grapejoos Posted July 15, 2008 ID:22898 Share Posted July 15, 2008 Hello, This is (thankfully) my first time posting, but I got a Vundo infection and I can't seem to get rid of it. Will post MBAM, Panda, and Hijack this logs below. Any help is appreciated. The MBAM log is not showing an infection at the moment but one will return at some point; I will post a log reflecting the infection when that happens if helpful.Before stumbling on this site I also tried VundoFix and VirtumundoBegone and neither found an infection.Any help is appreciated. Thanks.Malwarebytes' Anti-Malware 1.20Database version: 945Windows 5.1.2600 Service Pack 212:13:51 PM 7/15/2008mbam-log-7-15-2008 (12-13-51).txtScan type: Quick ScanObjects scanned: 46234Time elapsed: 6 minute(s), 25 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
grapejoos Posted July 15, 2008 Author ID:22899 Share Posted July 15, 2008 Here is the Panda log:;***********************************************************************************************************************************************************************************ANALYSIS: 2008-07-14 21:48:36PROTECTIONS: 1MALWARE: 18SUSPECTS: 1;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Symantec Antivirus Corporate Edition 10.0 No Yes;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No Archive Folders\Inbox\Customer notice: your CitiBank account [Fri, 06 Aug 2004 16:21:05 +0400]00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No Archive Folders\Inbox\Customer notice: your CitiBank account [Fri, 06 Aug 2004 16:21:05 +0400]00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No Personal Folders\Inbox\Customer notice: your CitiBank account [Fri, 06 Aug 2004 16:21:05 +0400]00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No Personal Folders\Inbox\Customer notice: your CitiBank account [Fri, 06 Aug 2004 16:21:05 +0400]00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No Archive Folders\Inbox\Customer notice: your CitiBank account [Fri, 06 Aug 2004 16:21:05 +0400]00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No Personal Folders\Inbox\Customer notice: your CitiBank account [Fri, 06 Aug 2004 16:21:05 +0400]00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\eMusic\eMusic Download Manager\Profiles\1hgmugav.default\cookies.txt[.trafficmp.com/]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[.doubleclick.net/]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Cookies\jason@atdmt[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[.atdmt.com/]00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\eMusic\eMusic Download Manager\Profiles\1hgmugav.default\cookies.txt[.fastclick.net/]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Cookies\jason@tribalfusion[1].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.tribalfusion.com/]00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Cookies\jason@findwhat[1].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.com.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Cookies\jason@com[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\eMusic\eMusic Download Manager\Profiles\1hgmugav.default\cookies.txt[ad.yieldmanager.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.serving-sys.com/]00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.bs.serving-sys.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.ads.pointroll.com/]00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.questionmarket.com/]00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.questionmarket.com/]00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.questionmarket.com/]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[.adrevolver.com/]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[.adrevolver.com/]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[.adrevolver.com/]00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\macbook\Application Data\Mozilla\Firefox\Profiles\vqr69n5f.default\cookies.txt[.adrevolver.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.go.com/]00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\jason\Application Data\Mozilla\Firefox\Profiles\qbxi3yyy.default\cookies.txt[.ads.addynamix.com/]02907323 Trj/Downloader.TAG Virus/Trojan No 0 Yes No F:\game systems\DS R4\r4 disc\imgview0.6 for R4\misc\攋懝IPK僼傽僀儖廋暅僣乕儖.exe03074964 Trj/CI.A Virus/Trojan No 0 Yes No E:\download\bittorrent\Remote.Administrator.Radmin.v3.0.FULL\Remote.Administrator.Radmin.v3.0.FULL\FIX - Read Informations\Famatech.Radmin.Server.3.0.Trial.Stop.and.Tray.Icon.Remove\R3GOD.DLL03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\All Users\Documents\Remote.Administrator.Radmin.v3.0.FULL.zip[Remote.Administrator.Radmin.v3.0.FULL/FIX - Read Informations/Famatech.Radmin.Server.3.0.Trial.Stop.and.Tray.Icon.Remove/R3GOD.DLL];===================================================================================================================================================================================SUSPECTSSent Location ;===================================================================================================================================================================================No C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SGE8Y7KQ\0902[1].dll;===================================================================================================================================================================================VULNERABILITIESId Severity Description ;===================================================================================================================================================================================;=================================================================================================================================================================================== Link to post Share on other sites More sharing options...
grapejoos Posted July 15, 2008 Author ID:22901 Share Posted July 15, 2008 Here is the Hijackthis Log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:55:32 AM, on 7/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\My Book\WD Backup\uBBMonitor.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: (no name) - {3AE25886-BB19-4156-BBA7-F420F4B48A2B} - C:\WINDOWS\system32\iifgHxWm.dll (file missing)O2 - BHO: {92cc7d5f-5d50-4d6b-a654-c94cf3e1bd54} - {45db1e3f-c49c-456a-b6d4-05d5f5d7cc29} - C:\WINDOWS\system32\vtfahv.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {B6F4CF56-A1E3-4655-8DE8-142A98C97892} - C:\WINDOWS\system32\ssqPhFWQ.dll (file missing)O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -onO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /autoO4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuietO4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheckO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing)O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 10514 bytes Link to post Share on other sites More sharing options...
grapejoos Posted July 15, 2008 Author ID:22902 Share Posted July 15, 2008 If it is helpful, this is my first MBAM log, before anything was removed....Malwarebytes' Anti-Malware 1.20Database version: 945Windows 5.1.2600 Service Pack 25:16:59 PM 7/13/2008mbam-log-7-13-2008 (17-16-59).txtScan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)Objects scanned: 220254Time elapsed: 2 hour(s), 46 minute(s), 0 second(s)Memory Processes Infected: 0Memory Modules Infected: 3Registry Keys Infected: 11Registry Values Infected: 6Registry Data Items Infected: 1Folders Infected: 0Files Infected: 27Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\mpkelegd.dll (Trojan.Vundo) -> Unloaded module successfully.C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PMTVABSR\3077ahntdksr[1].dll (Trojan.Pakes) -> Unloaded module successfully.C:\WINDOWS\system32\awtsSlMc.dll (Trojan.Vundo) -> Unloaded module successfully.Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{856d6b51-da6d-4739-8dec-45a415801393} (Trojan.Pakes) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856d6b51-da6d-4739-8dec-45a415801393} (Trojan.Pakes) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{fe27e908-4c06-4bae-88a0-655d0ce752cb} (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe27e908-4c06-4bae-88a0-655d0ce752cb} (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsslmc (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\revo uninstaller (Rogue.Installer) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b855234b (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fe27e908-4c06-4bae-88a0-655d0ce752cb} (Trojan.Vundo) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifghxwm -> Delete on reboot.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\iifgHxWm.dll_old (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\mWxHgfii.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\mWxHgfii.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\mpkelegd.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\dgelekpm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\uwwoyjge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\egjyowwu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PMTVABSR\3077ahntdksr[1].dll (Trojan.Pakes) -> Delete on reboot.C:\WINDOWS\system32\awtsSlMc.dll (Trojan.Vundo) -> Delete on reboot.C:\Documents and Settings\jason\Desktop\revosetup.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066097.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066111.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP727\A0066116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP728\A0068156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP728\A0068157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.E:\backup\install these\winrar_v3.51\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\BMbb6610d7.xml (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\BMbb6610d7.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 15, 2008 ID:22944 Share Posted July 15, 2008 When did you run the HJT scan? That always needs to be last after a scan with any removal tool. Please update MBAM and run a quick scan again with it, post the log and a new HJT log. Link to post Share on other sites More sharing options...
grapejoos Posted July 15, 2008 Author ID:22950 Share Posted July 15, 2008 Thanks so much for the help, and apologies for the out-of-sequence logs. Here is a new MBAM scan (after updating), HJT log will follow in next post:Malwarebytes' Anti-Malware 1.20Database version: 957Windows 5.1.2600 Service Pack 27:11:18 PM 7/15/2008mbam-log-7-15-2008 (19-11-18).txtScan type: Quick ScanObjects scanned: 45502Time elapsed: 7 minute(s), 39 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
grapejoos Posted July 15, 2008 Author ID:22951 Share Posted July 15, 2008 And here is the new HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:12:56 PM, on 7/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\My Book\WD Backup\uBBMonitor.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: {92cc7d5f-5d50-4d6b-a654-c94cf3e1bd54} - {45db1e3f-c49c-456a-b6d4-05d5f5d7cc29} - C:\WINDOWS\system32\vtfahv.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {B6F4CF56-A1E3-4655-8DE8-142A98C97892} - C:\WINDOWS\system32\ssqPhFWQ.dll (file missing)O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -onO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /autoO4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuietO4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exeO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing)O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 10583 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted July 16, 2008 ID:22962 Share Posted July 16, 2008 Please find this file C:\WINDOWS\system32\vtfahv.dll and put it in a zipped folder and attach here in your next reply.Now run HJT in scan only with all programs closed, put a check next to the following and then click fixO2 - BHO: (no name) - {B6F4CF56-A1E3-4655-8DE8-142A98C97892} - C:\WINDOWS\system32\ssqPhFWQ.dll (file missing)O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing)reboot update MBAM and run a new quick scan, post that log and new HJT please. Link to post Share on other sites More sharing options...
grapejoos Posted July 16, 2008 Author ID:22974 Share Posted July 16, 2008 Here is the MBAM log:Malwarebytes' Anti-Malware 1.20Database version: 957Windows 5.1.2600 Service Pack 212:01:49 AM 7/16/2008mbam-log-7-16-2008 (00-01-49).txtScan type: Quick ScanObjects scanned: 45482Time elapsed: 7 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
grapejoos Posted July 16, 2008 Author ID:22975 Share Posted July 16, 2008 Here is the HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:02:08 AM, on 7/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\My Book\WD Backup\uBBMonitor.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: {92cc7d5f-5d50-4d6b-a654-c94cf3e1bd54} - {45db1e3f-c49c-456a-b6d4-05d5f5d7cc29} - C:\WINDOWS\system32\vtfahv.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -onO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /autoO4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuietO4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exeO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing)O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 10166 bytes Link to post Share on other sites More sharing options...
grapejoos Posted July 16, 2008 Author ID:22976 Share Posted July 16, 2008 And here is the zipped file.For what it's worth, SOUNDMAN.exe and Radmin are at least legit programs that I installed, but I told HJT to remove them as instructed.Thanks again for your help.vtfahv.zipvtfahv.zip Link to post Share on other sites More sharing options...
JeanInMontana Posted July 16, 2008 ID:23028 Share Posted July 16, 2008 The Soundman showing in your log is not legit, and the Radmin entry had a missing file, so it was just clean up. The program isn't there or not functioning.OK delete this file C:\WINDOWS\system32\vtfahv.dll sorry I should have said that yesterday. I'm on day 3 of a headache and not really thinking well. Now run HJT again in scan only put a check next to the lines below and click fix.O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: {92cc7d5f-5d50-4d6b-a654-c94cf3e1bd54} - {45db1e3f-c49c-456a-b6d4-05d5f5d7cc29} - C:\WINDOWS\system32\vtfahv.dllO23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing)Update MBAM run a quick scan post the log, you might use the File Assassin feature in it to delete this C:\WINDOWS\system32\vtfahv.dll. Post that log and a new HJT. Link to post Share on other sites More sharing options...
grapejoos Posted July 16, 2008 Author ID:23037 Share Posted July 16, 2008 Thanks again. Used FileAssassin to delete the file (required a reboot). Updated MBAM, log is below. Will post the HJT log next. Hope your headache improves! Speaking of headaches, I've been experiencing an issue that manifests itself every 2-3 reboots where Windows will hang after I click on my user name to log in. It may be totally unrelated to these issues, but it didn't happen before. I have to do a hard reset when it does this, and then it will login normally to Windows. There's no discernible pattern to it so far but I will let you know if the behavior changes.Malwarebytes' Anti-Malware 1.20Database version: 960Windows 5.1.2600 Service Pack 26:28:00 PM 7/16/2008mbam-log-7-16-2008 (18-28-00).txtScan type: Quick ScanObjects scanned: 45766Time elapsed: 9 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\Downloaded Program Files\unagiuninst.exe (Trojan.Agent) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
grapejoos Posted July 16, 2008 Author ID:23038 Share Posted July 16, 2008 Here is the new HJT log. Radmin doesn't want to go away it appears. I can try uninstalling the program if you think that might help. Thanks again.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:30:45 PM, on 7/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\My Book\WD Backup\uBBMonitor.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -onO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /autoO4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuietO4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exeO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing)O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 9926 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted July 16, 2008 ID:23043 Share Posted July 16, 2008 I would reinstall the program, it has to be damaged in some way for it to show a file missing. It could be malware related with the boot hang, your log is looking good.You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation.Your running an outdated and unsafe version of Adobe latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or if you don't want to see the features etc.Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.Your also behind on Windows updates, before you install SP3 I recommend you do a Disk check for errors and defrag. Go to My Computer, right click on Local Disk C and choose properties. Then the tools tab, put a check in both boxes for the error check option and say yes to reschedule the check on the next boot, then reboot. After the error check, do the defrag.Are you seeing any symptoms? Link to post Share on other sites More sharing options...
grapejoos Posted July 17, 2008 Author ID:23115 Share Posted July 17, 2008 Thanks so much Jean. I was not seeing any symptoms other than the IE popups and the boot hang (which may or may not be related). I installed SP3 and the newest version of Java (though I am still trying to get the old versions of Java to uninstall; Add/Remove programs gives an error when I try), and so far MBAM has not detected any threats in a quick or full scan (before and after reboots). That is a new and welcome development. I am currently updating other software identified by Secunia.So, so far so good. I will keep scanning and will keep you informed of my status, but so far it seems like removing that .dll and the items you identified in HJT has made a difference.Thanks again. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 18, 2008 ID:23184 Share Posted July 18, 2008 I was not seeing any symptoms other than the IE popupsWhat kind of popups? Popups are not good. What are they? Link to post Share on other sites More sharing options...
grapejoos Posted July 18, 2008 Author ID:23187 Share Posted July 18, 2008 What kind of popups? Popups are not good. What are they?To clarify, the popups appeared when I used IE to check for Windows updates before I deleted the DLL and entries from HJT that you identified on the 16th. I have not seen one since. When they appeared, they were full-screen ads for other websites, I can't remember what they were for exactly as I closed them quickly. Since I performed the changes you requested and installed SP3, I have not had any symptoms. Likewise, I have done multiple MBAM scans, both quick and full, and no threats have been found. I have also used IE since then with no popups or any other suspicious behavior.That said, yesterday, the virus definitions auto-updated for Norton Antivirus, and Norton detected 2 threats, one of which was a Trojan.Vundo (can't recall the other). Norton identified 100-200 registry keys and a few files and removed them all. I'm not sure if this is something new that I "caught" since the fixes were implemented, or if Norton's updated definitions simply identified something pre-existing that MBAM did not see/remove. I'm thinking it's the latter, but I'm going to continue updating MBAM and scanning until I'm absolutely certain everything is clean.Thanks again for all of your help, and let me know if there's anything you think I should do. In lieu of any suggestions, I will continue to update you on my progress in this thread (and, by the way, I was able to get those old versions of Java off my system, with some difficulty). Link to post Share on other sites More sharing options...
JeanInMontana Posted July 18, 2008 ID:23190 Share Posted July 18, 2008 OK, empty the Recycle Bin, all your temp files and the quarantine folder for Symantic. Make sure MBAM quarantine is empty too. Update Symantec and scan again. Do the same with MBAM. Let me know what Symantec says, post the MBAM log and a new HJT log please. Link to post Share on other sites More sharing options...
grapejoos Posted July 19, 2008 Author ID:23218 Share Posted July 19, 2008 Ok, so Symantec found more stuff on a full system search with new definitions. I am attaching the threats.csv log (can be opened in excel) in a ZIP, but here is a pasted list of the threat name and filename (more info in the attached threat log).Trojan.Metajuan Partial 2 VBRDC8.dllTrojan.Metajuan Partial 2 VBRC9AA.dllTrojan.Metajuan Partial 2 VBR82FD.TMPTrojan.Vundo Partial 4 VBR374E.TMPTrojan.Metajuan Partial 2 VBREF87.dllTrojan.Metajuan Quarantined 2 rdmkcsbe.dllTrojan.Metajuan Quarantined 2 mqlwemrv.dllTrojan.Metajuan Quarantined 2 jjxcge.dllTrojan.Vundo Quarantined 4 kb671231[1]Trojan.Metajuan Quarantined 2 kb767887[1]I will attach MBAM and HJT logs in the next posts. I purchased MBAM, so I will have it protecting in the future. Thanks again.OK, empty the Recycle Bin, all your temp files and the quarantine folder for Symantic. Make sure MBAM quarantine is empty too. Update Symantec and scan again. Do the same with MBAM. Let me know what Symantec says, post the MBAM log and a new HJT log please. Link to post Share on other sites More sharing options...
grapejoos Posted July 19, 2008 Author ID:23219 Share Posted July 19, 2008 Whoops, here is the file.Ok, so Symantec found more stuff on a full system search with new definitions. I am attaching the threats.csv log (can be opened in excel) in a ZIP, but here is a pasted list of the threat name and filename (more info in the attached threat log).Trojan.Metajuan Partial 2 VBRDC8.dllTrojan.Metajuan Partial 2 VBRC9AA.dllTrojan.Metajuan Partial 2 VBR82FD.TMPTrojan.Vundo Partial 4 VBR374E.TMPTrojan.Metajuan Partial 2 VBREF87.dllTrojan.Metajuan Quarantined 2 rdmkcsbe.dllTrojan.Metajuan Quarantined 2 mqlwemrv.dllTrojan.Metajuan Quarantined 2 jjxcge.dllTrojan.Vundo Quarantined 4 kb671231[1]Trojan.Metajuan Quarantined 2 kb767887[1]I will attach MBAM and HJT logs in the next posts. I purchased MBAM, so I will have it protecting in the future. Thanks again.symantec_log.zipsymantec_log.zip Link to post Share on other sites More sharing options...
grapejoos Posted July 19, 2008 Author ID:23220 Share Posted July 19, 2008 Here is the MBAM log:Malwarebytes' Anti-Malware 1.21Database version: 966Windows 5.1.2600 Service Pack 311:47:35 PM 7/18/2008mbam-log-7-18-2008 (23-47-35).txtScan type: Quick ScanObjects scanned: 44574Time elapsed: 7 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
grapejoos Posted July 19, 2008 Author ID:23221 Share Posted July 19, 2008 And here is the HJT log. Still working on the Radmin server issue.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:59:18 PM, on 7/18/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PeerGuardian2\pg2.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\My Book\WD Backup\uBBMonitor.exeC:\Program Files\Secunia\PSI (RC3)\psi.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -onO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /autoO4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuietO4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exeO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe (file missing)O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 10296 bytes Link to post Share on other sites More sharing options...
grapejoos Posted July 19, 2008 Author ID:23222 Share Posted July 19, 2008 Got Radmin to uninstall correctly, so here's an updated HJT log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:07:33 AM, on 7/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\SlySoft\CloneCD\CloneCDTray.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PeerGuardian2\pg2.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\My Book\WD Backup\uBBMonitor.exeC:\Program Files\Secunia\PSI (RC3)\psi.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -onO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /autoO4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuietO4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exeO4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXEO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 10143 bytes Link to post Share on other sites More sharing options...
grapejoos Posted July 19, 2008 Author ID:23274 Share Posted July 19, 2008 Symantec has found more viruses. I'm attaching another zipped .csv log; I think this may include the entries I sent you previously, but it will have the new ones as well.new_symantec_log.zipnew_symantec_log.zip Link to post Share on other sites More sharing options...
Recommended Posts