Can't install any virus protect. or firewall! HELP!

Jaimz23 · Jun 14, 2007

Long story short I had some sort of virus on my computer. I got rid of it by using Dr.Web.... I uninstalled my Zone Alarm to do a clean install after the problem was gone and now I can't reinstall Zone Alarm. The Vmos.exe file couldn't be opened warning comes up. I even tried the free older version of Zone alarm available on this site and it won't work either same error message. I tried to install spybot and it won't install (can't remember the error message) and I just tried to install the AVG Free from this site and I got this error message which I copied

"Error: Action failed for file avgamsvr.exe: creating file....No such file or directory"

I am at a loss as to what to do. I can't even start in safe mode after I pick safe mode The blue screen comes up stating that there is a problem with the computer and to run chkdsk. Which I have done and still no help. I ran a hijackthis and here is the log file. I got this computer from a friend about 1 yr. ago and I don't have the windows XP disc so I'm looking for any help other than reformat.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 8:16:32 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inverse IP InSight\PenTele\ARMon32a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TangoManager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Stine\Desktop\Computer Clean-up Programs\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161447866562
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inverse IP InSight Client (PenTele) (InverseLaunchIPI_PenTele) - Inverse Network Technology - C:\Program Files\Inverse IP InSight\PenTele\LaunchIPI.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Jaimz23 · Jun 14, 2007

I ran F-secure blacklight just now and here is that log file. Don't know if it will help, but here it is.

06/14/07 20:20:14 [Info]: BlackLight Engine 1.0.61 initialized
06/14/07 20:20:14 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/14/07 20:20:14 [Note]: 7019 4
06/14/07 20:20:14 [Note]: 7005 0
06/14/07 20:20:17 [Note]: 7006 0
06/14/07 20:20:17 [Note]: 7011 1716
06/14/07 20:20:17 [Note]: 7026 0
06/14/07 20:20:17 [Note]: 7026 0
06/14/07 20:20:21 [Note]: FSRAW library version 1.7.1021
06/14/07 20:20:24 [Info]: Hidden file: c:\Documents and Settings\Stine\Application Data\hidires\hidr.exe
06/14/07 20:20:24 [Note]: 10002 2
06/14/07 20:20:24 [Info]: Hidden file: c:\Documents and Settings\Stine\Application Data\hidires\m_hook.sys
06/14/07 20:20:24 [Note]: 10002 2
06/14/07 20:20:24 [Note]: 10002 3
06/14/07 20:20:24 [Note]: 10002 3
06/14/07 20:20:24 [Note]: 10002 2
06/14/07 20:20:24 [Note]: 10002 2
06/14/07 20:21:26 [Note]: 10002 2
06/14/07 20:21:26 [Note]: 10002 2
06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
06/14/07 20:22:06 [Note]: 10002 3
06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
06/14/07 20:22:06 [Note]: 10002 3
06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
06/14/07 20:22:06 [Note]: 10002 3
06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
06/14/07 20:22:06 [Note]: 10002 3
06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
06/14/07 20:22:06 [Note]: 10002 3
06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
06/14/07 20:22:06 [Note]: 10002 3
06/14/07 20:22:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
06/14/07 20:22:06 [Note]: 10002 3
06/14/07 20:22:06 [Note]: 10002 2
06/14/07 20:22:06 [Note]: 10002 2
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.rgn
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.rgn
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.rgn
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.rgn
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_down.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_up.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\capbuttons.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\checkbox.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\columnheads.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\games_close.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\groupboxedge.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_disabled.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_hot.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_normal.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\indigo.xml
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\itabs.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar_states.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menuitem.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_scroll.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_sep.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo.jpg
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo_intl.jpg
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\progressbar.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pushbuttons.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\radio.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vbg.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hhandle.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vhandle.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_buttons.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_griph.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_gripv.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hbg.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusbar.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusgrabber.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\sys_menu.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs_standard.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tab_border.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tbar_sep.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\toolbarbuttons.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.rgn
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.rgn
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.rgn
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.bmp
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.rgn
06/14/07 20:22:34 [Note]: 10002 3
06/14/07 20:22:34 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_capbuttons.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_vert.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_up.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_h.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_down.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_horz.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_left.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_right.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_v.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_bg.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.rgn
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.rgn
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.rgn
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.rgn
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_down.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_up.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\capbuttons.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\checkbox.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\columnheads.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\games_close.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\groupboxedge.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_disabled.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_hot.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_normal.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\itabs.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\maverick.xml
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar_states.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menuitem.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_scroll.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_sep.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue.jpg
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue_intl.jpg
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\progressbar.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pushbuttons.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\radio.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vbg.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hhandle.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vhandle.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_buttons.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_griph.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_gripv.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hbg.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusbar.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusgrabber.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\sys_menu.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs_standard.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tab_border.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_bg.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_sep.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\toolbarbuttons.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.rgn
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.rgn
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.rgn
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.rgn
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_capbuttons.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_vert.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_up.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_h.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_down.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_horz.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_left.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_right.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_v.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_bg.bmp
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\preview_classic_msgr.jpg
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YAlertCenter.dll
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkin2.dll
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelect.dll
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelectRes.dll
06/14/07 20:22:35 [Note]: 10002 3
06/14/07 20:22:35 [Note]: 10002 2
06/14/07 20:22:35 [Note]: 10002 2
06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\imepaden.hlp
06/14/07 20:28:05 [Note]: 10002 3
06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\imepadsm.dll
06/14/07 20:28:05 [Note]: 10002 3
06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\imepadsv.exe
06/14/07 20:28:05 [Note]: 10002 3
06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\imlang.dll
06/14/07 20:28:05 [Note]: 10002 3
06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\RES\PADRS404.DLL
06/14/07 20:28:05 [Note]: 10002 3
06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\RES\padrs411.dll
06/14/07 20:28:05 [Note]: 10002 3
06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\RES\padrs412.dll
06/14/07 20:28:05 [Note]: 10002 3
06/14/07 20:28:05 [Info]: Hidden file: c:\WINDOWS\IME\SHARED\RES\padrs804.dll
06/14/07 20:28:05 [Note]: 10002 3
06/14/07 20:28:05 [Note]: 10002 2
06/14/07 20:28:05 [Note]: 10002 2
06/14/07 20:29:09 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\wintems.exe
06/14/07 20:29:09 [Note]: 10002 2
06/14/07 20:29:09 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\hldrrr.exe
06/14/07 20:29:09 [Note]: 10002 2

Fredil · Jun 15, 2007

I'll take a look at it right now, get back to you within a few minutes.

Interesting BlackLight log, I have to say.

Fredil · Jun 15, 2007

liutilities.com said:

Description:
wintems.exe is a process which is registered as the Trojan.W32.Mitglieder and Trojan.W32.BAGLE Trojans. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. It is a registered security risk and should be removed immediately.

Note: wintems.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.
Click to expand...

Please contact your bank accounts and other accounts immediately. From another computer, change all the passwords to your bank, email, you name it accounts, and do not go on this computer until everything is fixed. Your HijackThis log shows no problems, which is why I'm glad you posted the BlackLight log. Trojan.W32.BAGLE is also registered as an email trojan, which says that there is a chance you may have got it from an email.

I'll attempt to clean your computer as best I can.

Please scan your computer with Trend Micro's HouseCall. Click the "Scan now. It's free!" text to start the scan. Accept the terms of use, and launch HouseCall. Note: You Must Use Internet Explorer Or FireFox For This Scan To Work! Please be patient, as the scan can take well over an hour to complete. When it is completed, remove all baddies found.

Please do another scan with Kaspersky's Online Scanner. Press the "Kaspersky Online Scanner" button and Accept the license agreement. You must be using Internet Explorer for this scan to work. When the scan is done, it shall give you the option to produce a log. Please do so, and post the contents of that log in your reply.

Do the two online scans in order and not at the same time, it will make a lot more sense to me.

When both of those are done, download Deckard's System Scanner from that website. Note: This program is meant for Windows 2000 and higher (including Vista) only! Save the file to your desktop, and double-click it to run it. Press "OK" and let the scanner do its work. It may appear to freeze or hang your computer; this is normal, so let the scanner finish. It usually will not take very long. When the scan is finished, it shall make two logs for you - one will be called "main" and the other, "extra". "main" will be maximized and "extra" will be minimized. Post both logfiles (as in copy and paste) in a reply.

Once that is finished, unplug your computer from the Internet. Run another BlackLight scan and post the log.

In your reply:
* A logfile of Kaspersky's Online Scan
* main.txt from Deckard's System Scanner
* extra.txt from Deckard's System Scanner
* BlackLight log
* A new HijackThis logfile (not that it will help very much)

Jaimz23 · Jun 16, 2007

I will try to do all of this and get back to you. By the way do you think the wintems.exe are what is preventing me from instaliing new firewall, antivirus, antispyware etc. I heard some virus' delete the needed files in the new programs you try to install so you can't get rid of the virus. It's now 1:30 P.M and Trend Micro is running I'll get back to you as soon as possible thanks.

Fredil · Jun 16, 2007

No problem.

I really should have done this earlier, but now doesn't hurt. Please go to http://www.virustotal.com and click the "Browse" button at the top of the page. In the box, paste the following:

c:\WINDOWS\SYSTEM32\wintems.exe

Then, hit "Open" and "Send". Make sure to wait - the scan is very high-demand and uses 32 different antivirus engines. Once the box on the upper left says "Scan Finished", copy the entire table (not the formatting - just the text) and post it in a reply, along with your other stuff.

Since Wintems is a "backdoor" program, it is possible and even likely that it is preventing the .exe files in antivirus programs from starting.

Jaimz23 · Jun 16, 2007

Sorry it took so long. Here's the Kaspersky 1 results:

Saturday, June 16, 2007 4:57:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 16/06/2007
Kaspersky Anti-Virus database records: 326066

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Stine\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 21067
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:16:44

Infected Object Name Virus Name Last Action
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TangoManager.log Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\DOCUME~1\Stine\LOCALS~1\Temp\JET31CD.tmp Object is locked skipped

C:\DOCUME~1\Stine\LOCALS~1\Temp\me_7E2tVFzl40v9gVM Object is locked skipped

C:\DOCUME~1\Stine\LOCALS~1\Temp\me_aZNm8Arq9Nh2WBM Object is locked skipped

C:\DOCUME~1\Stine\LOCALS~1\Temp\me_Lc0ot8xrYhvpHd7 Object is locked skipped

C:\DOCUME~1\Stine\LOCALS~1\Temp\me_odi3o5cKtPnIiQO Object is locked skipped

C:\DOCUME~1\Stine\LOCALS~1\Temp\me_z3Ti7or1gmtxgT6 Object is locked skipped

C:\DOCUME~1\Stine\LOCALS~1\Temp\Perflib_Perfdata_7a0.dat Object is locked skipped

Scan process completed.

Jaimz23 · Jun 16, 2007

Kaspersky 2:

Saturday, June 16, 2007 6:18:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 16/06/2007
Kaspersky Anti-Virus database records: 326066

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 75845
Number of viruses found 3
Number of infected objects 49
Number of suspicious objects 2
Duration of the scan process 00:48:10

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ec8ee43ddb74c50551984bb8cbf15ec_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\113bae8c1f53845228e7e51d1c5e2427_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3384f657a43192ff9c64c7463ff43924_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cc1b6332ccd0b0d993fa814368c42f7_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65e6125c7ad06683a6aa574af9df031f_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70e408cef5c1210229605ab41fa871aa_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a34dd35fbcbda5fd601116bb96d60753_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAdloadgw4.zip/id.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAdloadgw4.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Brian Schultz\64F49A87\issues\8a76b21b-7d94-48b5-9353-ec7efa3390fb.cab Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Brian Schultz\64F49A87\issues\siidx.xml Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390918.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390919.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390920.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390921.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390922.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390923.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390924.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390925.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390926.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390927.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390928.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390929.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390930.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390931.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390932.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390933.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390934.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390935.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390936.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390937.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390938.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390939.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390940.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390941.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390942.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390943.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390944.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390945.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390946.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390947.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390948.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390949.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390950.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390951.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390952.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390953.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390954.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390955.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390956.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390957.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390958.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390959.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390960.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390961.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390962.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0390963.exe.bac_a03680 Infected: Email-Worm.Win32.Bagle.ic skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0391005.sys.bac_a03680 Infected: Email-Worm.Win32.Bagle.ie skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0391015.sys.bac_a03680 Infected: Email-Worm.Win32.Bagle.ie skipped

C:\Documents and Settings\Stine\.housecall6.6\Quarantine\A0391044.sys.bac_a03680 Infected: Email-Worm.Win32.Bagle.ie skipped

C:\Documents and Settings\Stine\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\History\History.IE5\MSHist012007061520070616\index.dat Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\History\History.IE5\MSHist012007061620070617\index.dat Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Temp\me_7E2tVFzl40v9gVM Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Temp\me_aZNm8Arq9Nh2WBM Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Temp\me_Lc0ot8xrYhvpHd7 Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Temp\me_odi3o5cKtPnIiQO Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Temp\me_z3Ti7or1gmtxgT6 Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Temp\Perflib_Perfdata_7a0.dat Object is locked skipped

C:\Documents and Settings\Stine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Stine\ntuser.dat Object is locked skipped

C:\Documents and Settings\Stine\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps1 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\00000002.ps2 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\00010003.ci Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.fid Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\cicat.hsh Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiCL0001.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP10000.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiP20000.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiPT0000.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSL0001.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiSP0000.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiST0000.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\CiVP0000.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\INDEX.000 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk1 Object is locked skipped

C:\Program Files\Dell\Support\UI\Search\catalog.wci\propstor.bk2 Object is locked skipped

C:\Program Files\eMule\Temp\001.part Object is locked skipped

C:\Program Files\eMule\Temp\003.part Object is locked skipped

C:\Program Files\eMule\Temp\006.part Object is locked skipped

C:\Program Files\InstallShield Installation Information\{017E65B1-7484-461A-B16F-7C931166083B}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{3D9231F6-A287-4222-9EBC-519BB206F590}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{7D268154-7A31-40F2-9779-7A250914BB39}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{A4D58580-EA01-11D3-9318-008048B86EFE}\setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}\Setup.ilg Object is locked skipped

C:\Program Files\InstallShield Installation Information\{CD5A6B33-586E-42BA-A962-7D60C2766EBF}\Setup.ilg Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped

C:\System Volume Information\catalog.wci\00010013.ci Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1510\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TangoManager.log Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1510\change.log Object is locked skipped

Scan process completed.

Jaimz23 · Jun 16, 2007

The rest will follow. I messed up putting them into the post and accidently deleted them. So I will have to run them again tomorrow.

Jaimz23 · Jun 17, 2007

Virustotal Results:

Antivirus Version Update Result
AhnLab-V3 2007.6.9.0 06.08.2007 Win32/Bagle.worm.24645
AntiVir 7.4.0.32 06.17.2007 TR/Crypt.XPACK.Gen
Authentium 4.93.8 06.16.2007 W32/Mitglieder.MA
Avast 4.7.997.0 06.18.2007 Win32:Beagle-QY
AVG 7.5.0.467 06.17.2007 I-Worm/Bagle.SE
BitDefender 7.2 06.18.2007 Win32.Bagle.IE@mm
CAT-QuickHeal 9.00 06.16.2007 I-Worm.Bagle.aa
ClamAV devel-20070416 06.18.2007 no virus found
DrWeb 4.33 06.18.2007 Win32.HLLM.Beagle
eSafe 7.0.15.0 06.17.2007 Win32.Bagle.aa
eTrust-Vet 30.7.3721 06.15.2007 Win32/Mitglieder.EN
Ewido 4.0 06.17.2007 Worm.Bagle.aa
FileAdvisor 1 06.18.2007 Not analyzed yet
Fortinet 2.85.0.0 06.18.2007 W32/Bagle.AA@mm
F-Prot 4.3.2.48 06.08.2007 W32/Mitglieder.MA
F-Secure 6.70.13030.0 06.17.2007 Email-Worm.Win32.Bagle.aa
Ikarus T3.1.1.8 06.17.2007 Email-Worm.Win32.Bagle.AA
Kaspersky 4.0.2.24 06.18.2007 Email-Worm.Win32.Bagle.aa
McAfee 5054 06.15.2007 W32/Bagle.gen
Microsoft 1.2607 06.18.2007 Worm:Win32/Bagle.ABM
NOD32v2 2334 06.15.2007 Win32/Bagle.HK
Norman 5.80.02 06.15.2007 W32/Bagle.VT
Panda 9.0.0.4 06.17.2007 W32/Bagle.ML.worm
Prevx1 V2 06.18.2007 Malware.Trojan.Backdoor.Gen
Sophos 4.18.0 06.12.2007 W32/Bagle-SJ
Sunbelt 2.2.907.0 06.09.2007 Email-Worm.Win32.Bagle.aa
Symantec 10 06.18.2007 W32.Beagle.DZ
TheHacker 6.1.6.134 06.18.2007 W32/Bagle.aa
VBA32 3.12.0.2 06.15.2007 Worm.Win32.Bagle.HK
VirusBuster 4.3.23:9 06.17.2007 Worm.Bagle.LZ
Webwasher-Gateway 6.0.1 06.17.2007 Trojan.Crypt.XPACK.Gen

Aditional Information
File size: 24645 bytes
MD5: d4a14a8eaed71e4a94a62997552b0d27
SHA1: 9104cb8bdf79f9585cfd2b4aa9bbd8c02704541b
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=d4a14a8eaed71e4a94a62997552b0d27
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=151981138045

Deckard's Main Results

Deckard's System Scanner v20070611.50
Run by Stine on 2007-06-17 at 19:42:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Stine.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:42:24 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inverse IP InSight\PenTele\ARMon32a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TangoManager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Stine\Desktop\dss.exe
C:\DOCUME~1\Stine\Desktop\COMPUT~1\Stine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161447866562
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inverse IP InSight Client (PenTele) (InverseLaunchIPI_PenTele) - Inverse Network Technology - C:\Program Files\Inverse IP InSight\PenTele\LaunchIPI.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

-- Files created between 2007-05-17 and 2007-06-17 -----------------------------

2007-06-17 13:16:19 0 d-------- C:\Program Files\3DGroove
2007-06-16 16:31:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-06-16 16:31:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-16 16:31:19 0 d-------- C:\WINDOWS\LastGood
2007-06-16 15:37:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-06-16 13:29:20 0 d-------- C:\Documents and Settings\Stine\.housecall6.6
2007-06-14 17:55:19 0 d-------- C:\WINDOWS\Internet Logs
2007-06-13 20:17:51 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-13 19:01:58 0 d-------- C:\Documents and Settings\Stine\DoctorWeb
2007-06-13 15:46:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-06-13 15:05:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-13 15:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-06-10 12:59:26 0 d-------- C:\Documents and Settings\Stine\Application Data\WinRAR
2007-06-05 20:10:19 0 d-------- C:\WINDOWS\exefld
2007-06-05 17:30:07 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-06-05 17:28:43 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-05-23 22:07:10 0 d-------- C:\STOMP_THE_YARD
2007-05-19 13:23:25 0 d-------- C:\Documents and Settings\Stine\Application Data\COWON

-- Find3M Report ---------------------------------------------------------------

2007-06-17 19:40:49 0 d-------- C:\Documents and Settings\Stine\Application Data\Vso
2007-06-17 18:00:01 0 d-------- C:\Documents and Settings\Stine\Application Data\VSO_HWE
2007-06-17 10:04:38 0 d-------- C:\Program Files\eMule
2007-06-16 15:35:50 0 d-------- C:\Documents and Settings\Stine\Application Data\AdobeUM
2007-06-09 01:26:19 0 d-------- C:\Program Files\PcBugDoctor
2007-06-08 14:06:46 0 d-------- C:\Program Files\NCH Swift Sound
2007-06-08 14:02:48 33 --a------ C:\Documents and Settings\Stine\Application Data\ezpinst.log
2007-05-23 23:32:01 0 d-------- C:\Documents and Settings\Stine\Application Data\Canon
2007-05-19 13:29:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-16 22:36:45 0 d-------- C:\Program Files\WorldPokerTour
2007-05-14 18:14:03 0 d-------- C:\Program Files\BitTorrent
2007-04-29 12:31:09 512 --a------ C:\ScanSectorLog.dat
2007-04-19 00:06:21 0 d-------- C:\Program Files\RegCure
2007-04-16 20:01:32 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-29 09:18:57 75 --a------ C:\WINDOWS\sysInf.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} C:\Program Files\Microsoft Money\System\mnyviewer.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"TangoManager"="C:\\PROGRA~1\\DSLTOO~1\\DSLTOO~1\\app\\TANGOM~1.EXE"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_M_HOOK
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_TMCOMM

Jaimz23 · Jun 17, 2007

I had a problem with TrendMicro. When it was trying to delete the grayware/spyware it froze and would not continue. Just wanted to let you know.

Jaimz23 · Jun 18, 2007

BUMP

Fredil · Jun 18, 2007

Oooh... sorry. One of the notifications leaked into my junk mail box.

I'll get back to you on this in a few minutes, when I'm done doing something...

If you feel ignored, don't bump but feel free to send me a PM

Fredil · Jun 18, 2007

Hmm.... currently searching on how to repair the safeboot key. Meanwhile, do a scan here; if Avast is as good as they claim it will remove the Bagle worm from your system.

I'll get back to you on your safeboot key.

Fredil · Jun 18, 2007

Do you have your Windows XP CD?

Jaimz23 · Jun 18, 2007

No I don't. In my original post I stated that I got this PC from a friend of mine and he lost the XP CD. So I'm trying not to reformat. Thanks for the responses though, I appreciate it.

Fredil · Jun 18, 2007

Darn. If you had the XP Key you could do the XP repair console thingy. Now I have to look for another way to repair safeboot...

Did you do that Avast! scan? If so, post another HijackThis log.

Jaimz23 · Jun 18, 2007

I did the avast program. Not sure if it helped or not. I found a way to repair the safeboot registry keys. It is called AVZ4en and it has an option to repair the safeboot registry keys. I was able to start in safe mode but only immediately after I ran the safeboot registry repair. I have a feeling the virus is still there because when I tried to install AVG free I couldn't because .......exe (unsure of exact extension) was missing. Anyway here is the hijackthis log:

P.S. I also renamed the wintems and the hldrrr files using f-secure blacklight. Not sure if it was the smartest thing to do, however I am becoming quite frustrated. So they might not be seen in the log for hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 10:52:30 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Inverse IP InSight\PenTele\ARMon32a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TangoManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Stine\Desktop\Computer Clean-up Programs\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.epix.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161447866562
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inverse IP InSight Client (PenTele) (InverseLaunchIPI_PenTele) - Inverse Network Technology - C:\Program Files\Inverse IP InSight\PenTele\LaunchIPI.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Jaimz23 · Jun 20, 2007

The issue has been resolved with a little help from google magic. I surfed the web and found another forum where someone had almost the identical problem that I had. They had the same basic worms/virus too. the wintems and hldrrr which I had already removed with f-secure blacklight and didn't help. Then further down the post i saw the person who was helping the infected person mention hidires in Cocumentsandsettings/username..... so I opened up hidden folders and sure enough I had 2 of the same virus' sitting in that folder. I ran my safeboot fix (again) and was finally able to install AVG free. I then ran the program found the 2 problems along with quite a few other bagle worms, deleted them, downloaded Comodo firewall and was able to install it. So everything is up and running fine now.

Thanks for all the help Fredil I appreciate the time you took to put me on the right path. Respect!

Fredil · Jun 20, 2007

Respect your elders... or non-elders, since I'm thirteen

Have a nice time surfing, and remember to install a firewall, antivirus, and frequent Windows updates. My work ends here It's been a pleasure.

Log in or Sign up

Can't install any virus protect. or firewall! HELP!

Jaimz23 Member

Jaimz23 Member

Fredil Regular member

Fredil Regular member

Jaimz23 Member

Fredil Regular member

Jaimz23 Member

Jaimz23 Member

Jaimz23 Member

Jaimz23 Member

Jaimz23 Member

Jaimz23 Member

Fredil Regular member

Fredil Regular member

Fredil Regular member

Jaimz23 Member

Fredil Regular member

Jaimz23 Member

Jaimz23 Member

Fredil Regular member

Share This Page

Log in or Sign up

Can't install any virus protect. or firewall! HELP!

Jaimz23 Member

Jaimz23 Member

Fredil Regular member

Fredil Regular member

Jaimz23 Member

Fredil Regular member

Jaimz23 Member

Jaimz23 Member

Jaimz23 Member

Jaimz23 Member

Jaimz23 Member

Jaimz23 Member

Fredil Regular member

Fredil Regular member

Fredil Regular member

Jaimz23 Member

Fredil Regular member

Jaimz23 Member

Jaimz23 Member

Fredil Regular member

Share This Page

Useful Searches