Tech Support Forum - View Single Post

kimbatheknome · 03-07-2006, 10:31 PM

Okay, I did everything you said. I had trouble deleting the Viewpoint manager from the C:\ drive. I was given this notice: "Cannot delete AxMetaStream.dll It is being used by another person or program."

The iifdc.dll seems to be gone, and the Viewpoint Manager and Media Player were successfully deleted from the Add/Remove programs area.

Here are the new logs:

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 12:30:05 AM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\AOL\1136945005\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1136945005\ee\AOLServiceHost.exe
c:\program files\common files\aol\1136945005\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1136945005\ee\AOLServiceHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136945005\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8959228-C7DE-474F-A5B7-A766FB01477B}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, March 08, 2006 00:26:25
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/03/2006
Kaspersky Anti-Virus database records: 180755
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 54856
Number of viruses found: 46
Number of infected objects: 99
Number of suspicious objects: 0
Duration of the scan process: 4675 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060211-014144-602.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o
C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060219-014852-471.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o
C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060219-015606-811.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o
C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060219-020219-792.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o
C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060219-020755-107.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o
C:\Documents and Settings\Kim\.housecall\Quarantine\bolae9.dll.bac_a03692 Infected: not-a-virus:AdWare.Win32.F1Organizer.b
C:\Documents and Settings\Kim\.housecall\Quarantine\heiryae.exe.bac_a03692 Infected: Trojan.Win32.Painwin.a
C:\Documents and Settings\Kim\.housecall\Quarantine\hoidyaa.exe.bac_a03692 Infected: Trojan.Win32.Painwin.a
C:\Documents and Settings\Kim\.housecall\Quarantine\iifdc.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o
C:\Documents and Settings\Kim\.housecall\Quarantine\iifdc.dll.bac_a03692 Infected: Trojan.Win32.Crypt.o
C:\Documents and Settings\Kim\.housecall\Quarantine\setup.exe.bac_a03692/data0012 Infected: not-a-virus:AdWare.Win32.Aureate.a
C:\Documents and Settings\Kim\.housecall\Quarantine\setup.exe.bac_a03692/data0013 Infected: not-a-virus:AdWare.Win32.Aureate
C:\Documents and Settings\Kim\.housecall\Quarantine\setup.exe.bac_a03692 Infected: not-a-virus:AdWare.Win32.Aureate
C:\HJT\backups\backup-20050610-004105-355.dll Infected: not-a-virus:AdWare.Win32.Adstart.i
C:\HJT\backups\backup-20050610-004105-734.dll Infected: not-a-virus:AdWare.Win32.Adstart.i
C:\HJT\backups\backup-20050610-004105-951.dll Infected: not-a-virus:AdWare.Win32.Adstart.i
C:\HJT\backups\backup-20060306-222935-881.dll Infected: Trojan.Win32.Crypt.o
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\00D6463E Infected: Trojan-Downloader.Win32.Dyfuca.cs
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01642D20 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01F17FA0.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A4005A0 Infected: Backdoor.Win32.Ruledor.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A475999 Infected: not-a-virus:AdWare.Win32.Coreak
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A4A0395 Infected: Trojan-Downloader.Win32.Small.id
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A4E2D91 Infected: Trojan.Win32.SecondThought.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A51578E Infected: Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A572B87 Infected: Trojan-Downloader.Win32.Agent.bt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A5B5583 Infected: Trojan-Downloader.Win32.Agent.bg
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A5E7F7F Infected: Trojan-Dropper.Win32.Small.ht
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CF4691F Infected: not-a-virus:AdWare.Win32.Coreak
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\110C228F.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1517103F Infected: Trojan-Dropper.Win32.Small.ht
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1885251D Infected: Trojan-Downloader.Win32.IstBar.er
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C986C8B Infected: not-a-virus:AdWare.Win32.PowerScan.b
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23583437 Infected: Trojan-Downloader.Win32.IstBar.fj
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D1A5EEE.class Infected: Trojan.Java.Femad
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2F7E2C40 Infected: Backdoor.Win32.Ruledor.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FA61D1A Infected: Trojan-Downloader.Win32.Agent.bg
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F13128/dwcg2.exe/data0002 Infected: not-a-virus:AdWare.Win32.DownloadWare.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F13128/dwcg2.exe Infected: not-a-virus:AdWare.Win32.DownloadWare.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F13128 Infected: not-a-virus:AdWare.Win32.DownloadWare.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F55B24 Infected: Trojan-Downloader.Win32.IstBar.fr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F80520 Infected: not-a-virus:AdWare.Win32.PowerScan.b
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32FB2F1D Infected: not-a-virus:Dialer.Win32.E-Group.b
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32FE5919 Infected: Trojan-Downloader.Win32.Dyfuca.cs
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33052D12 Infected: Trojan-Downloader.Win32.Dyfuca.cq
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\330B010B Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\330F2B07 Infected: Trojan-Downloader.Win32.IstBar.eo
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33125504 Infected: Trojan-Downloader.Win32.Wintrim.bn
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34E50871.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34E955AC/data0002 Infected: not-a-virus:AdWare.Win32.DownloadWare.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34E955AC Infected: not-a-virus:AdWare.Win32.DownloadWare.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35192837.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3533781A.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\372F3C89 Infected: Trojan-Downloader.Win32.Dyfuca.cr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B0E683F Infected: Trojan-Downloader.Win32.Dyfuca.cr
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CB471E4 Infected: Trojan.Win32.SecondThought.ai
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D621F96 Infected: Trojan-Downloader.Win32.Dyfuca.cv
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\417A00ED Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\469F243D Infected: Trojan-Downloader.Win32.IstBar.eo
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\472C0B1F Infected: Backdoor.Win32.Ruledor.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\522F603C Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5DBF1C3B Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62D03827 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\669A1DDC Infected: not-a-virus:AdWare.Win32.SmartPops.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69505839 Infected: not-a-virus:AdWare.Win32.Wintol.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69DD3F1B Infected: Trojan-Downloader.Win32.Agent.bt
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6CCC00E9 Infected: not-a-virus:AdWare.Win32.SideFind
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73C13680 Infected: Trojan-Downloader.Win32.Dyfuca.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75460A3F Infected: not-a-virus:AdWare.Win32.DownloadWare.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\756E7B1A Infected: Trojan-Downloader.Win32.Agent.br
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B0D24E0 Infected: not-a-virus:AdWare.Win32.Wintol.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047182.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047183.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047184.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047185.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047186.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0058448.dll Infected: Trojan.Win32.Crypt.o
C:\WINDOWS\system32\geecc.dll Infected: Trojan.Win32.Crypt.o
C:\WINDOWS\system32\hgagyfh.vxd Infected: Trojan.Win32.Painwin.a
C:\WINDOWS\system32\hoapyee.sys Infected: Trojan.Win32.Painwin.a
C:\WINDOWS\system32\hrakeec.sys Infected: Trojan.Win32.Painwin.a
C:\WINDOWS\system32\htipyfr.vxd Infected: Trojan.Win32.Painwin.a
C:\WINDOWS\system32\in2bS.dll Infected: Trojan-Dropper.Win32.Small.abe
C:\WINDOWS\system32\Installer.exe Infected: Trojan-Dropper.Win32.Agent.u
C:\WINDOWS\system32\jiak.exe Infected: Trojan-Downloader.Win32.Lastad.n
C:\WINDOWS\system32\jiakndw30102lib.dll Infected: Trojan-Downloader.Win32.Lastad.h
C:\WINDOWS\system32\Mservice.dll Infected: Trojan-Downloader.Win32.Wintrim.cj
C:\WINDOWS\system32\ndw-enc-af9.exe Infected: Trojan-Downloader.Win32.Lastad.n
C:\WINDOWS\system32\s_win32.exe Infected: Trojan-Downloader.Win32.Small.aav

Scan process completed.

and Vundo Fix:

VundoFix V4.2.29
Scan started at 9:28:16 PM 3/7/2006

Listing files found while scanning....

C:\WINDOWS\system32\iifdc.dll
C:\WINDOWS\system32\cdfii.ini
C:\WINDOWS\system32\cdfii.ini2

C:\WINDOWS\system32\cdfii.ini2
C:\WINDOWS\system32\cdfii.ini
C:\WINDOWS\system32\cdfii.ini2
C:\WINDOWS\system32\iifdc.dll
Attempting to delete C:\WINDOWS\system32\iifdc.dll
C:\WINDOWS\system32\iifdc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdfii.ini
C:\WINDOWS\system32\cdfii.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdfii.ini2
C:\WINDOWS\system32\cdfii.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

03-07-2006, 10:31 PM	#5 (permalink)
kimbatheknome Registered User Join Date: Jun 2005 Posts: 20 OS: Windows XP Home	Results Okay, I did everything you said. I had trouble deleting the Viewpoint manager from the C:\ drive. I was given this notice: "Cannot delete AxMetaStream.dll It is being used by another person or program." The iifdc.dll seems to be gone, and the Viewpoint Manager and Media Player were successfully deleted from the Add/Remove programs area. Here are the new logs: HJT: Logfile of HijackThis v1.99.1 Scan saved at 12:30:05 AM, on 3/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\AOL Companion\companion.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Common Files\AOL\1136945005\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1136945005\ee\AOLServiceHost.exe c:\program files\common files\aol\1136945005\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1136945005\ee\AOLServiceHost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\America Online 9.0\aolwbspd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sony.com/vaiopeople O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136945005\ee\AOLHostManager.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C8959228-C7DE-474F-A5B7-A766FB01477B}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing) O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing) O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Kaspersky: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, March 08, 2006 00:26:25 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 8/03/2006 Kaspersky Anti-Virus database records: 180755 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 54856 Number of viruses found: 46 Number of infected objects: 99 Number of suspicious objects: 0 Duration of the scan process: 4675 sec Infected Object Name - Virus Name C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060211-014144-602.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060219-014852-471.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060219-015606-811.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060219-020219-792.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o C:\Documents and Settings\Kim\.housecall\Quarantine\backup-20060219-020755-107.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o C:\Documents and Settings\Kim\.housecall\Quarantine\bolae9.dll.bac_a03692 Infected: not-a-virus:AdWare.Win32.F1Organizer.b C:\Documents and Settings\Kim\.housecall\Quarantine\heiryae.exe.bac_a03692 Infected: Trojan.Win32.Painwin.a C:\Documents and Settings\Kim\.housecall\Quarantine\hoidyaa.exe.bac_a03692 Infected: Trojan.Win32.Painwin.a C:\Documents and Settings\Kim\.housecall\Quarantine\iifdc.dll.bac_a02352 Infected: Trojan.Win32.Crypt.o C:\Documents and Settings\Kim\.housecall\Quarantine\iifdc.dll.bac_a03692 Infected: Trojan.Win32.Crypt.o C:\Documents and Settings\Kim\.housecall\Quarantine\setup.exe.bac_a03692/data0012 Infected: not-a-virus:AdWare.Win32.Aureate.a C:\Documents and Settings\Kim\.housecall\Quarantine\setup.exe.bac_a03692/data0013 Infected: not-a-virus:AdWare.Win32.Aureate C:\Documents and Settings\Kim\.housecall\Quarantine\setup.exe.bac_a03692 Infected: not-a-virus:AdWare.Win32.Aureate C:\HJT\backups\backup-20050610-004105-355.dll Infected: not-a-virus:AdWare.Win32.Adstart.i C:\HJT\backups\backup-20050610-004105-734.dll Infected: not-a-virus:AdWare.Win32.Adstart.i C:\HJT\backups\backup-20050610-004105-951.dll Infected: not-a-virus:AdWare.Win32.Adstart.i C:\HJT\backups\backup-20060306-222935-881.dll Infected: Trojan.Win32.Crypt.o C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\00D6463E Infected: Trojan-Downloader.Win32.Dyfuca.cs C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01642D20 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01F17FA0.class Infected: Exploit.Java.ByteVerify C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A4005A0 Infected: Backdoor.Win32.Ruledor.e C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A475999 Infected: not-a-virus:AdWare.Win32.Coreak C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A4A0395 Infected: Trojan-Downloader.Win32.Small.id C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A4E2D91 Infected: Trojan.Win32.SecondThought.c C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A51578E Infected: Trojan-Downloader.Win32.Agent.br C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A572B87 Infected: Trojan-Downloader.Win32.Agent.bt C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A5B5583 Infected: Trojan-Downloader.Win32.Agent.bg C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0A5E7F7F Infected: Trojan-Dropper.Win32.Small.ht C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0CF4691F Infected: not-a-virus:AdWare.Win32.Coreak C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\110C228F.class Infected: Exploit.Java.ByteVerify C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1517103F Infected: Trojan-Dropper.Win32.Small.ht C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1885251D Infected: Trojan-Downloader.Win32.IstBar.er C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C986C8B Infected: not-a-virus:AdWare.Win32.PowerScan.b C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23583437 Infected: Trojan-Downloader.Win32.IstBar.fj C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D1A5EEE.class Infected: Trojan.Java.Femad C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2F7E2C40 Infected: Backdoor.Win32.Ruledor.c C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FA61D1A Infected: Trojan-Downloader.Win32.Agent.bg C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F13128/dwcg2.exe/data0002 Infected: not-a-virus:AdWare.Win32.DownloadWare.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F13128/dwcg2.exe Infected: not-a-virus:AdWare.Win32.DownloadWare.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F13128 Infected: not-a-virus:AdWare.Win32.DownloadWare.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F55B24 Infected: Trojan-Downloader.Win32.IstBar.fr C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32F80520 Infected: not-a-virus:AdWare.Win32.PowerScan.b C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32FB2F1D Infected: not-a-virus:Dialer.Win32.E-Group.b C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32FE5919 Infected: Trojan-Downloader.Win32.Dyfuca.cs C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33052D12 Infected: Trojan-Downloader.Win32.Dyfuca.cq C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\330B010B Infected: Trojan-Downloader.Win32.Agent.ae C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\330F2B07 Infected: Trojan-Downloader.Win32.IstBar.eo C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\33125504 Infected: Trojan-Downloader.Win32.Wintrim.bn C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34310336.zip Infected: Trojan-Downloader.Java.OpenConnection.v C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34E50871.class Infected: Trojan.Java.ClassLoader.c C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34E955AC/data0002 Infected: not-a-virus:AdWare.Win32.DownloadWare.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34E955AC Infected: not-a-virus:AdWare.Win32.DownloadWare.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35192837.class Infected: Trojan.Java.ClassLoader.Dummy.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3533781A.class Infected: Exploit.Java.ByteVerify C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\372F3C89 Infected: Trojan-Downloader.Win32.Dyfuca.cr C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B0E683F Infected: Trojan-Downloader.Win32.Dyfuca.cr C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CB471E4 Infected: Trojan.Win32.SecondThought.ai C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D621F96 Infected: Trojan-Downloader.Win32.Dyfuca.cv C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\417A00ED Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\469F243D Infected: Trojan-Downloader.Win32.IstBar.eo C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\472C0B1F Infected: Backdoor.Win32.Ruledor.e C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\522F603C Infected: Trojan-Downloader.Win32.Agent.ae C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5DBF1C3B Infected: Trojan-Downloader.Win32.Agent.ae C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62D03827 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\669A1DDC Infected: not-a-virus:AdWare.Win32.SmartPops.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69505839 Infected: not-a-virus:AdWare.Win32.Wintol.d C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\69DD3F1B Infected: Trojan-Downloader.Win32.Agent.bt C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6CCC00E9 Infected: not-a-virus:AdWare.Win32.SideFind C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73C13680 Infected: Trojan-Downloader.Win32.Dyfuca.co C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75460A3F Infected: not-a-virus:AdWare.Win32.DownloadWare.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\756E7B1A Infected: Trojan-Downloader.Win32.Agent.br C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B0D24E0 Infected: not-a-virus:AdWare.Win32.Wintol.d C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7D473636.zip Infected: Trojan-Downloader.Java.OpenConnection.v C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047182.dll Infected: Trojan.Win32.Crypt.o C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047183.dll Infected: Trojan.Win32.Crypt.o C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047184.dll Infected: Trojan.Win32.Crypt.o C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047185.dll Infected: Trojan.Win32.Crypt.o C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0047186.dll Infected: Trojan.Win32.Crypt.o C:\System Volume Information\_restore{125CBB4E-60A8-4E31-84D6-47AB90B3C817}\RP41\A0058448.dll Infected: Trojan.Win32.Crypt.o C:\WINDOWS\system32\geecc.dll Infected: Trojan.Win32.Crypt.o C:\WINDOWS\system32\hgagyfh.vxd Infected: Trojan.Win32.Painwin.a C:\WINDOWS\system32\hoapyee.sys Infected: Trojan.Win32.Painwin.a C:\WINDOWS\system32\hrakeec.sys Infected: Trojan.Win32.Painwin.a C:\WINDOWS\system32\htipyfr.vxd Infected: Trojan.Win32.Painwin.a C:\WINDOWS\system32\in2bS.dll Infected: Trojan-Dropper.Win32.Small.abe C:\WINDOWS\system32\Installer.exe Infected: Trojan-Dropper.Win32.Agent.u C:\WINDOWS\system32\jiak.exe Infected: Trojan-Downloader.Win32.Lastad.n C:\WINDOWS\system32\jiakndw30102lib.dll Infected: Trojan-Downloader.Win32.Lastad.h C:\WINDOWS\system32\Mservice.dll Infected: Trojan-Downloader.Win32.Wintrim.cj C:\WINDOWS\system32\ndw-enc-af9.exe Infected: Trojan-Downloader.Win32.Lastad.n C:\WINDOWS\system32\s_win32.exe Infected: Trojan-Downloader.Win32.Small.aav Scan process completed. and Vundo Fix: VundoFix V4.2.29 Scan started at 9:28:16 PM 3/7/2006 Listing files found while scanning.... C:\WINDOWS\system32\iifdc.dll C:\WINDOWS\system32\cdfii.ini C:\WINDOWS\system32\cdfii.ini2 C:\WINDOWS\system32\cdfii.ini2 C:\WINDOWS\system32\cdfii.ini C:\WINDOWS\system32\cdfii.ini2 C:\WINDOWS\system32\iifdc.dll Attempting to delete C:\WINDOWS\system32\iifdc.dll C:\WINDOWS\system32\iifdc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\cdfii.ini C:\WINDOWS\system32\cdfii.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cdfii.ini2 C:\WINDOWS\system32\cdfii.ini2 Has been deleted! Performing Repairs to the registry. Done! Last edited by kimbatheknome; 03-07-2006 at 10:32 PM.