Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win Fixer 2005/Win Antivirus Pro help


  • Please log in to reply

#16
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
KillVundo.bat is still not working. I have attached the folder with the extracts.

Attached Files


  • 0

Advertisements


#17
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
KillVundo.bat still will not work. I double click and nothing happens. Here is the folder showing the files.

Attached Files


  • 0

#18
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I believe the problem has something do do with MS-DOS. It doesn't seem to want to work (I can't even run any .bat files). I went to microsoft.com to try and download MS-DOS but all I get is a bunch of icons on my pc.
  • 0

#19
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have sort of succesfully run KillVundo.bat. I rebooted in safe mode with a command prompt. Using my 7th grade dos skills (I actually remembered some basic stuff), I was able to run the .bat file from there. I don't know if it was enitely successful. Here is the log file from that:

KillVundo.bat
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 148 'smss.exe'
Threads [152][156][160]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of explorer.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 224 'winlogon.exe'
Killing PID 224 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.

Hijackthis file:
Logfile of HijackThis v1.99.1
Scan saved at 9:47:37 AM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

I am runing Active scan now. I will post it when it is done. The good news is ewido did not popup with a trojan virus alert so hopefully we are close...
  • 0

#20
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here is my Active Scan log:


Incident Status Location

Adware:adware/ncase No disinfected Windows Registry
Spyware:Spyware/Virtumonde No disinfected C:\System Volume Information\_restore{88588603-E304-4C8C-BD9B-C2F11C3F8093}\RP159\A0160427.dll
  • 0

#21
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
And here is an updated hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:00 AM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44236B1A-F8AB-4051-9F62-EA7D4BDD7DB8}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


What else needs to be done?
  • 0

#22
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

Good job on that...

First it looks like you are running two Anti-Virus applications... Bit Defender and Symantec, are you aware of this... Running two Anti-Virus applications can cause system issues in some cases.

Have you updated and scanned with your Spybot and Ad-Aware applications..

Thanks,
rstones12
  • 0

#23
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Yes I have updated Ad-aware and ran. Spybot will not update. I get a !badchecksum! error. Here is that log file

8/28/2004 4:11:12 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
8/30/2004 7:40:07 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
8/30/2004 7:40:25 PM downloaded update Detection rules
8/30/2004 7:40:25 PM - URL: http://www.spybotupd...es/includes.zip
8/30/2004 7:40:25 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
9/8/2004 10:01:20 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/11/2004 8:24:59 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/16/2004 6:45:01 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/16/2004 6:45:15 PM downloaded update Immunization database
9/16/2004 6:45:15 PM - URL: http://www.spybotupd...files/clsid.zip
9/16/2004 6:45:15 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
9/23/2004 6:07:30 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/23/2004 6:07:31 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/23/2004 6:07:42 PM downloaded update Detection rules
9/23/2004 6:07:42 PM - URL: http://www.spybotupd...es/includes.zip
9/23/2004 6:07:42 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/2/2004 12:08:39 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/2/2004 12:09:05 PM downloaded update Detection rules
10/2/2004 12:09:05 PM - URL: http://www.spybotupd...es/includes.zip
10/2/2004 12:09:05 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/2/2004 12:09:12 PM downloaded update English help
10/2/2004 12:09:12 PM - URL: http://www.spybotupd...elp.english.zip
10/2/2004 12:09:12 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip
10/2/2004 12:09:14 PM downloaded update English help for TeaTimer
10/2/2004 12:09:14 PM - URL: http://www.spybotupd...res.english.zip
10/2/2004 12:09:14 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
10/5/2004 6:53:49 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/11/2004 6:35:03 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/28/2004 8:00:16 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/28/2004 8:00:36 PM downloaded update Advanced detection library
10/28/2004 8:00:36 PM - URL: http://www.spybotupd...es/advcheck.zip
10/28/2004 8:00:36 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\advcheck.zip
10/28/2004 8:00:42 PM downloaded update Detection rules
10/28/2004 8:00:42 PM - URL: http://www.spybotupd...es/includes.zip
10/28/2004 8:00:42 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/28/2004 8:00:44 PM downloaded update English help for TeaTimer
10/28/2004 8:00:44 PM - URL: http://www.spybotupd...res.english.zip
10/28/2004 8:00:44 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
10/28/2004 8:00:44 PM downloaded update English language
10/28/2004 8:00:44 PM - URL: http://www.spybotupd...ang.english.zip
10/28/2004 8:00:44 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
10/28/2004 8:00:46 PM downloaded update Immunization database
10/28/2004 8:00:46 PM - URL: http://www.spybotupd...files/clsid.zip
10/28/2004 8:00:46 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
10/28/2004 8:00:51 PM downloaded update Startup info
10/28/2004 8:00:51 PM - URL: http://www.spybotupd...les/startup.zip
10/28/2004 8:00:51 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip
11/8/2004 4:29:20 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
11/14/2004 12:32:05 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
11/14/2004 12:32:16 PM downloaded update Detection rules
11/14/2004 12:32:16 PM - URL: http://www.spybotupd...es/includes.zip
11/14/2004 12:32:16 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
11/19/2004 9:37:00 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
11/19/2004 9:37:13 AM downloaded update Detection rules
11/19/2004 9:37:13 AM - URL: http://www.spybotupd...es/includes.zip
11/19/2004 9:37:13 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
11/19/2004 9:37:14 AM downloaded update English language
11/19/2004 9:37:14 AM - URL: http://www.spybotupd...ang.english.zip
11/19/2004 9:37:14 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
11/19/2004 9:37:21 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
11/29/2004 4:00:28 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
12/7/2004 11:14:12 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
12/7/2004 11:14:23 PM downloaded update Detection rules
12/7/2004 11:14:23 PM - URL: http://www.spybotupd...es/includes.zip
12/7/2004 11:14:23 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
12/7/2004 11:14:24 PM downloaded update English language
12/7/2004 11:14:24 PM - URL: http://www.spybotupd...ang.english.zip
12/7/2004 11:14:24 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
12/19/2004 10:16:01 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
12/19/2004 10:16:12 PM downloaded update Detection rules
12/19/2004 10:16:12 PM - URL: http://www.spybotupd...es/includes.zip
12/19/2004 10:16:12 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
12/19/2004 10:16:16 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
12/29/2004 11:03:36 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/8/2005 10:56:59 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/8/2005 10:57:12 AM downloaded update Detection rules
1/8/2005 10:57:12 AM - URL: http://www.spybotupd...es/includes.zip
1/8/2005 10:57:12 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
1/8/2005 10:57:13 AM downloaded update English language
1/8/2005 10:57:13 AM - URL: http://www.spybotupd...ang.english.zip
1/8/2005 10:57:13 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
1/12/2005 10:20:29 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/18/2005 6:31:18 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/30/2005 9:07:36 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
1/30/2005 9:07:51 AM downloaded update Detection rules
1/30/2005 9:07:51 AM - URL: http://www.spybotupd...es/includes.zip
1/30/2005 9:07:51 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
1/30/2005 9:07:52 AM downloaded update English language
1/30/2005 9:07:52 AM - URL: http://www.spybotupd...ang.english.zip
1/30/2005 9:07:52 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
1/30/2005 9:07:53 AM downloaded update Immunization database
1/30/2005 9:07:53 AM - URL: http://www.spybotupd...files/clsid.zip
1/30/2005 9:07:53 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
1/30/2005 9:07:53 AM downloaded update Main skins
1/30/2005 9:07:53 AM - URL: http://www.spybotupd.../skins.main.zip
1/30/2005 9:07:53 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\skins.main.zip
1/30/2005 9:07:57 AM downloaded update Startup info
1/30/2005 9:07:57 AM - URL: http://www.spybotupd...les/startup.zip
1/30/2005 9:07:57 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\startup.zip
2/20/2005 3:00:45 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
2/20/2005 3:01:03 PM downloaded update Detection rules
2/20/2005 3:01:03 PM - URL: http://www.see-cure....es/includes.zip
2/20/2005 3:01:03 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
3/1/2005 8:20:34 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/6/2005 11:27:02 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/6/2005 11:27:13 AM downloaded update Detection rules
3/6/2005 11:27:13 AM - URL: http://www.see-cure....es/includes.zip
3/6/2005 11:27:13 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
3/6/2005 11:27:17 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/11/2005 7:58:25 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/25/2005 8:53:00 AM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
3/25/2005 8:53:08 AM downloaded update Detection rules
3/25/2005 8:53:08 AM - URL: http://www.see-cure....es/includes.zip
3/25/2005 8:53:08 AM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
4/2/2005 11:59:36 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
5/3/2005 9:46:02 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
5/3/2005 9:46:16 PM downloaded update Detection rules
5/3/2005 9:46:16 PM - URL: http://www.spybotupd...es/includes.zip
5/3/2005 9:46:16 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
5/3/2005 9:46:21 PM downloaded update Immunization database
5/3/2005 9:46:21 PM - URL: http://www.spybotupd...files/clsid.zip
5/3/2005 9:46:21 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
5/3/2005 9:46:21 PM downloaded update Immunize fix
5/3/2005 9:46:21 PM - URL: http://www.spybotupd...iles/immfix.zip
5/3/2005 9:46:21 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\immfix.zip
5/20/2005 9:50:33 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
5/20/2005 9:51:01 PM downloaded update Detection rules
5/20/2005 9:51:01 PM - URL: http://www.spybotupd...es/includes.zip
5/20/2005 9:51:01 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
6/7/2005 6:40:47 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
6/7/2005 6:41:01 PM downloaded update Detection rules
6/7/2005 6:41:01 PM - URL: http://www.spybotupd...es/includes.zip
6/7/2005 6:41:01 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
7/3/2005 1:00:51 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
7/3/2005 1:01:05 PM downloaded update Detection rules
7/3/2005 1:01:05 PM - URL: http://www.spybotupd...es/includes.zip
7/3/2005 1:01:05 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
7/3/2005 1:01:06 PM downloaded update English language
7/3/2005 1:01:06 PM - URL: http://www.spybotupd...ang.english.zip
7/3/2005 1:01:06 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
7/27/2005 9:59:23 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
7/27/2005 9:59:35 PM downloaded update Detection rules
7/27/2005 9:59:35 PM - URL: http://www.spybotupd...es/includes.zip
7/27/2005 9:59:35 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
8/18/2005 9:42:18 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
8/18/2005 9:42:36 PM downloaded update Detection rules
8/18/2005 9:42:36 PM - URL: http://www.spybotupd...es/includes.zip
8/18/2005 9:42:36 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
8/30/2005 10:08:18 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
8/30/2005 10:08:35 PM downloaded update Detection rules
8/30/2005 10:08:35 PM - URL: http://www.spybotupd...es/includes.zip
8/30/2005 10:08:35 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
8/30/2005 10:08:39 PM downloaded update Immunization database
8/30/2005 10:08:39 PM - URL: http://www.spybotupd...files/clsid.zip
8/30/2005 10:08:39 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
9/7/2005 11:33:43 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/7/2005 11:34:00 PM downloaded update Detection rules
9/7/2005 11:34:00 PM - URL: http://www.spybotupd...es/includes.zip
9/7/2005 11:34:00 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
9/7/2005 11:34:04 PM downloaded update Immunization database
9/7/2005 11:34:04 PM - URL: http://www.spybotupd...files/clsid.zip
9/7/2005 11:34:04 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
9/8/2005 10:50:37 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/18/2005 4:02:58 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
9/29/2005 8:25:27 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:01:28 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:03:35 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:03:52 PM downloaded update Detection rules
10/1/2005 12:03:52 PM - URL: http://www.see-cure....es/includes.zip
10/1/2005 12:03:52 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/1/2005 12:03:52 PM - FILE REJECTED because of bad checksum
10/1/2005 12:04:22 PM downloaded update Immunization database
10/1/2005 12:04:22 PM - URL: http://www.see-cure....files/clsid.zip
10/1/2005 12:04:22 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\clsid.zip
10/1/2005 12:04:32 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:04:38 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/1/2005 12:05:00 PM downloaded update Detection rules
10/1/2005 12:05:00 PM - URL: http://www.see-cure....es/includes.zip
10/1/2005 12:05:00 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/1/2005 12:05:00 PM - FILE REJECTED because of bad checksum
10/8/2005 1:52:32 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/8/2005 1:52:59 PM downloaded update Detection rules
10/8/2005 1:52:59 PM - URL: http://www.see-cure....es/includes.zip
10/8/2005 1:52:59 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/8/2005 1:52:59 PM - FILE REJECTED because of bad checksum
10/8/2005 1:53:36 PM downloaded update Detection rules
10/8/2005 1:53:36 PM - URL: http://www.see-cure....es/includes.zip
10/8/2005 1:53:36 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/8/2005 1:53:36 PM - FILE REJECTED because of bad checksum
10/9/2005 12:47:27 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/9/2005 12:49:00 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/9/2005 12:49:24 PM downloaded update Detection rules
10/9/2005 12:49:24 PM - URL: http://www.see-cure....es/includes.zip
10/9/2005 12:49:24 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/9/2005 12:49:24 PM - FILE REJECTED because of bad checksum
10/9/2005 12:51:49 PM downloaded update English help
10/9/2005 12:51:49 PM - URL: http://www.see-cure....elp.english.zip
10/9/2005 12:51:49 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\help.english.zip
10/9/2005 12:51:50 PM downloaded update English help for TeaTimer
10/9/2005 12:51:50 PM - URL: http://www.spybotupd...res.english.zip
10/9/2005 12:51:50 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\helpres.english.zip
10/9/2005 12:51:50 PM downloaded update English language
10/9/2005 12:51:51 PM - URL: http://www.spybotupd...ang.english.zip
10/9/2005 12:51:51 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\lang.english.zip
10/9/2005 12:52:02 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/9/2005 12:55:57 PM downloaded update Detection rules
10/9/2005 12:55:57 PM - URL: http://www.see-cure....es/includes.zip
10/9/2005 12:55:57 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/9/2005 12:55:57 PM - FILE REJECTED because of bad checksum
10/9/2005 12:56:11 PM Downloaded update info file. (http://security.koll...es/spybotsd.ini)
10/9/2005 12:56:34 PM downloaded update Detection rules
10/9/2005 12:56:34 PM - URL: http://spybot.eon.ne...es/includes.zip
10/9/2005 12:56:34 PM - Local file: C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
10/9/2005 12:56:34 PM - FILE REJECTED because of bad checksum

I will keep trying to update this file in the mena time.
  • 0

#24
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have successfully downloaded and reran Spybot. The one problem that popped up was Windows Security Center.AntiVirusOverride. I had Spybot fix the problem.

In the week since I have successfully run KillVundo I have not seen WinFixer 2005 or Win Antivirus Pro. Is there anything else I need to do? I am running ewido again just to make sure. I have also removed bitdefender since you said I was running two antivirus programs.
  • 0

#25
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

Post back a new HJT log by using Add Reply and we can take a look.

Thanks,
rstones12
  • 0

Advertisements


#26
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here is my new hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 6:34:29 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44236B1A-F8AB-4051-9F62-EA7D4BDD7DB8}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

#27
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here is my new hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 6:34:29 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: http://www.bestbuy.com
O15 - Trusted Zone: *.expedia.com
O15 - Trusted Zone: *.juno.com
O15 - Trusted Zone: www.newegg.com
O15 - Trusted Zone: www.rockvillebank.com
O15 - Trusted Zone: *.sears.com
O15 - Trusted Zone: www.usps.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.windows.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://modsecgat.di...ca32/ica32t.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120191783953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44236B1A-F8AB-4051-9F62-EA7D4BDD7DB8}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

#28
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

OK, it looks like you have a couple of files that I dont recognize.

Please do the following first.

Please download Suspicious File Packer and unzip it to your desktop.

Now double-click on sfp.exe, it will launch a new window. Paste the following into that window.

C:\WINDOWS\system32\sw20.exe
C:\WINDOWS\system32\sw24.exe
Now click continue, this will create a .zip file on your desktop. Email that file to the following email address.

rstones12 AT geekstogo DOT com

AT = @
DOT = .

Once you have emailed me that file we will proceed with the rest of the fix.

Thanks,
rstones12
  • 0

#29
Spartans1399

Spartans1399

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have email you the files
  • 0

#30
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
Spartans1399,

Thanks for the files.

Are you using a GeForce NX7800 GTX video card. I think the files are related to it.

Thanks,
rstones12
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP