Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1 (Edited by Moderator)
So, I seem to have installed some resilient malware

Edit: Please excuse the title, I started typing then began on the post intending to finish it later but forgot about it before I posted; the topic also seems to be uneditable.

So, I seem to have installed some resilient malware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:10 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=309&PURCH_DT_MONTH=&PURCH_DT_DAY=&PURCH_DT_YEAR=&product_name=&PROD_SERIAL_ID=&gwCountry=US&language=EN&prodOS=&lf=RED
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wsnpoem.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vilsqzvd.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O23 - Service: AddFiltr - Unknown owner - -"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - -"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - -"C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (file missing)
O23 - Service: LiveUpdate - Unknown owner - -"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - -"C:\Program Files\Viewpoint\Common\ViewpointService.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 6799 bytes


Computer is a Compaq Presario V3000 Laptop

I'm the tech savvy one and I seem to have gotten some nasty stuff on this computer downloading some unscrupulous files. I've done the normal stuff like Spybot S&D.



An example of one of the spyware/virus things.


Any advice?


Edit: Just saw the thing about doing a Panda online scan before posting, I've already done a scan with Nod32 and it's found quite a things (currently running the Panda scan now, will post the results once it's done):

12/3/2007 5:16:32 PM Real-time file system protection file C:\WINDOWS\system32\drivers\wsnpoem.sys probably unknown NewHeur_PE virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wsnpoem.exe.
12/3/2007 4:35:52 PM HTTP filter file http://82.98.235.78/cook/poiu.exe?uid=0746863AA06E11DC9A0FFFFFFFFAFFFF&guid=734EC9361B48420699E54F91A2FD01B5 Win32/TrojanDownloader.Tiny.ID trojan connection terminated - quarantined COMPTUTER\Kayla Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.
12/3/2007 8:33:10 AM Real-time file system protection file C:\WINDOWS\system32\drivers\wsnpoem.sys probably unknown NewHeur_PE virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wsnpoem.exe.
12/3/2007 8:33:10 AM Real-time file system protection file C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP228\A0022370.sys probably unknown NewHeur_PE virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
12/2/2007 7:48:33 PM HTTP filter file http://82.98.235.78/cook/poiu.exe?uid=0746863AA06E11DC9A0FFFFFFFFAFFFF&guid=734EC9361B48420699E54F91A2FD01B5 Win32/TrojanDownloader.Tiny.ID trojan connection terminated - quarantined COMPTUTER\new Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.
12/1/2007 11:00:19 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:59:55 PM Real-time file system protection file C:\WINDOWS\system32\drivers\wsnpoem.sys probably unknown NewHeur_PE virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\wsnpoem.exe.
12/1/2007 10:51:33 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:49:35 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:48:26 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:47:25 PM Real-time file system protection file C:\WINDOWS\system32\dxdllreg.exe~ Win32/TrojanDownloader.Delf.NUF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Documents and Settings\Brandon\Desktop\FxVMonde.exe.
12/1/2007 10:45:42 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:44:19 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:40:50 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:40:50 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:35:33 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:31:33 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:28:56 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:28:54 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:26:52 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:25:40 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:25:25 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:24:59 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:22:37 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:15:53 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:15:51 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:15:27 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:13:43 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:13:40 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:13:39 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:11:58 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:11:57 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:09:47 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:09:07 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:08:03 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:07:51 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:07:45 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:07:45 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:05:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:05:13 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:04:09 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 10:03:01 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:59:33 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:57:07 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:56:25 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:56:23 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:54:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:53:49 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:53:42 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:53:09 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:50:36 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:50:36 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:47:37 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:46:34 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:44:40 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:42:02 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:42:00 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:30:56 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:30:25 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:24:11 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:23:24 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:20:44 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:19:30 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:19:30 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:19:05 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:18:52 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:18:21 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:16:29 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:16:19 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:15:21 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:14:48 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:14:33 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:01:23 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 9:01:23 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:58:53 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:58:53 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:53:33 PM Real-time file system protection file C:\Documents and Settings\Brandon\Local Settings\Temporary Internet Files\Content.IE5\412NC9AZ\ykcibydjpv[1].txt Win32/TrojanDownloader.Small.NYC trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Documents and Settings\Brandon\Desktop\FxVMonde.exe.
12/1/2007 8:53:32 PM Real-time file system protection file C:\Documents and Settings\Brandon\Local Settings\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Documents and Settings\Brandon\Desktop\FxVMonde.exe.
12/1/2007 8:49:22 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:48:19 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 8:48:04 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:47:21 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:47:12 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:47:09 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:46:23 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:46:02 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:46:01 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:46:01 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:05:29 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe.
12/1/2007 8:05:29 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe.
12/1/2007 8:04:32 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe.
12/1/2007 8:04:32 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe.
12/1/2007 8:03:37 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe.
12/1/2007 8:02:23 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:01:31 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\Program Files\Internet Explorer\IEXPLORE.EXE.
12/1/2007 8:01:24 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:01:12 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:01:02 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:00:35 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:00:32 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 8:00:13 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:59:53 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:59:19 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:59:07 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:58:07 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:57:47 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:57:24 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:57:24 PM Real-time file system protection file C:\windows\system32\kpdsregn.exe a variant of Win32/Adware.ZenoSearch application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\windows\system32\dwdsregt.exe.
12/1/2007 7:57:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:57:01 PM Real-time file system protection file C:\WINDOWS\system32\dxdllreg.exe Win32/TrojanDownloader.Delf.NUF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Common Files\Microsoft Shared\MSInfo\msnfo32.exe.
12/1/2007 7:56:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:56:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:56:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:56:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:56:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:56:20 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\Explorer.EXE.
12/1/2007 7:51:29 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:49:58 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:48:50 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:48:45 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:48:44 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:48:43 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:48:25 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:48:19 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:48:13 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:47:35 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:47:16 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:45:14 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:45:04 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:44:55 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:44:55 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:44:34 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:44:34 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:44:14 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:41:45 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:41:17 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:41:08 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:40:58 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:40:50 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:40:50 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:40:50 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:39:48 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:39:39 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:39:10 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:38:31 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:38:21 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:38:14 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:38:14 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:38:07 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:37:48 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:37:24 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:37:18 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:37:18 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:34:50 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:34:45 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:34:45 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:33:57 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:33:34 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:33:33 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:33:32 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:32:41 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:32:26 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:32:09 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:32:04 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:32:04 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
12/1/2007 7:32:04 PM Real-time file system protection file C:\WINDOWS\system32\awtturp.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
 

·
Registered
Joined
·
2 Posts
Discussion Starter #2 (Edited by Moderator)
Removed Viewpoint manually. Apparently whenever I start IE7 (which Panda scan will only run in) it crashes after a few seconds. Also the IETab extension for Firefox doesn't seem to work for the Panda Online scan.

There's also some toolbar on IE that I don't recongize but I can see before it crashes.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:50 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=309&PURCH_DT_MONTH=&PURCH_DT_DAY=&PURCH_DT_YEAR=&product_name=&PROD_SERIAL_ID=&gwCountry=US&language=EN&prodOS=&lf=RED
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wsnpoem.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vilsqzvd.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O23 - Service: AddFiltr - Unknown owner - -"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - -"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - -"C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (file missing)
O23 - Service: LiveUpdate - Unknown owner - -"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 6597 bytes

Updated Hijackthis log.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hello, and Welcome to TSF.

If you still require assistance for this issue, and you're not already getting help elsewhere, follow the instructions in this post.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please do not wrap logs in any bbcode tags. They make it more difficult to review the logs.


---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet....pull the plug!
  3. Go to
    -> Run -> paste in the following single line command & click OK


    "%userprofile%\desktop\combofix.exe" /killall




  4. Follow the prompts. Type "1" and press Enter to begin the scan.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  7. Re-establish an internet connection.
  8. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top