1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Yellow triangle /Htepo.com

Discussion in 'Virus & Other Malware Removal' started by JeffVB, Nov 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    Hello,

    I have been attached by Htepo.com (online security guide icons on the desktop) with the yellow triangle with the ! in it. I get the virus war rings and the pop ups.
    System is running windows XP.
    I have been unable to find the file(s) that keep infecting my computer.
    I have tried the installed Norton software and it does not see anything in regular or safe mode. Trend Micro (cwshreder/housecall/sysclean), Mcafee (stinger), smithfraudfix, superantispyware (temporary installed).

    It starts up in safe mode so the virus removing application I feel do not see it.


    Here is the Hijack log-
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:03:14 AM, on 11/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\Cyb2k.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    G:\virus removal tools\tool to see virus\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {820A2C8D-DFC0-4A9F-B3CA-4410CA4F7C04} - C:\WINDOWS\system32\nnnnmli.dll (file missing)
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ohlillel.dll (file missing)
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jpbbzpon.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jpbbzpon.dll
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [74d31d7c] rundll32.exe "C:\WINDOWS\system32\nqqnlpet.dll",b
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.adobe.com
    O15 - Trusted Zone: service1.symantec.com
    O15 - Trusted Zone: www.symantec.com
    O15 - Trusted Zone: http://www.symantec.com
    O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: jpbbzpon - C:\WINDOWS\SYSTEM32\jpbbzpon.dll
    O20 - Winlogon Notify: nnnnmli - nnnnmli.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tfyhqoor.exe (file missing)
    O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 10176 bytes
     
  2. Sponsor

  3. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Hi, Welcome to TSG!!

    Download the HostsXpert 4.0 - Hosts File Manager.
    • Unzip HostsXpert 4.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.0 - Hosts File Manager
    • Run HostsXpert 4.0 - Hosts File Manager from its new home
    • Click "Make Hosts Writable?"
    • Click Restore MS Hosts and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  4. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    ComboFix 07-11-08.1 - HP_Owner 2007-11-08 22:43:31.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.185 [GMT -5:00]
    Running from: K:\virus removal tools\combofix\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\HP_Owner\Application Data\Earthlink\6.0\[email protected]\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk
    C:\WINDOWS\system32\jpbbzpon.dllbox

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
    .

    2007-11-08 22:24 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-11-08 19:33 <DIR> d-------- C:\smitrem
    2007-11-08 19:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-07 20:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2007-11-07 20:37 436,442 ---hs---- C:\WINDOWS\system32\hhkmp.ini2
    2007-11-07 20:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-07 20:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
    2007-11-07 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-07 18:26 4,102 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-07 00:31 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-11-06 21:00 87,104 --a------ C:\WINDOWS\system32\nqqnlpet.dll
    2007-11-06 20:58 145,984 --a------ C:\WINDOWS\system32\jpbbzpon.dll
    2007-11-06 20:57 145,984 --a------ C:\WINDOWS\system32\thnpvpoj.dll
    2007-11-04 20:04 86,080 --a------ C:\WINDOWS\system32\lxixgirx.dll
    2007-11-04 16:35 86,080 --------- C:\WINDOWS\system32\tlrrfbqi.dll
    2007-11-04 14:43 <DIR> d-------- C:\Documents and Settings\Birdy\Application Data\Snapfish
    2007-11-04 14:34 <DIR> d-------- C:\Documents and Settings\Pickle\Application Data\Snapfish
    2007-10-31 20:04 <DIR> d-------- C:\Program Files\Common Files\DirectX
    2007-10-31 18:40 <DIR> d-------- C:\Program Files\Hide IP
    2007-10-30 22:50 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
    2007-10-30 22:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-10-30 22:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
    2007-10-30 22:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
    2007-10-30 22:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
    2007-10-30 20:42 423,643 ---hs---- C:\WINDOWS\system32\hhkmp.bak2
    2007-10-29 18:56 6,465 --ahs---- C:\WINDOWS\system32\hhkmp.bak1
    2007-10-29 18:50 <DIR> d-------- C:\WINDOWS\system32\Mz02r

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-08 23:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-08 23:04 --------- d-----w C:\Program Files\Easy Internet signup
    2007-11-08 23:03 --------- d-----w C:\Program Files\EarthLink TotalAccess
    2007-11-07 05:28 --------- d-----w C:\Program Files\Java
    2007-10-31 02:58 --------- d-----w C:\Program Files\QuickTime
    2007-10-04 00:26 --------- d-----w C:\Program Files\Replay Converter
    2007-10-04 00:05 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2007-10-04 00:05 --------- d-----w C:\Documents and Settings\Birdy\Application Data\GetRightToGo
    2007-09-27 02:32 --------- d-----w C:\Program Files\iTunes
    2007-09-27 02:32 --------- d-----w C:\Program Files\iPod
    2007-09-27 02:30 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-26 01:57 --------- d-----w C:\Program Files\Symantec
    2007-09-17 22:41 --------- d-----w C:\Program Files\Nidesoft DVD to Zune Converter v3.0
    2007-09-17 22:39 --------- d-----w C:\Program Files\Xilisoft
    2006-07-01 00:05 356 ----a-w C:\Documents and Settings\Pickle\Application Data\wklnhst.dat
    2006-02-21 02:14 2,102 ----a-w C:\Documents and Settings\Sparky\Application Data\wklnhst.dat
    2005-11-26 19:16 332 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
    2005-05-22 19:17 0 ----a-w C:\Documents and Settings\Birdy\Application Data\wklnhst.dat
    2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
    2007-06-26 23:19:25 2,073,393 --sha-w C:\WINDOWS\system32\bbadd.bak1
    2007-07-27 23:47:27 1,761,343 --sha-w C:\WINDOWS\system32\bbadd.bak2
    2007-07-27 23:48:28 1,762,503 --sha-w C:\WINDOWS\system32\bbadd.ini2
    .

    ((((((((((((((((((((((((((((( [email protected]_19.20.53.62 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-08 16:59:33 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2007-11-09 03:25:25 1,183,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2007-11-09 03:25:25 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2007-11-08 16:59:33 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2007-11-09 03:25:11 1,183,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2007-11-09 03:25:11 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-06 20:58 145984 --a------ C:\WINDOWS\system32\jpbbzpon.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\jpbbzpon.dll [2007-11-06 20:58 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
    "VTTimer"="C:\hp\patches\51WW1VIA\src\VTTimer.exe" [2004-10-23 06:53]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-21 20:39]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 C:\WINDOWS\SOUNDMAN.EXE]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57]
    "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 12:04]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 08:03]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:42]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 15:43]
    "C2K"="C:\WINDOWS\Cyb2k.exe" [2007-01-21 00:28]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 C:\WINDOWS\ALCXMNTR.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 C:\WINDOWS\ALCWZRD.EXE]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
    "74d31d7c"="C:\WINDOWS\system32\nqqnlpet.dll" [2007-11-06 21:00]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 07:31:38]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jpbbzpon]
    jpbbzpon.dll 2007-11-06 20:58 145984 C:\WINDOWS\system32\jpbbzpon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnmli]
    nnnnmli.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)
    "LmHosts"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe

    R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99ea2bac-7deb-11d9-b38a-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-08-10 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2007-09-27 02:30:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-10-13 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-08 22:47:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-08 22:49:48 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-08 19:21
    .
    --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:54:31 PM, on 11/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\Cyb2k.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    K:\virus removal tools\tool to see virus\HiJackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jpbbzpon.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jpbbzpon.dll
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [74d31d7c] rundll32.exe "C:\WINDOWS\system32\nqqnlpet.dll",b
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.adobe.com
    O15 - Trusted Zone: service1.symantec.com
    O15 - Trusted Zone: www.symantec.com
    O15 - Trusted Zone: http://www.symantec.com
    O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
    O20 - Winlogon Notify: jpbbzpon - C:\WINDOWS\SYSTEM32\jpbbzpon.dll
    O20 - Winlogon Notify: nnnnmli - nnnnmli.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8432 bytes


    SDFix: Version 1.114

    Run by Administrator on Thu 11/08/2007 at 10:26 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\sdfix\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    No Trojan Files Found




    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-08 22:36:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------


    Files with Hidden Attributes:

    Sun 13 Feb 2005 213 A.SHR --- "C:\BOOT.BAK"
    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
    Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
    Mon 9 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll"
    Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
    Mon 9 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
    Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
    Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll"
    Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
    Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
    Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
    Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll"
    Mon 9 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll"
    Mon 9 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll"
    Mon 9 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll"
    Mon 9 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll"
    Mon 9 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll"
    Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll"
    Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
    Sat 12 May 2007 1,495,472 A.SH. --- "C:\WINDOWS\system32\bbadd.tmp"
    Tue 26 Jun 2007 2,073,393 A.SH. --- "C:\WINDOWS\system32\bbadd.bak1"
    Fri 27 Jul 2007 1,761,343 A.SH. --- "C:\WINDOWS\system32\bbadd.bak2"
    Wed 13 Jun 2007 4,572,112 A.SH. --- "C:\WINDOWS\system32\bnupcvdn.tmp"
    Wed 7 Nov 2007 436,442 ..SH. --- "C:\WINDOWS\system32\hhkmp.tmp"
    Mon 29 Oct 2007 6,465 A.SH. --- "C:\WINDOWS\system32\hhkmp.bak1"
    Tue 6 Nov 2007 423,643 ..SH. --- "C:\WINDOWS\system32\hhkmp.bak2"
    Thu 8 Nov 2007 20,640 ..SH. --- "C:\WINDOWS\system32\jpbbzpon.dllbox"
    Tue 7 Jun 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 29 Apr 2007 1,163,264 A.SH. --- "C:\Documents and Settings\All Users\Documents\9th Grade Formal\SIV31.tmp"
    Fri 11 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\HP_Owner\Local Settings\Temp\ico7.tmp"
    Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\HP_Owner\Local Settings\Temp\ico8.tmp"
    Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\HP_Owner\Local Settings\Temp\ico9.tmp"
    Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\HP_Owner\Local Settings\Temp\icoA.tmp"
    Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\HP_Owner\Local Settings\Temp\icoB.tmp"

    Finished!


    smitRem © log file
    version 3.2

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    "IE"="7.0000"
    The current date is: Thu 11/08/2007
    The current time is: 19:39:39.81

    Running from
    C:\smitrem\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\system32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\system32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Appinitdll check ........ Thank you Grinler!

    dumphive.exe (C)2000-2004 Markus Stephany
    REGEDIT4

    [Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    XP Firewall allowed access

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!


    checking for drsmartload2 key


    drsmartload2 key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present
    AlfaCleaner uninstaller NOT present
    SpyFalcon uninstaller NOT present
    SpywareQuake uninstaller NOT present
    SpywareSheriff uninstaller NOT present
    Trust Cleaner uninstaller NOT present
    SpyHeal uninstaller NOT present
    VirusBurst uninstaller NOT present
    BraveSentry uninstaller NOT present
    AntiVermins uninstaller NOT present
    VirusBursters uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Pea @beyondlogic.org
    Killing PID 2000 'explorer.exe'
    Killing PID 2000 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\system32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\system32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~



    ~~~ Wininet.dll ~~~

    CLEAN! :)
     
  5. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Please perform a scan with Kaspersky Webscan Online Virus Scanner

    1. Read the Requirements and Privacy statement, then select "Accept".
    2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    4. When the download is complete it will say ready, click "Next".
    5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    7. Click "OK".
    8. Under "Select a target to scan", click on "My Computer".
    9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  6. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    looking over the logs

    could the following be my source of the spy ware

    O20 - Winlogon Notify: jpbbzpon - C:\WINDOWS\SYSTEM32\jpbbzpon.dll
    O20 - Winlogon Notify: nnnnmli - nnnnmli.dll (file missing)
     
  7. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Those are bad entries but those are not the only ones. Unless you get to the root of the problem you will not have success just deleting those files.
     
  8. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, November 10, 2007 11:51:22 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 11/11/2007
    Kaspersky Anti-Virus database records: 456209
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Scan Statistics:
    Total number of scanned objects: 94587
    Number of viruses found: 40
    Number of infected objects: 196
    Number of suspicious objects: 0
    Duration of the scan process: 01:37:03

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
    C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\f3PSSavr.scr.vir.bac_a02844 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\Documents and Settings\HP_Owner\Application Data\Earthlink\6.0\[email protected]\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\HP_Owner\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
    C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007111020071111\index.dat Object is locked skipped
    C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\Savrt\0088NAV~.TMP Object is locked skipped
    C:\Program Files\Norton AntiVirus\Savrt\0580NAV~.TMP Object is locked skipped
    C:\RECYCLER\S-1-5-21-4232252545-1967430346-1277792404-1011\Dc436.exe/mwsSetup.Zwinky.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\RECYCLER\S-1-5-21-4232252545-1967430346-1277792404-1011\Dc436.exe CAB: infected - 1 skipped
    C:\RECYCLER\S-1-5-21-4232252545-1967430346-1277792404-1011\Dc437.exe/mwsSetup.Zwinky.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\RECYCLER\S-1-5-21-4232252545-1967430346-1277792404-1011\Dc437.exe CAB: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP184\A0070978.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP189\A0073292.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP189\A0073292.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP190\A0073315.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP190\A0073316.exe Infected: Trojan.Win32.Agent.aoy skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP190\A0073317.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073684.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073685.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073686.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073687.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073688.exe Infected: Trojan.Win32.Agent.aoy skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073689.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073690.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073691.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073692.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073693.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073695.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073696.dll Infected: Trojan.Win32.BHO.bd skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073697.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073698.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hc skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073699.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073700.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073701.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073702.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073703.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073704.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073705.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073706.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073707.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073708.dll Infected: Trojan.Win32.BHO.bd skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073709.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073710.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073711.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073712.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073713.exe Infected: Trojan.Win32.Agent.anr skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073714.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073715.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073716.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073717.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073718.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073719.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073720.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073721.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073722.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073723.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073724.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073725.exe Infected: Trojan.Win32.Agent.aoy skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073726.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073727.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073728.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073729.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073730.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073731.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073732.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073733.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073734.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073735.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073736.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073737.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073738.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073739.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073740.exe Infected: Trojan.Win32.Agent.aoy skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073741.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073742.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073743.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073744.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073745.exe Infected: Trojan.Win32.Agent.aoy skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073746.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073747.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073748.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073749.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073750.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073751.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073752.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073753.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073754.dll Infected: Trojan.Win32.BHO.g skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073755.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073756.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073757.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073758.exe Infected: Trojan-Downloader.Win32.VB.fn skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073759.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073760.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hc skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073761.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073762.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073763.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hc skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073764.dll Infected: Trojan.Win32.BHo_O skipped
     
  9. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073765.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073766.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073767.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073768.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073769.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073770.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073771.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073772.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP191\A0073773.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP193\A0074442.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP196\A0074650.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP196\A0074650.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0076987.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0076989.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0076998.dll Infected: Trojan-Downloader.Win32.Agent.epy skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078272.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078272.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078273.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078274.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078275.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078276.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078276.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078276.exe CryptFF: infected - 1 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078277.exe Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078278.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078279.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078280.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078281.dll Infected: Trojan-Downloader.Win32.Agent.epy skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078282.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078283.exe Infected: Trojan-Downloader.Win32.VB.bqc skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078284.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078284.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078284.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078284.exe NSIS: infected - 3 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078284.exe CryptFF: infected - 3 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078288.exe Infected: Trojan-Downloader.Win32.VB.axa skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078290.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078291.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078292.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078293.exe Infected: Trojan-Downloader.Win32.VB.fn skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078294.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078295.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078296.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078297.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078298.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078299.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078300.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078301.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078302.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078303.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078304.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078305.exe Infected: Trojan.Win32.Agent.anr skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078306.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078307.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078308.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078309.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078310.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078311.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078312.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078313.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078314.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078315.dll Infected: Trojan.Win32.BHo_O skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078316.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078317.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078318.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078319.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078320.exe Infected: Trojan-Downloader.Win32.VB.axa skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078321.exe/data0005 Infected: Trojan-Downloader.Win32.VB.fn skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078321.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078321.exe CryptFF: infected - 1 skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078322.exe Infected: Trojan-Downloader.Win32.VB.axa skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078323.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078324.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078325.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078326.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078327.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078328.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078329.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078330.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078331.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078332.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078333.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078334.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078335.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078336.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078337.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078338.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078339.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078340.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078341.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078342.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078343.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078344.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078345.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP199\A0078346.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP201\A0078478.exe Infected: Trojan.Win32.Obfuscated.kp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP201\A0079477.exe Infected: Trojan.Win32.Obfuscated.kp skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP204\A0080839.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP206\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\lxixgirx.dll Infected: Trojan.Win32.BHO.rf skipped
    C:\WINDOWS\system32\tlrrfbqi.dll Infected: Trojan.Win32.BHO.rf skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    K:\virus removal tools\smithfraudfix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    K:\virus removal tools\smithfraudfix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    K:\virus removal tools\smithfraudfix\SmitfraudFix.exe RarSFX: infected - 2 skipped
    K:\virus removal tools\smithfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    Scan process completed.
     
  10. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Restart the machine if it does not reboot and post a new hijackthis log. Let me know how things are running as well.
     
  11. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:38:20 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\Cyb2k.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    K:\virus removal tools\tool to see virus\HiJackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jpbbzpon.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jpbbzpon.dll
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [74d31d7c] rundll32.exe "C:\WINDOWS\system32\nqqnlpet.dll",b
    O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.adobe.com
    O15 - Trusted Zone: service1.symantec.com
    O15 - Trusted Zone: www.symantec.com
    O15 - Trusted Zone: http://www.symantec.com
    O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
    O20 - Winlogon Notify: jpbbzpon - C:\WINDOWS\SYSTEM32\jpbbzpon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8738 bytes
     
  12. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Run HJT again and put a check in the following:

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jpbbzpon.dll
    O4 - HKLM\..\Run: [74d31d7c] rundll32.exe "C:\WINDOWS\system32\nqqnlpet.dll",b
    O20 - Winlogon Notify: jpbbzpon - C:\WINDOWS\SYSTEM32\jpbbzpon.dll

    Close all applications and browser windows before you click "fix checked".


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  13. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:04:39 PM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\Cyb2k.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\trend micro\HiJackThis.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.adobe.com
    O15 - Trusted Zone: service1.symantec.com
    O15 - Trusted Zone: www.symantec.com
    O15 - Trusted Zone: http://www.symantec.com
    O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    --
    End of file - 7417 bytes
     
  14. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:41:41 PM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\Cyb2k.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\trend micro\HiJackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.adobe.com
    O15 - Trusted Zone: service1.symantec.com
    O15 - Trusted Zone: www.symantec.com
    O15 - Trusted Zone: http://www.symantec.com
    O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    --
    End of file - 7308 bytes
     
  15. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    You did not post the SUPERAntiSpyware log.


    How is it running now? Any problems?
     
  16. JeffVB

    JeffVB Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    10
    Your last change and the running of the file ATF clean was the solution. The last few files we stopped were the key.

    I have since remove Norton/Symantec software because of the poor support and the many conflicts it has created with my Home System.

    I installed fresh a copy of Trend Micro and it has removed the remaining adware/spyware.

    Thank you for your time and GREAT SERVICE.

    Issue is resolved.
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649398