Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win Fixer 2005/Win Antivirus Pro help

Started by Spartans1399 , Sep 20 2005 09:42 PM

Please log in to reply

#16
Spartans1399

Posted 01 October 2005 - 06:25 AM

Member

Topic Starter
Member
22 posts

KillVundo.bat is still not working. I have attached the folder with the extracts.

Attached Files

VundoFix.doc 54KB 8 downloads

#17
Spartans1399

Posted 01 October 2005 - 06:42 AM

Member

Topic Starter
Member
22 posts

KillVundo.bat still will not work. I double click and nothing happens. Here is the folder showing the files.

Attached Files

VundoFix.doc 54KB 4 downloads

#18
Spartans1399

Posted 01 October 2005 - 07:36 AM

Member

Topic Starter
Member
22 posts

I believe the problem has something do do with MS-DOS. It doesn't seem to want to work (I can't even run any .bat files). I went to microsoft.com to try and download MS-DOS but all I get is a bunch of icons on my pc.

#19
Spartans1399

Posted 01 October 2005 - 08:45 AM

Member

Topic Starter
Member
22 posts

I have sort of succesfully run KillVundo.bat. I rebooted in safe mode with a command prompt. Using my 7th grade dos skills (I actually remembered some basic stuff), I was able to run the .bat file from there. I don't know if it was enitely successful. Here is the log file from that:

KillVundo.bat
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 148 'smss.exe'
Threads [152][156][160]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of explorer.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 224 'winlogon.exe'
Killing PID 224 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.

Hijackthis file:
Logfile of HijackThis v1.99.1
Scan saved at 9:47:37 AM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

I am runing Active scan now. I will post it when it is done. The good news is ewido did not popup with a trojan virus alert so hopefully we are close...

#20
Spartans1399

Posted 01 October 2005 - 09:07 AM

Member

Topic Starter
Member
22 posts

Here is my Active Scan log:

Incident Status Location

Adware:adware/ncase No disinfected Windows Registry
Spyware:Spyware/Virtumonde No disinfected C:\System Volume Information\_restore{88588603-E304-4C8C-BD9B-C2F11C3F8093}\RP159\A0160427.dll

#21
Spartans1399

Posted 01 October 2005 - 09:10 AM

Member

Topic Starter
Member
22 posts

And here is an updated hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:00 AM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44236B1A-F8AB-4051-9F62-EA7D4BDD7DB8}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

What else needs to be done?

#22
rstones12

Posted 04 October 2005 - 01:50 AM

Malware Expert

Retired Staff
3,731 posts

Spartans1399,

Good job on that...

First it looks like you are running two Anti-Virus applications... Bit Defender and Symantec, are you aware of this... Running two Anti-Virus applications can cause system issues in some cases.

Have you updated and scanned with your Spybot and Ad-Aware applications..

Thanks,
rstones12

#23
Spartans1399

Posted 09 October 2005 - 10:59 AM

Member

Topic Starter
Member
22 posts

Yes I have updated Ad-aware and ran. Spybot will not update. I get a !badchecksum! error. Here is that log file

8/28/2004 4:11:12 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
8/30/2004 7:40:07 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
8/30/2004 7:40:25 PM downloaded update Detection rules
8/30/2004 7:40:25 PM - URL: http://www.spybotupd...es/includes.zip
8/30/2004 7:40:25 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
9/8/2004 10:01:20 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/11/2004 8:24:59 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/16/2004 6:45:01 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/16/2004 6:45:15 PM downloaded update Immunization database
9/16/2004 6:45:15 PM - URL: http://www.spybotupd...files/clsid.zip
9/16/2004 6:45:15 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
9/23/2004 6:07:30 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/23/2004 6:07:31 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/23/2004 6:07:42 PM downloaded update Detection rules
9/23/2004 6:07:42 PM - URL: http://www.spybotupd...es/includes.zip
9/23/2004 6:07:42 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/2/2004 12:08:39 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/2/2004 12:09:05 PM downloaded update Detection rules
10/2/2004 12:09:05 PM - URL: http://www.spybotupd...es/includes.zip
10/2/2004 12:09:05 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/2/2004 12:09:12 PM downloaded update English help
10/2/2004 12:09:12 PM - URL: http://www.spybotupd...elp.english.zip
10/2/2004 12:09:12 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip
10/2/2004 12:09:14 PM downloaded update English help for TeaTimer
10/2/2004 12:09:14 PM - URL: http://www.spybotupd...res.english.zip
10/2/2004 12:09:14 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
10/5/2004 6:53:49 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/11/2004 6:35:03 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/28/2004 8:00:16 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/28/2004 8:00:36 PM downloaded update Advanced detection library
10/28/2004 8:00:36 PM - URL: http://www.spybotupd...es/advcheck.zip
10/28/2004 8:00:36 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\advcheck.zip
10/28/2004 8:00:42 PM downloaded update Detection rules
10/28/2004 8:00:42 PM - URL: http://www.spybotupd...es/includes.zip
10/28/2004 8:00:42 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/28/2004 8:00:44 PM downloaded update English help for TeaTimer
10/28/2004 8:00:44 PM - URL: http://www.spybotupd...res.english.zip
10/28/2004 8:00:44 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
10/28/2004 8:00:44 PM downloaded update English language
10/28/2004 8:00:44 PM - URL: http://www.spybotupd...ang.english.zip
10/28/2004 8:00:44 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
10/28/2004 8:00:46 PM downloaded update Immunization database
10/28/2004 8:00:46 PM - URL: http://www.spybotupd...files/clsid.zip
10/28/2004 8:00:46 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
10/28/2004 8:00:51 PM downloaded update Startup info
10/28/2004 8:00:51 PM - URL: http://www.spybotupd...les/startup.zip
10/28/2004 8:00:51 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip
11/8/2004 4:29:20 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
11/14/2004 12:32:05 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
11/14/2004 12:32:16 PM downloaded update Detection rules
11/14/2004 12:32:16 PM - URL: http://www.spybotupd...es/includes.zip
11/14/2004 12:32:16 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
11/19/2004 9:37:00 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
11/19/2004 9:37:13 AM downloaded update Detection rules
11/19/2004 9:37:13 AM - URL: http://www.spybotupd...es/includes.zip
11/19/2004 9:37:13 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
11/19/2004 9:37:14 AM downloaded update English language
11/19/2004 9:37:14 AM - URL: http://www.spybotupd...ang.english.zip
11/19/2004 9:37:14 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
11/19/2004 9:37:21 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
11/29/2004 4:00:28 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
12/7/2004 11:14:12 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
12/7/2004 11:14:23 PM downloaded update Detection rules
12/7/2004 11:14:23 PM - URL: http://www.spybotupd...es/includes.zip
12/7/2004 11:14:23 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
12/7/2004 11:14:24 PM downloaded update English language
12/7/2004 11:14:24 PM - URL: http://www.spybotupd...ang.english.zip
12/7/2004 11:14:24 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
12/19/2004 10:16:01 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
12/19/2004 10:16:12 PM downloaded update Detection rules
12/19/2004 10:16:12 PM - URL: http://www.spybotupd...es/includes.zip
12/19/2004 10:16:12 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
12/19/2004 10:16:16 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
12/29/2004 11:03:36 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/8/2005 10:56:59 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/8/2005 10:57:12 AM downloaded update Detection rules
1/8/2005 10:57:12 AM - URL: http://www.spybotupd...es/includes.zip
1/8/2005 10:57:12 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
1/8/2005 10:57:13 AM downloaded update English language
1/8/2005 10:57:13 AM - URL: http://www.spybotupd...ang.english.zip
1/8/2005 10:57:13 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
1/12/2005 10:20:29 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/18/2005 6:31:18 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/30/2005 9:07:36 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/30/2005 9:07:51 AM downloaded update Detection rules
1/30/2005 9:07:51 AM - URL: http://www.spybotupd...es/includes.zip
1/30/2005 9:07:51 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
1/30/2005 9:07:52 AM downloaded update English language
1/30/2005 9:07:52 AM - URL: http://www.spybotupd...ang.english.zip
1/30/2005 9:07:52 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
1/30/2005 9:07:53 AM downloaded update Immunization database
1/30/2005 9:07:53 AM - URL: http://www.spybotupd...files/clsid.zip
1/30/2005 9:07:53 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
1/30/2005 9:07:53 AM downloaded update Main skins
1/30/2005 9:07:53 AM - URL: http://www.spybotupd.../skins.main.zip
1/30/2005 9:07:53 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\skins.main.zip
1/30/2005 9:07:57 AM downloaded update Startup info
1/30/2005 9:07:57 AM - URL: http://www.spybotupd...les/startup.zip
1/30/2005 9:07:57 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip
2/20/2005 3:00:45 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
2/20/2005 3:01:03 PM downloaded update Detection rules
2/20/2005 3:01:03 PM - URL: http://www.see-cure....es/includes.zip
2/20/2005 3:01:03 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
3/1/2005 8:20:34 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/6/2005 11:27:02 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/6/2005 11:27:13 AM downloaded update Detection rules
3/6/2005 11:27:13 AM - URL: http://www.see-cure....es/includes.zip
3/6/2005 11:27:13 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
3/6/2005 11:27:17 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/11/2005 7:58:25 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/25/2005 8:53:00 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/25/2005 8:53:08 AM downloaded update Detection rules
3/25/2005 8:53:08 AM - URL: http://www.see-cure....es/includes.zip
3/25/2005 8:53:08 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
4/2/2005 11:59:36 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
5/3/2005 9:46:02 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
5/3/2005 9:46:16 PM downloaded update Detection rules
5/3/2005 9:46:16 PM - URL: http://www.spybotupd...es/includes.zip
5/3/2005 9:46:16 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
5/3/2005 9:46:21 PM downloaded update Immunization database
5/3/2005 9:46:21 PM - URL: http://www.spybotupd...files/clsid.zip
5/3/2005 9:46:21 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
5/3/2005 9:46:21 PM downloaded update Immunize fix
5/3/2005 9:46:21 PM - URL: http://www.spybotupd...iles/immfix.zip
5/3/2005 9:46:21 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\immfix.zip
5/20/2005 9:50:33 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
5/20/2005 9:51:01 PM downloaded update Detection rules
5/20/2005 9:51:01 PM - URL: http://www.spybotupd...es/includes.zip
5/20/2005 9:51:01 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
6/7/2005 6:40:47 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
6/7/2005 6:41:01 PM downloaded update Detection rules
6/7/2005 6:41:01 PM - URL: http://www.spybotupd...es/includes.zip
6/7/2005 6:41:01 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
7/3/2005 1:00:51 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
7/3/2005 1:01:05 PM downloaded update Detection rules
7/3/2005 1:01:05 PM - URL: http://www.spybotupd...es/includes.zip
7/3/2005 1:01:05 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
7/3/2005 1:01:06 PM downloaded update English language
7/3/2005 1:01:06 PM - URL: http://www.spybotupd...ang.english.zip
7/3/2005 1:01:06 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
7/27/2005 9:59:23 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
7/27/2005 9:59:35 PM downloaded update Detection rules
7/27/2005 9:59:35 PM - URL: http://www.spybotupd...es/includes.zip
7/27/2005 9:59:35 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
8/18/2005 9:42:18 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
8/18/2005 9:42:36 PM downloaded update Detection rules
8/18/2005 9:42:36 PM - URL: http://www.spybotupd...es/includes.zip
8/18/2005 9:42:36 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
8/30/2005 10:08:18 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
8/30/2005 10:08:35 PM downloaded update Detection rules
8/30/2005 10:08:35 PM - URL: http://www.spybotupd...es/includes.zip
8/30/2005 10:08:35 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
8/30/2005 10:08:39 PM downloaded update Immunization database
8/30/2005 10:08:39 PM - URL: http://www.spybotupd...files/clsid.zip
8/30/2005 10:08:39 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
9/7/2005 11:33:43 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/7/2005 11:34:00 PM downloaded update Detection rules
9/7/2005 11:34:00 PM - URL: http://www.spybotupd...es/includes.zip
9/7/2005 11:34:00 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
9/7/2005 11:34:04 PM downloaded update Immunization database
9/7/2005 11:34:04 PM - URL: http://www.spybotupd...files/clsid.zip
9/7/2005 11:34:04 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
9/8/2005 10:50:37 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/18/2005 4:02:58 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/29/2005 8:25:27 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:01:28 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:03:35 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:03:52 PM downloaded update Detection rules
10/1/2005 12:03:52 PM - URL: http://www.see-cure....es/includes.zip
10/1/2005 12:03:52 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/1/2005 12:03:52 PM - FILE REJECTED because of bad checksum
10/1/2005 12:04:22 PM downloaded update Immunization database
10/1/2005 12:04:22 PM - URL: http://www.see-cure....files/clsid.zip
10/1/2005 12:04:22 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
10/1/2005 12:04:32 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:04:38 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:05:00 PM downloaded update Detection rules
10/1/2005 12:05:00 PM - URL: http://www.see-cure....es/includes.zip
10/1/2005 12:05:00 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/1/2005 12:05:00 PM - FILE REJECTED because of bad checksum
10/8/2005 1:52:32 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/8/2005 1:52:59 PM downloaded update Detection rules
10/8/2005 1:52:59 PM - URL: http://www.see-cure....es/includes.zip
10/8/2005 1:52:59 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/8/2005 1:52:59 PM - FILE REJECTED because of bad checksum
10/8/2005 1:53:36 PM downloaded update Detection rules
10/8/2005 1:53:36 PM - URL: http://www.see-cure....es/includes.zip
10/8/2005 1:53:36 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/8/2005 1:53:36 PM - FILE REJECTED because of bad checksum
10/9/2005 12:47:27 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/9/2005 12:49:00 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/9/2005 12:49:24 PM downloaded update Detection rules
10/9/2005 12:49:24 PM - URL: http://www.see-cure....es/includes.zip
10/9/2005 12:49:24 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/9/2005 12:49:24 PM - FILE REJECTED because of bad checksum
10/9/2005 12:51:49 PM downloaded update English help
10/9/2005 12:51:49 PM - URL: http://www.see-cure....elp.english.zip
10/9/2005 12:51:49 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip
10/9/2005 12:51:50 PM downloaded update English help for TeaTimer
10/9/2005 12:51:50 PM - URL: http://www.spybotupd...res.english.zip
10/9/2005 12:51:50 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
10/9/2005 12:51:50 PM downloaded update English language
10/9/2005 12:51:51 PM - URL: http://www.spybotupd...ang.english.zip
10/9/2005 12:51:51 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
10/9/2005 12:52:02 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/9/2005 12:55:57 PM downloaded update Detection rules
10/9/2005 12:55:57 PM - URL: http://www.see-cure....es/includes.zip
10/9/2005 12:55:57 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/9/2005 12:55:57 PM - FILE REJECTED because of bad checksum
10/9/2005 12:56:11 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/9/2005 12:56:34 PM downloaded update Detection rules
10/9/2005 12:56:34 PM - URL: http://spybot.eon.ne...es/includes.zip
10/9/2005 12:56:34 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/9/2005 12:56:34 PM - FILE REJECTED because of bad checksum

I will keep trying to update this file in the mena time.

#24
Spartans1399

Posted 09 October 2005 - 11:10 AM

Member

Topic Starter
Member
22 posts

I have successfully downloaded and reran Spybot. The one problem that popped up was Windows Security Center.AntiVirusOverride. I had Spybot fix the problem.

In the week since I have successfully run KillVundo I have not seen WinFixer 2005 or Win Antivirus Pro. Is there anything else I need to do? I am running ewido again just to make sure. I have also removed bitdefender since you said I was running two antivirus programs.

#25
rstones12

Posted 09 October 2005 - 11:42 AM

Malware Expert

Retired Staff
3,731 posts

Spartans1399,

Post back a new HJT log by using Add Reply and we can take a look.

Thanks,
rstones12

#26
Spartans1399

Posted 11 October 2005 - 04:36 PM

Member

Topic Starter
Member
22 posts

Here is my new hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 6:34:29 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44236B1A-F8AB-4051-9F62-EA7D4BDD7DB8}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#27
Spartans1399

Posted 11 October 2005 - 04:38 PM

Member

Topic Starter
Member
22 posts

#28
rstones12

Posted 12 October 2005 - 10:36 PM

Malware Expert

Retired Staff
3,731 posts

Spartans1399,

OK, it looks like you have a couple of files that I dont recognize.

Please do the following first.

Please download Suspicious File Packer and unzip it to your desktop.

Now double-click on sfp.exe, it will launch a new window. Paste the following into that window.

C:\WINDOWS\system32\sw20.exe
C:\WINDOWS\system32\sw24.exe

Now click continue, this will create a .zip file on your desktop. Email that file to the following email address.

rstones12 AT geekstogo DOT com

AT = @
DOT = .

Once you have emailed me that file we will proceed with the rest of the fix.

Thanks,
rstones12