Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security Center Popups [RESOLVED]


  • This topic is locked This topic is locked

#1
piaffe

piaffe

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

I'm having trouble with random popups asking me to download "WinAntiVirusPro" and "WinAntiSpywarePro." I'm also getting other popups, including some for winfixer.

It looks like someone else had the same problem in this thread, but I don't know whether the solutions recommended for him would apply to me as well.

I'm running Win XP Pro. I ran Windows Update, Norton AV, SpybotSD, and AdAware (all updated yesterday (10/21)) with no results.

I read the "Read This" post, and my HJT log is below.

Thanks!

Edited to add: I've also had some slight slowing in IE--there's a delay when I type text in post windows like this one, and also a delay when I open a link in a new window and then Alt-Tab back to my first window.

Edited again to add: I downloaded and ran ewido and mwavscan last night. Those logs are below, as well as another HJT log. Still having problems.

---------------------------
Hijack This Log 10/22
---------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:23:34 PM, on 10/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\norton\defwatch.exe
C:\norton\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\norton\vptray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\ssh\SshClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theonion.com/content/index
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\rqrqn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\norton\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: bugmenot - file://C:\bugmenot\bugmenot.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\msoffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://dogfeathers.com/java/spirals
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121138511421
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E3E6209-5205-480C-880D-AD1612E7CC1F}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rqrqn - C:\WINDOWS\system32\rqrqn.dll
O23 - Service: DefWatch - Symantec Corporation - C:\norton\defwatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\norton\rtvscan.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:13:40 PM, 10/23/2005
+ Report-Checksum: 8422FC1F

+ Scan result:

HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1993962763-920026266-1708537768-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-1993962763-920026266-1708537768-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1993962763-920026266-1708537768-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\mjm222\Local Settings\Temp\Cookies\mjm222@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\mjm222\Local Settings\Temp\Cookies\mjm222@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\mjm222\Local Settings\Temp\Cookies\mjm222@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\mjm222\Local Settings\Temp\Cookies\mjm222@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\mjm222\Local Settings\Temp\Cookies\mjm222@ehg-cbs.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\mjm222\Local Settings\Temp\Cookies\mjm222@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\mjm222\Local Settings\Temp\Cookies\mjm222@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\system32\rqrqn.dll -> Spyware.Virtumonde : Cleaned with backup


::Report End


------------------------------
mwavscan log
------------------------------
***Note: I forgot to cut and paste the Virus Log Information into a notepad file, so I went through the log created by the tool and put all errors and actions taken into a notepad file. I hope that works***

Sun Oct 23 21:34:27 2005 => File C:\Documents and Settings\mjm222\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43247d2e-47923e8f.zip infected by "Trojan.Java.ClassLoader.z" Virus. Action Taken: File Deleted.
Sun Oct 23 21:32:05 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ADMINI~1\Cookies\index.dat
Sun Oct 23 21:32:05 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat
Sun Oct 23 21:32:05 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG
Sun Oct 23 21:32:05 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ADMINI~1\LOCALS~1\History\History.IE5\index.dat
Sun Oct 23 21:32:06 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
Sun Oct 23 21:32:06 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ADMINI~1\ntuser.dat
Sun Oct 23 21:32:06 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ADMINI~1\NTUSER~1.LOG
Sun Oct 23 21:32:09 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Crypto\RSA\MACHIN~1\60C8C7~1
Sun Oct 23 21:32:09 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\DRWATS~1\user.dmp
Sun Oct 23 21:38:07 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false
Sun Oct 23 21:38:07 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:38:07 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false possibly infected and removed by background antivirus package!
Sun Oct 23 21:38:07 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=
Sun Oct 23 21:38:07 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:38:07 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site= possibly infected and removed by background antivirus package!
Sun Oct 23 21:38:07 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=
Sun Oct 23 21:38:07 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:38:07 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site= possibly infected and removed by background antivirus package!
Sun Oct 23 21:38:07 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=
Sun Oct 23 21:38:07 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:38:08 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site= possibly infected and removed by background antivirus package!
Sun Oct 23 21:38:08 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi
Sun Oct 23 21:38:08 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:38:08 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi possibly infected and removed by background antivirus package!
Sun Oct 23 21:38:08 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si
Sun Oct 23 21:38:08 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:38:08 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si possibly infected and removed by background antivirus package!
Sun Oct 23 21:38:08 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=hotwireTop&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si
Sun Oct 23 21:38:08 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:38:08 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L2FK1IZ\channel=air&Section=results&adsize=hotwireTop&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=interstitial&adsize=450x200&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=interstitial&adsize=450x200&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false& possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site= possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site= possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site= possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=air&Section=results&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=home&Section=main&adsize=1x1&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=1&height=1&[1
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=home&Section=main&adsize=1x1&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=1&height=1&[1 possibly infected and removed by background antivirus package!
Sun Oct 23 21:40:51 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=home&Section=main&adsize=728x90&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=728&height
Sun Oct 23 21:40:51 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:40:51 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\CX43WBK7\channel=home&Section=main&adsize=728x90&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=728&height possibly infected and removed by background antivirus package!
Sun Oct 23 21:47:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false
Sun Oct 23 21:47:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:47:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false possibly infected and removed by background antivirus package!
Sun Oct 23 21:47:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi
Sun Oct 23 21:47:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:47:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi possibly infected and removed by background antivirus package!
Sun Oct 23 21:47:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si
Sun Oct 23 21:47:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:47:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si possibly infected and removed by background antivirus package!
Sun Oct 23 21:47:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si
Sun Oct 23 21:47:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:47:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si possibly infected and removed by background antivirus package!
Sun Oct 23 21:47:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=results&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false
Sun Oct 23 21:47:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:47:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=air&Section=results&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false possibly infected and removed by background antivirus package!
Sun Oct 23 21:47:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=home&Section=main&adsize=468x60_top&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=468&he
Sun Oct 23 21:47:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:47:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=home&Section=main&adsize=468x60_top&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=468&he possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:56 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false
Sun Oct 23 21:49:56 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:56 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:56 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false
Sun Oct 23 21:49:56 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=details&adsize=hotwireBottom&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=120x600&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site= possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=1x1&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbi possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=air&Section=results&adsize=468x60_top&origin=SFO&dest=LGA&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&si possibly infected and removed by background antivirus package!
Sun Oct 23 21:49:57 2005 => Scanning File C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=home&Section=main&adsize=342x188&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=342&heigh
Sun Oct 23 21:49:57 2005 => ERROR!!! MS_ScanAndClean return ffffffff
Sun Oct 23 21:49:57 2005 => C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\UNIV69AV\channel=home&Section=main&adsize=342x188&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=342&heigh possibly infected and removed by background antivirus package!
C:\Documents and Settings\mjm222\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5IF49UJ\channel=home&Section=main&adsize=468x60_top&CookieName=OSC&sessionID=DRU8qtaqGh!-1868181232!183215681!7001!-1!1129387068712&secure=false&site=orbitz&width=468&he possibly infected and removed by background antivirus package!
Sun Oct 23 21:51:33 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat
Sun Oct 23 21:51:33 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG
Sun Oct 23 21:51:34 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\NTUSER.DAT
Sun Oct 23 21:51:34 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\NTUSER~1.LOG
Sun Oct 23 22:11:58 2005 => ERROR!!! ScanFile fails for C:\SYSTEM~1\_RESTO~1\RP216\change.log
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\es.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
Sun Oct 23 22:19:56 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
Sun Oct 23 22:19:58 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
Sun Oct 23 22:19:58 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\h323.tsp
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\dao360.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll
Sun Oct 23 22:19:59 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll
Sun Oct 23 22:20:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll
Sun Oct 23 22:20:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll
Sun Oct 23 22:20:00 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll
Sun Oct 23 22:20:01 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll
Sun Oct 23 22:20:01 2005 => *** File C:\WINDOWS\$NtUninstallKB839645$\shell32.dll having Size Restriction ***
Sun Oct 23 22:20:01 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll
Sun Oct 23 22:20:01 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
Sun Oct 23 22:20:01 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll
Sun Oct 23 22:20:05 2005 => *** File C:\WINDOWS\$NtUninstallKB841356$\shell32.dll having Size Restriction ***
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\AppEvent.Evt
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\default
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\default.LOG
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SAM
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SAM.LOG
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SecEvent.Evt
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SECURITY
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SECURITY.LOG
Sun Oct 23 22:39:34 2005 => *** File C:\WINDOWS\system32\config\software having Size Restriction ***
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\software.LOG
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SysEvent.Evt
Sun Oct 23 22:39:34 2005 => *** File C:\WINDOWS\system32\config\system having Size Restriction ***
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\system.LOG
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
Sun Oct 23 22:39:34 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\History\History.IE5\index.dat
Sun Oct 23 22:40:33 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
Sun Oct 23 22:47:35 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Sun Oct 23 22:47:35 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
Sun Oct 23 22:47:35 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
Sun Oct 23 22:47:35 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Sun Oct 23 22:47:35 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Sun Oct 23 22:47:35 2005 => *** File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA having Size Restriction ***
Sun Oct 23 22:47:35 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Sun Oct 23 22:48:16 2005 => ***** Checking for specific ITW Viruses *****
Sun Oct 23 22:48:16 2005 => Checking for Welchia Virus...
Sun Oct 23 22:48:16 2005 => Checking for LovGate Virus...
Sun Oct 23 22:48:17 2005 => Checking for CodeRed Virus...
Sun Oct 23 22:48:17 2005 => Checking for OpaServ Virus...
Sun Oct 23 22:48:17 2005 => Checking for Sobig.e Virus...
Sun Oct 23 22:48:17 2005 => Checking for Winupie Virus...
Sun Oct 23 22:48:17 2005 => Checking for Swen Virus...
Sun Oct 23 22:48:17 2005 => Checking for JS.Fortnight Virus...
Sun Oct 23 22:48:17 2005 => Checking for Novarg Virus...
Sun Oct 23 22:48:17 2005 => Checking for Pagabot Virus...
Sun Oct 23 22:48:17 2005 => Checking for Parite.b Virus...
Sun Oct 23 22:48:17 2005 => Checking for Parite.a Virus...

Sun Oct 23 22:48:17 2005 => ***** Scanning complete. *****

Sun Oct 23 22:48:17 2005 => Total Number of Files Scanned: 42440
Sun Oct 23 22:48:17 2005 => Total Number of Virus(es) Found: 1
Sun Oct 23 22:48:17 2005 => Total Number of Disinfected Files: 0
Sun Oct 23 22:48:17 2005 => Total Number of Files Renamed: 0
Sun Oct 23 22:48:17 2005 => Total Number of Deleted Files: 1
Sun Oct 23 22:48:17 2005 => Total Number of Errors: 68
Sun Oct 23 22:48:18 2005 => Time Elapsed: 01:21:07
Sun Oct 23 22:48:18 2005 => Virus Database Date: 2005/10/07
Sun Oct 23 22:48:18 2005 => Virus Database Count: 152762

Sun Oct 23 22:48:18 2005 => Scan Completed.

--------------------------
HijackThis Log
--------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:55:40 PM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\norton\vptray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\norton\defwatch.exe
C:\ewido\ewidoctrl.exe
C:\norton\rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theonion.com/content/index
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\rqrqn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\norton\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: bugmenot - file://C:\bugmenot\bugmenot.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\msoffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://fun.drno.de
O15 - Trusted Zone: http://www.ultimatedressage.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://dogfeathers.com/java/spirals
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....wareScanner.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121138511421

Edited by piaffe, 24 October 2005 - 11:31 AM.

  • 0

Advertisements


#2
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Welcome to Geeks to Go! :)

Since it's been a couple of days since your last log, will you please post a new HiJackThis log into this topic?

Thanks :tazz:
Michelle
  • 0

#3
piaffe

piaffe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Yay! Thanks for helping. Here's a HJT log from right now:

Logfile of HijackThis v1.99.1
Scan saved at 5:24:48 PM, on 10/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\norton\vptray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\norton\defwatch.exe
C:\ewido\ewidoctrl.exe
C:\norton\rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theonion.com/content/index
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\rqrqn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\norton\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: bugmenot - file://C:\bugmenot\bugmenot.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\msoffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://fun.drno.de
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://www.ultimatedressage.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://dogfeathers.com/java/spirals
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....wareScanner.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121138511421
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E3E6209-5205-480C-880D-AD1612E7CC1F}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rqrqn - C:\WINDOWS\system32\rqrqn.dll
O23 - Service: DefWatch - Symantec Corporation - C:\norton\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\norton\rtvscan.exe


I'll be out of town until Friday the 29th, but will check in then! Thanks!

Edited by piaffe, 24 October 2005 - 08:52 PM.

  • 0

#4
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Sounds good, here are your instructions for when you get back :tazz:

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\rqrqn.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\nqrqr.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\rqrqn.dll

    O20 - Winlogon Notify: rqrqn - C:\WINDOWS\system32\rqrqn.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#5
piaffe

piaffe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for the help. Logs are below. Problems haven't recurred so far.

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was c:\windows\system32\rqrqn.dll

The second filepath entered was c:\windows\system32\nqrqr.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 132 'smss.exe'

Killing PID 748 'explorer.exe'
Killing PID 748 'explorer.exe'


Killing PID 208 'winlogon.exe'
--------------------------------------------------------------------------------------

c:\windows\system32\rqrqn.dll Deleted sucessfully.
c:\windows\system32\nqrqr.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------

ActiveScan

Incident Status Location
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\nnnop.dll

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 2:37:02 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\norton\vptray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\norton\defwatch.exe
C:\ewido\ewidoctrl.exe
C:\norton\rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\adobe\Reader\AcroRd32.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theonion.com/content/index
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\rqrqn.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\norton\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: bugmenot - file://C:\bugmenot\bugmenot.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\msoffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://fun.drno.de
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://www.ultimatedressage.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: law.yale.edu
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://dogfeathers.com/java/spirals
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....wareScanner.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121138511421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E3E6209-5205-480C-880D-AD1612E7CC1F}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rqrqn - C:\WINDOWS\system32\rqrqn.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\norton\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\norton\rtvscan.exe
  • 0

#6
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\rqrqn.dll (file missing)

O15 - Trusted Zone: http://fun.drno.de <- you can leave it, if you put it there
O15 - Trusted Zone: http://www.ultimatedressage.com <-you can leave it if you put it there

O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://dogfeathers.com/java/spirals
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....wareScanner.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab

O20 - Winlogon Notify: rqrqn - C:\WINDOWS\system32\rqrqn.dll (file missing)


Close HiJackThis.

Set your system to SHOW HIDDEN FILES

Then please delete the following file:

C:\WINDOWS\system32\nnnop.dll

Rescan with HiJackThis and post a new HiJackThis log, please. :tazz:
  • 0

#7
piaffe

piaffe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here it is: :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 11:52:30 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\norton\vptray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\norton\defwatch.exe
C:\ewido\ewidoctrl.exe
C:\norton\rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\ssh\SshClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theonion.com/content/index
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\norton\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: bugmenot - file://C:\bugmenot\bugmenot.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\msoffice\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://fun.drno.de
O15 - Trusted Zone: http://housecall.trendmicro.com
O15 - Trusted Zone: http://www.ultimatedressage.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: law.yale.edu
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121138511421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E3E6209-5205-480C-880D-AD1612E7CC1F}: NameServer = 204.60.203.179 66.73.20.40
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\norton\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\norton\rtvscan.exe
  • 0

#8
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Looks much better! Any other problems?
  • 0

#9
piaffe

piaffe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No, I think it's fixed! Thank you! :tazz:
  • 0

#10
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Congratulations your log is clean! Great job on the clean up :tazz:

I strongly advise an anti-virus application, there are 3 great free ones listed below :)

I recommend checking the http://www.microsoft.com website periodically for critical updates to install.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Some very good free anti-virus programs are Avast, AVG and Anti-Vir
  • Firewall<= A firewall is definitely a must have. Three good free versions are Sygate, Kerio, and ZoneAlarm.

  • 0

#11
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP