS\system32\nvmlmkxz.dll

    O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} - C:\WINDOWS\system32\req.dat (file missing)

    O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0614NetInstaller.exe"

    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

    O20 - Winlogon Notify: regmain - C:\WINDOWS\Cursors\regmain.dll

    O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.


Download Pocket KillBox from here:
http://www.atribune....llBox_beta_.exe

Highlight the list below and press Ctrl+C to Copy!

C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AWS\WeatherBug
C:\Program Files\AWS
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\winupdates
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0614NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\system32\nvmlmkxz.dll

Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Click Yes to the Prompts that follow and let Killbox Reboot the PC!


Restart Normal and run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
joflo1331
Posted 12 September 2005 - 09:33 PM

joflo1331

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I was totally unable to run Hoster. I was given a Windows message citing low virtual memory every time the program attempted to start, and then it would simply move to Not Responding.

New HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:29:15 PM, on 9/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 127so.offeroptimizer.com
O1 - Hosts: 127
O1 - Hosts: 0.0.1 bidclix.net
O1 - Hosts: henu.com
O1 - Hosts: henu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: www1.iwon.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: toolbar.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: 0.1 zinc.whenu.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O1 - Hosts: .1 zsearchtoolbar.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Cursors\regmain.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS5LP_0001_0811NetInstaller.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: regmain - C:\WINDOWS\Cursors\regmain.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


VundoFix Logfile

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 132 'smss.exe'
Threads [136][140][144]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of explorer.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 204 'winlogon.exe'
Could not delete file.


ActiveScan Report

Incident Status Location

Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Cursors\regmain.dll
Adware:adware/shoppingcommunityNo disinfected C:\WINDOWS\SYSTEM32\moconfig.exe
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/myway No disinfected C:\PROGRAM FILES\MyWay
Adware:adware/searchaid No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\winshow
Spyware:spyware/virtumonde No disinfected Windows Registry
Virus:Trj/Small.KK Disinfected C:\1.dll
Virus:Trj/Small.KK Disinfected C:\1.exe
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-35388218-41c22652.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-50ac52d4-63c0f037.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\stat.class-38d5a44c-35eb9efb.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-34e2b6fd-7a35dfb5.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-34e2b6fd-7a35dfb5.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-34e2b6fd-7a35dfb5.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-34e2b6fd-7a35dfb5.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-26ea7b73.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-26ea7b73.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-26ea7b73.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-6a3aaa44.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-6a3aaa44.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-6a3aaa44.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-56a95f5b.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-56a95f5b.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-56a95f5b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-56a95f5b.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-6a859b76.zip[BB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-6a859b76.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-6a859b76.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-6a859b76.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-6a859b76.zip[BeyondInterface.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-4c6b53a3-76129cdc.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-4c6b53a3-76129cdc.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-4c6b53a3-76129cdc.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-4c6b53a3-76129cdc.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-4c6b53a3-76129cdc.zip[Worker.class]
Virus:Trojan Horse Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-4c6b53a3-76129cdc.zip[web.exe]
Virus:Trj/Shinwow.A Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-5b38b92d-26a9cf1a.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-5b38b92d-26a9cf1a.zip[counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-5b38b92d-26a9cf1a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-5b38b92d-26a9cf1a.zip[VerifierBug.class]
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-2974e7dd.zip[InstallerApplet.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\xp.jar-103b60e-7773d91f.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\xp.jar-103b60e-7773d91f.zip[Dummy.class]
Virus:Trojan Horse Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\xp.jar-103b60e-7773d91f.zip[Colors.class]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Adobe Creative Suite CS2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\After The Sunset.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Alien Defense.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Andaz Apna Apna (Hindi).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Aye Shutdown 5.86.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Big.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\BitDefender Professional Plus 9.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Call of Duty Deluxe.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Cool Edit Pro 2.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\CSS Web Design For Dummies.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Dhadkan (Hindi).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Doom 3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Driv3r.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Dukes Of Hazzards.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\DVD-Cloner 2.30.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\eDonkey2000 1.4 Pro.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Excel Add-in Development in CC++.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Extreme Gumball.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\FIFA 2005.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\FlashGet 1.71.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Ford Racing 3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Four Brothers Cam.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Free Internet TV 4.5.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\GTA San Andreas.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Guide to Budgets and Financial Manage.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Hitman 3 Contracts.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\House of the Dead 3.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Interstate 60.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\JetAudio 6.2.2 VX Plus.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Kal Ho Naa Ho (Hindi).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Kerio MailServer 5.7.10.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Kerio Personal Firewall 4.1.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Kerio WinRoute Firewall 6.01.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Lavavo CD Ripper 2.5.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Lords Of Dogtown.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Macromedia Dreamweaver 8.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Magic Utilities 2004 3.10.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Maine Pyaar Kyun Kiya (Hindi).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Maxim Hot 100 2004 Bonus Magazine.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Mcafee Desktop Firewall 8.5.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\McAfee Personal Firewall Plus 6.0.6014.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\McAfee VirusScan 10.0.21.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Mechwarrior 4 Mercenaries Expansion.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\MemoriesOnTV 2.1.7.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Metalica - Nowhere Else To Roam 4 CD.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\MetaProducts Mass Downloader 2.7.528 SR1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Microsoft Office Pro 2003.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\MovieJack DVD XL 2.03.001.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Mozilla 1.7.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\MP3 Doctor 5.10.92.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\MP3 Doctor 5.10.95.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\MS-DOS 7.10.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\MSN Winks Plus 4.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\NeroMIX 1.4.0.23.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\NeroVision Express 2 2.1.2.2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\No1 Video Converter 3.4.7.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\NTI CD DVD-Maker Platinum 6.7.0.28.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Opera 7.53.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Partition Magic 8.0.2 Pro.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\PC Hardware Tuning & Acceleration.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\PDFcamp Pro 2.1.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Photolightning 3.2.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Power Video Converter 1.29.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\PowerQuest SystemsTools 2005.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\ProShow Gold 2.0.1568.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Rammshtein - Amerika.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Sex And The City (S3 - EP07).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Sin City (2 CD).zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Skeleton.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Spyware Doctor 3.2.1.359.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Super Utilities Pro 5.4.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Symantec Norton AntiVirus 2006.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\The Island.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\The Skeleton.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Toyota Corolla - 2004 repair manual.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Videocharge 2.2.3.49.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\VideoReDo 1.6.2.284.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\Winamp 5.1 Surround Pro.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\WnSoft PixBuilder Studio 1.0.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\XP Codec Pack 1.2.4.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\XP SP2 Bone.zip[Setup.exe]
Virus:W32/Alcan.A.worm Disinfected C:\Documents and Settings\Owner\Complete\XPlite Professional 1.3.zip[Setup.exe]
Adware:Adware/ToolbarIns No disinfected C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
Virus:W32/Alcan.A.worm Disinfected C:\Program Files\winupdates\a.tmp
Virus:W32/Alcan.A.worm Disinfected C:\Program Files\winupdates\a.zip[Setup.exe]
Adware:Adware/Winshow No disinfected C:\Q230903.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Cursors\regmain.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Cursors\wmc.dll
Adware:Adware/ShoppingCommunityNo disinfected C:\WINDOWS\system32\moconfig.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\vbhard.dll


Ah. Sorry for the weird formatting in the ActiveScan log - it didn't like NotePad...or this just doesn't like long filenames.

Thank you for your continuous support, and hopes for it further.

-Joseph
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP