1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't install any virus protect. or firewall! HELP!

Discussion in 'Windows - Virus and spyware problems' started by Jaimz23, Jun 14, 2007.

  1. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    Long story short I had some sort of virus on my computer. I got rid of it by using Dr.Web.... I uninstalled my Zone Alarm to do a clean install after the problem was gone and now I can't reinstall Zone Alarm. The Vmos.exe file couldn't be opened warning comes up. I even tried the free older version of Zone alarm available on this site and it won't work either same error message. I tried to install spybot and it won't install (can't remember the error message) and I just tried to install the AVG Free from this site and I got this error message which I copied

    "Error: Action failed for file avgamsvr.exe: creating file....No such file or directory"

    I am at a loss as to what to do. I can't even start in safe mode after I pick safe mode The blue screen comes up stating that there is a problem with the computer and to run chkdsk. Which I have done and still no help. I ran a hijackthis and here is the log file. I got this computer from a friend about 1 yr. ago and I don't have the windows XP disc so I'm looking for any help other than reformat.
    Thanks


    Logfile of HijackThis v1.99.1
    Scan saved at 8:16:32 PM, on 6/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Inverse IP InSight\PenTele\ARMon32a.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TangoManager.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Stine\Desktop\Computer Clean-up Programs\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TANGOM~1.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161447866562
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Inverse IP InSight Client (PenTele) (InverseLaunchIPI_PenTele) - Inverse Network Technology - C:\Program Files\Inverse IP InSight\PenTele\LaunchIPI.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    I ran F-secure blacklight just now and here is that log file. Don't know if it will help, but here it is.

    06/14/07 20:20:14 [Info]: BlackLight Engine 1.0.61 initialized
    06/14/07 20:20:14 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    06/14/07 20:20:14 [Note]: 7019 4
    06/14/07 20:20:14 [Note]: 7005 0
    06/14/07 20:20:17 [Note]: 7006 0
    06/14/07 20:20:17 [Note]: 7011 1716
    06/14/07 20:20:17 [Note]: 7026 0
    06/14/07 20:20:17 [Note]: 7026 0
    06/14/07 20:20:21 [Note]: FSRAW library version 1.7.1021
    06/14/07 20:20:24 [Info]: Hidden file: c:\Documents and Settings\Stine\Application Data\hidires\hidr.exe
    06/14/07 20:20:24 [Note]: 10002 2
    06/14/07 20:20:24 [Info]: Hidden file: c:\Documents and Settings\Stine\Application Data\hidires\m_hook.sys
    06/14/07 20:20:24 [Note]: 10002 2
    06/14/07 20:20:24 [Note]: 10002 3
    06/14/07 20:20:24 [Note]: 10002 3
    06/14/07 20:20:24 [Note]: 10002 2
    06/14/07 20:20:24 [Note]: 10002 2
    06/14/07 20:21:26 [Note]: 10002 2
    06/14/07 20:21:26 [Note]: 10002 2
    06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
    06/14/07 20:22:06 [Note]: 10002 3
    06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
    06/14/07 20:22:06 [Note]: 10002 3
    06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
    06/14/07 20:22:06 [Note]: 10002 3
    06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
    06/14/07 20:22:06 [Note]: 10002 3
    06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
    06/14/07 20:22:06 [Note]: 10002 3
    06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
    06/14/07 20:22:06 [Note]: 10002 3
    06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
    06/14/07 20:22:06 [Note]: 10002 3
    06/14/07 20:22:06 [Note]: 10002 2
    06/14/07 20:22:06 [Note]: 10002 2
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.rgn
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.rgn
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.rgn
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.rgn
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_down.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_up.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\capbuttons.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\checkbox.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\columnheads.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\games_close.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\groupboxedge.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_disabled.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_hot.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_normal.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\indigo.xml
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\itabs.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar_states.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menuitem.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_scroll.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_sep.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo.jpg
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo_intl.jpg
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\progressbar.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pushbuttons.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\radio.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vbg.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hhandle.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vhandle.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_buttons.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_griph.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_gripv.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hbg.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusbar.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusgrabber.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\sys_menu.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs_standard.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tab_border.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tbar_sep.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\toolbarbuttons.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.rgn
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.rgn
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.rgn
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.bmp
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.rgn
    06/14/07 20:22:34 [Note]: 10002 3
    06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_capbuttons.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_vert.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_up.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_h.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_down.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_horz.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_left.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_right.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_v.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_bg.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.rgn
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.rgn
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.rgn
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.rgn
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_down.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_up.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\capbuttons.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\checkbox.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\columnheads.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\games_close.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\groupboxedge.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_disabled.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_hot.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_normal.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\itabs.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\maverick.xml
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar_states.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menuitem.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_scroll.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_sep.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue.jpg
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue_intl.jpg
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\progressbar.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pushbuttons.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\radio.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vbg.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hhandle.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vhandle.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_buttons.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_griph.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_gripv.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hbg.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusbar.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusgrabber.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\sys_menu.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs_standard.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tab_border.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_bg.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_sep.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\toolbarbuttons.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.rgn
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.rgn
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.rgn
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.rgn
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_capbuttons.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_vert.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_up.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_h.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_down.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_horz.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_left.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_right.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_v.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_bg.bmp
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\preview_classic_msgr.jpg
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YAlertCenter.dll
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkin2.dll
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelect.dll
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelectRes.dll
    06/14/07 20:22:35 [Note]: 10002 3
    06/14/07 20:22:35 [Note]: 10002 2
    06/14/07 20:22:35 [Note]: 10002 2
    06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\imepaden.hlp
    06/14/07 20:28:05 [Note]: 10002 3
    06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\imepadsm.dll
    06/14/07 20:28:05 [Note]: 10002 3
    06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\imepadsv.exe
    06/14/07 20:28:05 [Note]: 10002 3
    06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\imlang.dll
    06/14/07 20:28:05 [Note]: 10002 3
    06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\RES\PADRS404.DLL
    06/14/07 20:28:05 [Note]: 10002 3
    06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\RES\padrs411.dll
    06/14/07 20:28:05 [Note]: 10002 3
    06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\RES\padrs412.dll
    06/14/07 20:28:05 [Note]: 10002 3
    06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\RES\padrs804.dll
    06/14/07 20:28:05 [Note]: 10002 3
    06/14/07 20:28:05 [Note]: 10002 2
    06/14/07 20:28:05 [Note]: 10002 2
    06/14/07 20:29:09 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\wintems.exe
    06/14/07 20:29:09 [Note]: 10002 2
    06/14/07 20:29:09 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\hldrrr.exe
    06/14/07 20:29:09 [Note]: 10002 2
     
  3. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    I'll take a look at it right now, get back to you within a few minutes.

    Interesting BlackLight log, I have to say.
     
  4. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Please contact your bank accounts and other accounts immediately. From another computer, change all the passwords to your bank, email, you name it accounts, and do not go on this computer until everything is fixed. Your HijackThis log shows no problems, which is why I'm glad you posted the BlackLight log. Trojan.W32.BAGLE is also registered as an email trojan, which says that there is a chance you may have got it from an email.

    I'll attempt to clean your computer as best I can.

    Please scan your computer with Trend Micro's HouseCall. Click the "Scan now. It's free!" text to start the scan. Accept the terms of use, and launch HouseCall. Note: You Must Use Internet Explorer Or FireFox For This Scan To Work! Please be patient, as the scan can take well over an hour to complete. When it is completed, remove all baddies found.

    Please do another scan with Kaspersky's Online Scanner. Press the "Kaspersky Online Scanner" button and Accept the license agreement. You must be using Internet Explorer for this scan to work. When the scan is done, it shall give you the option to produce a log. Please do so, and post the contents of that log in your reply.

    Do the two online scans in order and not at the same time, it will make a lot more sense to me.

    When both of those are done, download Deckard's System Scanner from that website. Note: This program is meant for Windows 2000 and higher (including Vista) only! Save the file to your desktop, and double-click it to run it. Press "OK" and let the scanner do its work. It may appear to freeze or hang your computer; this is normal, so let the scanner finish. It usually will not take very long. When the scan is finished, it shall make two logs for you - one will be called "main" and the other, "extra". "main" will be maximized and "extra" will be minimized. Post both logfiles (as in copy and paste) in a reply.

    Once that is finished, unplug your computer from the Internet. Run another BlackLight scan and post the log.

    In your reply:
    * A logfile of Kaspersky's Online Scan
    * main.txt from Deckard's System Scanner
    * extra.txt from Deckard's System Scanner
    * BlackLight log
    * A new HijackThis logfile (not that it will help very much)
     
  5. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    I will try to do all of this and get back to you. By the way do you think the wintems.exe are what is preventing me from instaliing new firewall, antivirus, antispyware etc. I heard some virus' delete the needed files in the new programs you try to install so you can't get rid of the virus. It's now 1:30 P.M and Trend Micro is running I'll get back to you as soon as possible thanks.
     
  6. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    No problem.

    I really should have done this earlier, but now doesn't hurt. Please go to http://www.virustotal.com and click the "Browse" button at the top of the page. In the box, paste the following:

    c:\WINDOWS\SYSTEM32\wintems.exe

    Then, hit "Open" and "Send". Make sure to wait - the scan is very high-demand and uses 32 different antivirus engines. Once the box on the upper left says "Scan Finished", copy the entire table (not the formatting - just the text) and post it in a reply, along with your other stuff.

    Since Wintems is a "backdoor" program, it is possible and even likely that it is preventing the .exe files in antivirus programs from starting.
     
    Last edited: Jun 16, 2007
  7. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    Sorry it took so long. Here's the Kaspersky 1 results:


    Saturday, June 16, 2007 4:57:53 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 16/06/2007
    Kaspersky Anti-Virus database records: 326066


    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true

    Scan Target Critical Areas
    C:\WINDOWS
    C:\DOCUME~1\Stine\LOCALS~1\Temp\

    Scan Statistics
    Total number of scanned objects 21067
    Number of viruses found 0
    Number of infected objects 0
    Number of suspicious objects 0
    Duration of the scan process 00:16:44

    Infected Object Name Virus Name Last Action
    C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

    C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Object is locked skipped

    C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped

    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

    C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\TangoManager.log Object is locked skipped

    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

    C:\WINDOWS\WIASERVC.LOG Object is locked skipped

    C:\DOCUME~1\Stine\LOCALS~1\Temp\JET31CD.tmp Object is locked skipped

    C:\DOCUME~1\Stine\LOCALS~1\Temp\me_7E2tVFzl40v9gVM Object is locked skipped

    C:\DOCUME~1\Stine\LOCALS~1\Temp\me_aZNm8Arq9Nh2WBM Object is locked skipped

    C:\DOCUME~1\Stine\LOCALS~1\Temp\me_Lc0ot8xrYhvpHd7 Object is locked skipped

    C:\DOCUME~1\Stine\LOCALS~1\Temp\me_odi3o5cKtPnIiQO Object is locked skipped

    C:\DOCUME~1\Stine\LOCALS~1\Temp\me_z3Ti7or1gmtxgT6 Object is locked skipped

    C:\DOCUME~1\Stine\LOCALS~1\Temp\Perflib_Perfdata_7a0.dat Object is locked skipped

    Scan process completed.
     
  8. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    Kaspersky 2:


    Saturday, June 16, 2007 6:18:45 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 16/06/2007
    Kaspersky Anti-Virus database records: 326066


    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    C:\
    D:\
    E:\
    F:\

    Scan Statistics
    Total number of scanned objects 75845
    Number of viruses found 3
    Number of infected objects 49
    Number of suspicious objects 2
    Duration of the scan process 00:48:10

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ec8ee43ddb74c50551984bb8cbf15ec_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\113bae8c1f53845228e7e51d1c5e2427_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3384f657a43192ff9c64c7463ff43924_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cc1b6332ccd0b0d993fa814368c42f7_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65e6125c7ad06683a6aa574af9df031f_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70e408cef5c1210229605ab41fa871aa_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a34dd35fbcbda5fd601116bb96d60753_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAdloadgw4.zip/id.exe Suspicious: Password-protected-EXE skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAdloadgw4.zip ZIP: suspicious - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Brian Schultz\64F49A87\issues\8a76b21b-7d94-48b5-9353-ec7efa3390fb.cab Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Brian Schultz\64F49A87\issues\siidx.xml Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390918.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390919.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390920.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390921.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390922.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390923.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390924.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390925.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390926.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390927.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390928.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390929.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390930.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390931.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390932.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390933.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390934.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390935.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390936.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390937.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390938.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390939.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390940.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390941.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390942.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390943.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390944.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390945.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390946.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390947.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390948.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390949.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390950.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390951.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390952.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390953.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390954.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390955.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390956.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390957.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390958.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390959.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390960.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390961.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390962.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390963.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0391005.sys.bac_a03680 Infected: Email-Worm.Win32.Bagle.ie skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0391015.sys.bac_a03680 Infected: Email-Worm.Win32.Bagle.ie skipped

    C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0391044.sys.bac_a03680 Infected: Email-Worm.Win32.Bagle.ie skipped

    C:\Documents and Settings\Stine\Cookies\INDEX.DAT Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\History\History.IE5\MSHist012007061520070616\index.dat Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\History\History.IE5\MSHist012007061620070617\index.dat Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Temp\me_7E2tVFzl40v9gVM Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Temp\me_aZNm8Arq9Nh2WBM Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Temp\me_Lc0ot8xrYhvpHd7 Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Temp\me_odi3o5cKtPnIiQO Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Temp\me_z3Ti7or1gmtxgT6 Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Temp\Perflib_Perfdata_7a0.dat Object is locked skipped

    C:\Documents and Settings\Stine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Stine\ntuser.dat Object is locked skipped

    C:\Documents and Settings\Stine\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps1 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps2 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\00010003.ci Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.fid Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.hsh Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk1 Object is locked skipped

    C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk2 Object is locked skipped

    C:\Program Files\eMule\Temp\001.part Object is locked skipped

    C:\Program Files\eMule\Temp\003.part Object is locked skipped

    C:\Program Files\eMule\Temp\006.part Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{017E65B1-7484-461A-B16F-7C931166083B}\setup.ilg Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.ilg Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}\setup.ilg Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{3D9231F6-A287-4222-9EBC-519BB206F590}\setup.ilg Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.ilg Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{7D268154-7A31-40F2-9779-7A250914BB39}\setup.ilg Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{A4D58580-EA01-11D3-9318-008048B86EFE}\setup.ilg Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}\Setup.ilg Object is locked skipped

    C:\Program Files\InstallShield Installation Information\{CD5A6B33-586E-42BA-A962-7D60C2766EBF}\Setup.ilg Object is locked skipped

    C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped

    C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped

    C:\System Volume Information\catalog.wci\00010013.ci Object is locked skipped

    C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1510\change.log Object is locked skipped

    C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

    C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Object is locked skipped

    C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped

    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

    C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\TangoManager.log Object is locked skipped

    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

    C:\WINDOWS\WIASERVC.LOG Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    D:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1510\change.log Object is locked skipped

    Scan process completed.
     
  9. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    The rest will follow. I messed up putting them into the post and accidently deleted them. So I will have to run them again tomorrow.
     
  10. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    Virustotal Results:


    Antivirus Version Update Result
    AhnLab-V3 2007.6.9.0 06.08.2007 Win32/Bagle.worm.24645
    AntiVir 7.4.0.32 06.17.2007 TR/Crypt.XPACK.Gen
    Authentium 4.93.8 06.16.2007 W32/Mitglieder.MA
    Avast 4.7.997.0 06.18.2007 Win32:Beagle-QY
    AVG 7.5.0.467 06.17.2007 I-Worm/Bagle.SE
    BitDefender 7.2 06.18.2007 Win32.Bagle.IE@mm
    CAT-QuickHeal 9.00 06.16.2007 I-Worm.Bagle.aa
    ClamAV devel-20070416 06.18.2007 no virus found
    DrWeb 4.33 06.18.2007 Win32.HLLM.Beagle
    eSafe 7.0.15.0 06.17.2007 Win32.Bagle.aa
    eTrust-Vet 30.7.3721 06.15.2007 Win32/Mitglieder.EN
    Ewido 4.0 06.17.2007 Worm.Bagle.aa
    FileAdvisor 1 06.18.2007 Not analyzed yet
    Fortinet 2.85.0.0 06.18.2007 W32/Bagle.AA@mm
    F-Prot 4.3.2.48 06.08.2007 W32/Mitglieder.MA
    F-Secure 6.70.13030.0 06.17.2007 Email-Worm.Win32.Bagle.aa
    Ikarus T3.1.1.8 06.17.2007 Email-Worm.Win32.Bagle.AA
    Kaspersky 4.0.2.24 06.18.2007 Email-Worm.Win32.Bagle.aa
    McAfee 5054 06.15.2007 W32/Bagle.gen
    Microsoft 1.2607 06.18.2007 Worm:Win32/Bagle.ABM
    NOD32v2 2334 06.15.2007 Win32/Bagle.HK
    Norman 5.80.02 06.15.2007 W32/Bagle.VT
    Panda 9.0.0.4 06.17.2007 W32/Bagle.ML.worm
    Prevx1 V2 06.18.2007 Malware.Trojan.Backdoor.Gen
    Sophos 4.18.0 06.12.2007 W32/Bagle-SJ
    Sunbelt 2.2.907.0 06.09.2007 Email-Worm.Win32.Bagle.aa
    Symantec 10 06.18.2007 W32.Beagle.DZ
    TheHacker 6.1.6.134 06.18.2007 W32/Bagle.aa
    VBA32 3.12.0.2 06.15.2007 Worm.Win32.Bagle.HK
    VirusBuster 4.3.23:9 06.17.2007 Worm.Bagle.LZ
    Webwasher-Gateway 6.0.1 06.17.2007 Trojan.Crypt.XPACK.Gen


    Aditional Information
    File size: 24645 bytes
    MD5: d4a14a8eaed71e4a94a62997552b0d27
    SHA1: 9104cb8bdf79f9585cfd2b4aa9bbd8c02704541b
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=d4a14a8eaed71e4a94a62997552b0d27
    Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=151981138045



    Deckard's Main Results


    Deckard's System Scanner v20070611.50
    Run by Stine on 2007-06-17 at 19:42:19
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Stine.exe) -----------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 7:42:24 PM, on 6/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Inverse IP InSight\PenTele\ARMon32a.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TangoManager.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Stine\Desktop\dss.exe
    C:\DOCUME~1\Stine\Desktop\COMPUT~1\Stine.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TANGOM~1.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161447866562
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Inverse IP InSight Client (PenTele) (InverseLaunchIPI_PenTele) - Inverse Network Technology - C:\Program Files\Inverse IP InSight\PenTele\LaunchIPI.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    -- Files created between 2007-05-17 and 2007-06-17 -----------------------------

    2007-06-17 13:16:19 0 d-------- C:\Program Files\3DGroove
    2007-06-16 16:31:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-06-16 16:31:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-06-16 16:31:19 0 d-------- C:\WINDOWS\LastGood
    2007-06-16 15:37:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2007-06-16 13:29:20 0 d-------- C:\Documents and Settings\Stine\.housecall6.6
    2007-06-14 17:55:19 0 d-------- C:\WINDOWS\Internet Logs
    2007-06-13 20:17:51 0 d-------- C:\WINDOWS\system32\ZoneLabs
    2007-06-13 19:01:58 0 d-------- C:\Documents and Settings\Stine\DoctorWeb
    2007-06-13 15:46:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-06-13 15:05:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-06-13 15:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2007-06-10 12:59:26 0 d-------- C:\Documents and Settings\Stine\Application Data\WinRAR
    2007-06-05 20:10:19 0 d-------- C:\WINDOWS\exefld
    2007-06-05 17:30:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2007-06-05 17:28:43 0 d-------- C:\Program Files\Common Files\AVSMedia
    2007-05-23 22:07:10 0 d-------- C:\STOMP_THE_YARD
    2007-05-19 13:23:25 0 d-------- C:\Documents and Settings\Stine\Application Data\COWON


    -- Find3M Report ---------------------------------------------------------------

    2007-06-17 19:40:49 0 d-------- C:\Documents and Settings\Stine\Application Data\Vso
    2007-06-17 18:00:01 0 d-------- C:\Documents and Settings\Stine\Application Data\VSO_HWE
    2007-06-17 10:04:38 0 d-------- C:\Program Files\eMule
    2007-06-16 15:35:50 0 d-------- C:\Documents and Settings\Stine\Application Data\AdobeUM
    2007-06-09 01:26:19 0 d-------- C:\Program Files\PcBugDoctor
    2007-06-08 14:06:46 0 d-------- C:\Program Files\NCH Swift Sound
    2007-06-08 14:02:48 33 --a------ C:\Documents and Settings\Stine\Application Data\ezpinst.log
    2007-05-23 23:32:01 0 d-------- C:\Documents and Settings\Stine\Application Data\Canon
    2007-05-19 13:29:34 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-05-16 22:36:45 0 d-------- C:\Program Files\WorldPokerTour
    2007-05-14 18:14:03 0 d-------- C:\Program Files\BitTorrent
    2007-04-29 12:31:09 512 --a------ C:\ScanSectorLog.dat
    2007-04-19 00:06:21 0 d-------- C:\Program Files\RegCure
    2007-04-16 20:01:32 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-03-29 09:18:57 75 --a------ C:\WINDOWS\sysInf.dat


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
    {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} C:\Program Files\Microsoft Money\System\mnyviewer.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
    "DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
    "TangoManager"="C:\\PROGRA~1\\DSLTOO~1\\DSLTOO~1\\app\\TANGOM~1.EXE"
    "OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Aim6"=""
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"="Narrator.exe"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_M_HOOK
    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_TMCOMM

     
  11. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    I had a problem with TrendMicro. When it was trying to delete the grayware/spyware it froze and would not continue. Just wanted to let you know.
     
  12. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
  13. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Oooh... sorry. One of the notifications leaked into my junk mail box.

    I'll get back to you on this in a few minutes, when I'm done doing something...

    If you feel ignored, don't bump but feel free to send me a PM :)
     
  14. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Hmm.... currently searching on how to repair the safeboot key. Meanwhile, do a scan here; if Avast is as good as they claim it will remove the Bagle worm from your system.

    I'll get back to you on your safeboot key.
     
  15. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Do you have your Windows XP CD?
     
  16. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    No I don't. In my original post I stated that I got this PC from a friend of mine and he lost the XP CD. So I'm trying not to reformat. Thanks for the responses though, I appreciate it.
     
  17. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Darn. If you had the XP Key you could do the XP repair console thingy. Now I have to look for another way to repair safeboot...

    Did you do that Avast! scan? If so, post another HijackThis log.
     
  18. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    I did the avast program. Not sure if it helped or not. I found a way to repair the safeboot registry keys. It is called AVZ4en and it has an option to repair the safeboot registry keys. I was able to start in safe mode but only immediately after I ran the safeboot registry repair. I have a feeling the virus is still there because when I tried to install AVG free I couldn't because .......exe (unsure of exact extension) was missing. Anyway here is the hijackthis log:

    P.S. I also renamed the wintems and the hldrrr files using f-secure blacklight. Not sure if it was the smartest thing to do, however I am becoming quite frustrated. So they might not be seen in the log for hijackthis.


    Logfile of HijackThis v1.99.1
    Scan saved at 10:52:30 PM, on 6/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Inverse IP InSight\PenTele\ARMon32a.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TangoManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Stine\Desktop\Computer Clean-up Programs\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TANGOM~1.EXE
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161447866562
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Inverse IP InSight Client (PenTele) (InverseLaunchIPI_PenTele) - Inverse Network Technology - C:\Program Files\Inverse IP InSight\PenTele\LaunchIPI.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

     
  19. Jaimz23

    Jaimz23 Member

    Joined:
    Sep 23, 2006
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    16
    The issue has been resolved with a little help from google magic. I surfed the web and found another forum where someone had almost the identical problem that I had. They had the same basic worms/virus too. the wintems and hldrrr which I had already removed with f-secure blacklight and didn't help. Then further down the post i saw the person who was helping the infected person mention hidires in C:Documentsandsettings/username..... so I opened up hidden folders and sure enough I had 2 of the same virus' sitting in that folder. I ran my safeboot fix (again) and was finally able to install AVG free. I then ran the program found the 2 problems along with quite a few other bagle worms, deleted them, downloaded Comodo firewall and was able to install it. So everything is up and running fine now.

    Thanks for all the help Fredil I appreciate the time you took to put me on the right path. Respect!
     
  20. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Respect your elders... or non-elders, since I'm thirteen :D

    Have a nice time surfing, and remember to install a firewall, antivirus, and frequent Windows updates. My work ends here :) It's been a pleasure.
     

Share This Page