Page 1 of 3 123 LastLast
Results 1 to 10 of 23
  1. #1
    Member
    Join Date
    Dec 2007
    Posts
    24
    Points
    0

    Default Housecall sez I have Troj_Vundo.aca infection - Can't delete

    I've done all your recommendations. I'm getting constantly hit with viruses. Most are W32.Trats!inf. Housecall says I have Troj_Vundo.aca infection. I can't quarantine or delete. Norton Antivirus CE doesn't recognize. Here is my hijack log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:38:03 PM, on 1/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Pima] "C:\WINDOWS\system32\YSTEM3~1\alg.exe" -vt yazb
    O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\jtouwiwv.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
    O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199126503609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 5916 bytes

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    We need to change the current name of your current HJT program

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    To:

    C:\Program Files\Trend Micro\HijackThis\problems.exe

    Post a new HJT log

    BG

  3. #3
    Member
    Join Date
    Dec 2007
    Posts
    24
    Points
    0

    Default New log

    I just ran NAV CE in safe mode and it detected 21 instances of Trojan.Vundo, 4 instances of Trojan.Metajuan which have all been quarantined and 4 instances of W32.Trats!inf which have been repaired. When I re-booted, NAV CE had detected 100+ instances of Trojan.Vundo but it could not quarantine or delete

    Here's the new file.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:57:46 PM, on 1/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijack This\Problems.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstt.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: {2ec56f67-5998-f5bb-1014-ab654d1f0005} - {5000f1d4-56ba-4101-bb5f-899576f65ce2} - C:\WINDOWS\system32\tbtduikh.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\ddcddef.dll
    O2 - BHO: (no name) - {F325F51C-A4B4-4CBC-B2A3-538ED31D4EF7} - C:\WINDOWS\system32\vtstt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Pima] "C:\WINDOWS\system32\YSTEM3~1\alg.exe" -vt yazb
    O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\jtouwiwv.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
    O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199126503609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: ddcddef - C:\WINDOWS\SYSTEM32\ddcddef.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 7415 bytes

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Dec 2007
    Posts
    24
    Points
    0

    Default Safe Mode vs. Normal Mode

    Can I run in Safe Mode? When I boot up in Normal Mode, I get hit by those viruses. Also, I ran both Housecall and NAV CE in safe mode and they both detected the Trojan Vundo virus in file ddcddef.dll but could not quarantine/delete.

  6. #6
    Member
    Join Date
    Dec 2007
    Posts
    24
    Points
    0

    Default ComboFix Log and Hijack Log

    ComboFix 08-01-09.2 - Dad 2008-01-10 18:55:31.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1609 [GMT -5:00]
    Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\mrofinu72.exe
    C:\WINDOWS\SYSTEM32\bcevbusr.ini
    C:\WINDOWS\system32\ctfmon.exe.tmp
    C:\WINDOWS\system32\ddcddef.dll
    C:\WINDOWS\SYSTEM32\dveotrmg.ini
    C:\WINDOWS\SYSTEM32\hajotbbx.ini
    C:\WINDOWS\system32\hwmodqib.dll
    C:\WINDOWS\SYSTEM32\ksugongm.ini
    C:\WINDOWS\SYSTEM32\laklysbp.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\owsoluqv.dll
    C:\WINDOWS\system32\pbsylkal.dll
    C:\WINDOWS\SYSTEM32\raspkbpv.ini
    C:\WINDOWS\SYSTEM32\ttstv.ini
    C:\WINDOWS\SYSTEM32\ttstv.ini2
    C:\WINDOWS\SYSTEM32\upilevfc.ini
    C:\WINDOWS\SYSTEM32\vrkcnelu.ini
    C:\WINDOWS\system32\vtstt.dll
    C:\WINDOWS\system32\vtstt.exe
    C:\WINDOWS\system32\xbbtojah.dll
    C:\WINDOWS\system32\ystem3~1
    C:\WINDOWS\system32\ystem3~1\?ystem32\

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
    .

    2008-01-10 18:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-10 18:46 . 2008-01-10 18:52 74,304 --a------ C:\WINDOWS\SYSTEM32\aksynefi .exe
    2008-01-10 18:42 . 2008-01-10 18:46 416,768 --a------ C:\WINDOWS\SYSTEM32\aksynefi.exe
    2008-01-05 01:31 . 2008-01-05 01:31 d-------- C:\Program Files\Trend Micro
    2008-01-05 01:30 . 2008-01-05 01:31 812,344 --a------ C:\HJTInstall.exe
    2008-01-05 00:32 . 2008-01-05 00:32 d-------- C:\Program Files\Lavasoft
    2008-01-04 21:50 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
    2008-01-04 20:31 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
    2008-01-04 20:31 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\xxyenwpducfp.sys
    2008-01-03 21:06 . 2008-01-03 21:06 15,360 --a------ C:\Trojan_Adclicker2.xls
    2008-01-03 20:53 . 2008-01-03 20:53 d-------- C:\Fix Vundo
    2008-01-03 20:37 . 2008-01-03 21:06 23,552 --a------ C:\Trojan_Adclicker.xls
    2008-01-03 20:35 . 2008-01-03 20:35 2,741 --a------ C:\Trojan_Adclicker.csv
    2008-01-01 21:12 . 2008-01-01 21:12 d-------- C:\Program Files\Windows Defender
    2008-01-01 13:56 . 2008-01-01 13:56 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-01 13:55 . 2008-01-01 13:55 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-01 11:50 . 2008-01-01 11:50 d-------- C:\Documents and Settings\Dad\.housecall6.6
    2008-01-01 11:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
    2008-01-01 11:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
    2008-01-01 02:26 . 2008-01-01 13:10 27,136 --a------ C:\Activescan.doc
    2007-12-31 16:29 . 2007-12-31 16:29 d-------- C:\WINDOWS\SYSTEM32\ActiveScan
    2007-12-31 16:29 . 2008-01-04 20:28 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
    2007-12-31 16:29 . 2008-01-04 20:28 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
    2007-12-31 16:29 . 2008-01-04 20:28 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
    2007-12-31 16:04 . 2007-12-31 16:04 d-------- C:\Program Files\Hijack This
    2007-12-31 13:44 . 2007-12-31 13:44 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-31 12:30 . 2007-12-31 12:30 294 ---hs---- C:\WINDOWS\SYSTEM32\jguumqpi.ini
    2007-12-29 18:21 . 2007-12-29 18:21 d-------- C:\Program Files\SpywareBlaster
    2007-12-29 18:01 . 2007-12-29 18:01 294 ---hs---- C:\WINDOWS\SYSTEM32\nyluamdn.ini
    2007-12-28 15:25 . 2007-12-28 15:25 1,080 --a------ C:\lkxnjyts .bat
    2007-12-28 15:20 . 2007-12-28 15:20 127,378 --a------ C:\avenger.zip
    2007-12-27 12:53 . 2007-12-27 12:53 d-------- C:\Documents and Settings\Dad\Application Data\PrevxCSI
    2007-12-27 12:53 . 2007-12-27 12:53 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2007-12-27 12:47 . 2007-12-27 12:46 1,308,216 --a------ C:\HiJackThis_v2.exe
    2007-12-27 12:10 . 2007-12-27 12:10 d--hs---- C:\FOUND.002
    2007-12-24 12:44 . 2007-12-24 12:44 d--hs---- C:\FOUND.001
    2007-12-23 23:20 . 2007-12-23 23:20 90 --a------ C:\WINDOWS\wininit.ini
    2007-12-23 15:01 . 2007-12-23 15:01 d-------- C:\Program Files\Enigma Software Group
    2007-12-23 14:46 . 2007-12-24 00:31 155,648 --a------ C:\WINDOWS\SYSTEM32\NeroCheck .exe
    2007-12-23 14:46 . 2008-01-10 18:52 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
    2007-12-23 09:06 . 2007-12-23 09:06 d-------- C:\WINDOWS\SYSTEM32\?pPatch
    2007-12-23 09:06 . 2007-12-28 15:25 39,936 --a------ C:\WINDOWS\mrofinu72.exe.tmp
    2007-12-21 07:53 . 2007-12-21 07:53 d--hs---- C:\FOUND.000

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-05 06:27 15,360 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ctfmon.exe
    2008-01-05 06:27 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
    2007-12-02 18:07 --------- d-----w C:\Program Files\Intel Corporation
    2007-11-30 20:59 8,135 ----a-w C:\PayrollTaxScope.doc.zip
    2007-11-28 22:01 --------- d-----w C:\Documents and Settings\Donna\Application Data\Leadertech
    2007-11-28 22:01 --------- d-----w C:\Documents and Settings\Donna\Application Data\AdobeAUM
    2007-11-17 20:54 --------- d-----w C:\Program Files\AOL 9.1b
    2007-11-17 20:26 --------- d-----w C:\Program Files\AOL 9.1a
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
    2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\dllcache\lsasrv.dll
    2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
    2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
    2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
    2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wmasf.dll
    2007-10-27 17:45 499,712 ----a-w C:\WINDOWS\SYSTEM32\msvcp71.dll
    2007-10-27 17:45 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
    2007-10-23 04:19 3,233 ----a-w C:\EmergencyContact.xls.zip
    2007-10-11 11:21 103,808 ----a-w C:\WINDOWS\SYSTEM32\AOLDial.dll
    2006-03-13 18:46 271 --sh--w C:\Program Files\desktop.ini
    2006-03-13 18:46 23,357 ---h--w C:\Program Files\folder.htt
    .
    Code:
    ----a-w            15,360 2008-01-10 23:52:24  C:\WINDOWS\SYSTEM32\ctfmon .exe
    ----a-w           155,648 2007-12-24 05:31:46  C:\WINDOWS\SYSTEM32\NeroCheck .exe
    ----a-w            74,304 2008-01-10 23:52:12  C:\WINDOWS\SYSTEM32\aksynefi .exe
    ----a-w            71,216 2007-12-29 22:48:54  C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
    ----a-w            42,032 2008-01-03 11:36:36  C:\Program Files\Common Files\AOL\1142524126\ee\AOLSoftware .exe
    ----a-w           185,896 2007-12-29 22:49:04  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    ----a-w         1,694,208 2008-01-02 02:25:48  C:\Program Files\Messenger\MSMSGS .EXE
    ----a-w            67,160 2007-12-30 02:50:22  C:\Program Files\AIM\aim .exe
    ----a-w            49,152 2007-12-29 22:49:04  C:\Program Files\HP\HP Software Update\HPWuSchd .exe
    ----a-w           241,664 2007-12-29 22:49:02  C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
    ----a-w            98,304 2007-12-23 19:47:10  C:\Program Files\QuickTime\qttask .exe
    ----a-w            98,304 2007-12-24 02:03:02  C:\Program Files\QuickTime\qttask  .exe
    ----a-w            98,304 2007-12-24 03:01:56  C:\Program Files\QuickTime\qttask   .exe
    ----a-w            98,304 2007-12-24 03:11:16  C:\Program Files\QuickTime\qttask    .exe
    ----a-w            98,304 2007-12-24 03:41:30  C:\Program Files\QuickTime\qttask     .exe
    ----a-w            98,304 2007-12-24 04:22:32  C:\Program Files\QuickTime\qttask      .exe
    ----a-w            98,304 2007-12-24 17:59:00  C:\Program Files\QuickTime\qttask       .exe
    ----a-w            98,304 2007-12-27 17:17:44  C:\Program Files\QuickTime\qttask        .exe
    ----a-w            98,304 2007-12-27 17:22:22  C:\Program Files\QuickTime\qttask         .exe
    ----a-w            98,304 2007-12-27 17:41:14  C:\Program Files\QuickTime\qttask          .exe
    ----a-w            98,304 2007-12-27 21:51:22  C:\Program Files\QuickTime\qttask           .exe
    ----a-w            98,304 2007-12-28 06:19:38  C:\Program Files\QuickTime\qttask            .exe
    ----a-w            98,304 2007-12-28 13:33:08  C:\Program Files\QuickTime\qttask             .exe
    ----a-w            98,304 2007-12-28 20:25:04  C:\Program Files\QuickTime\qttask              .exe
    ----a-w            98,304 2007-12-29 23:07:06  C:\Program Files\QuickTime\qttask               .exe
    ----a-w            99,480 2007-12-29 22:48:58  C:\Program Files\Pure Networks\Port Magic\PortAOL .exe
    ----a-w            73,728 2008-01-10 00:18:26  C:\Program Files\NavNT\vptray .exe
    ----a-w           132,496 2007-12-29 22:48:58  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w            57,344 2007-12-29 22:49:04  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
    ----a-w            68,856 2007-12-23 19:56:20  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    ----a-w            50,528 2007-12-30 02:50:28  C:\Program Files\AOL 9.1a\AOL .EXE
    ----a-w            50,528 2008-01-03 11:35:10  C:\Program Files\AOL 9.1b\AOL .EXE
    ----a-w           866,584 2008-01-02 02:25:32  C:\Program Files\Windows Defender\MSASCui .exe

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-05 01:27 15360]
    "ATI Launchpad"="" []
    "ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "Pima"="C:\WINDOWS\system32\YSTEM3~1\alg.exe" [ ]
    "AOL Fast Start"="C:\Program Files\AOL 9.1a\AOL.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
    "vptray"="C:\Program Files\NavNT\vptray.exe" [ ]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]
    Event Planner Reminder.lnk - C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe [2005-08-30 17:18:30]

    R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2002-10-15 21:57]
    R2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-05 00:00]
    R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-05 00:00]
    R2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-05 00:00]
    R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-05 00:00]
    R2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 00:29]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-08-11 14:27]
    S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 12:12]
    S3 RioDrv;Rio600 driver;C:\WINDOWS\system32\Drivers\RioDrv.sys [2003-03-31 07:00]
    S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-29 21:20]
    S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-29 21:19]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-01-10 23:55:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-10 19:00:35
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\System32\NavLogon.dll
    .
    Completion time: 2008-01-10 19:01:45 - machine was rebooted [Dad]
    ComboFix-quarantined-files.txt 2008-01-11 00:01:44
    .
    2008-01-10 23:50:02 --- E O F ---





    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:06:32 PM, on 1/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
    C:\Program Files\Hijack This\Problems.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Pima] "C:\WINDOWS\system32\YSTEM3~1\alg.exe" -vt yazb
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
    O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199126503609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 6855 bytes

  7. #7
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Are your pop ups gone now?

    Yes, Combo fix can be run in the safe mode if it can not be run in the normal mode.

    Please don't run programs that we do not ask you to run. Makes it harder on us.

    Steamwiz will review your combo log, but he is behind on these reviews. He too can have problems, like a failing PSU.

    BG

  8. #8
    Member
    Join Date
    Dec 2007
    Posts
    24
    Points
    0

    Default Problems appear to be fixed

    No more pop-ups. No more virus attacks. Thanks for all the help!

  9. #9
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Don't think we are done yet - steamwiz needs to review the combo log.

    BG

  10. #10
    Member
    Join Date
    Dec 2007
    Posts
    24
    Points
    0

    Default Command Services

    OK. There is one additional item. AOL Spyware keeps on blocking adware called "Command Services". It happened 13 times yesterday and 2 times today, so far. Is there anything I can do to stop it - not the blocking but the fact that it has to stop it so many times a day?

Page 1 of 3 123 LastLast