Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help - Malware / Virus Removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 joeyt100

joeyt100

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 28 April 2008 - 09:56 AM

I think I have a virus / malware on my comptuer, I removed a program called outterinfo but there are still dll files in c:/windows/system32 that I cannot delete, and I know that they are at least screwing with my internet / firefox stuff, and maybe when I try to write pdfs, and who knows what else. Thank you so much for your help!!!!!!!!!!


=========Here are is the main log:=========

Deckard's System Scanner v20071014.68
Run by jsmith on 2008-04-28 10:41:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
64: 2008-04-28 14:42:15 UTC - RP848 - Deckard's System Scanner Restore Point
63: 2008-04-27 21:53:05 UTC - RP847 - System Checkpoint
62: 2008-04-26 20:53:04 UTC - RP846 - System Checkpoint
61: 2008-04-25 20:50:15 UTC - RP845 - Installed McAfee VirusScan Enterprise
60: 2008-04-25 20:48:21 UTC - RP844 - Removed McAfee VirusScan Enterprise


-- First Restore Point --
1: 2008-04-24 13:04:10 UTC - RP785 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as jsmith.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:14 AM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Windows\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\WISPTIS.EXE
C:\Documents and Settings\jsmith\Desktop\dss.exe
C:\DOCUME~1\jsmith\Desktop\jsmith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {14473703-A96F-4ABA-9179-2C631DAC63AC} - C:\Windows\system32\pmnOecCs.dll
O2 - BHO: {b43dfbca-4ad0-152a-d5b4-1b469dbfab85} - {58bafbd9-64b1-4b5d-a251-0da4acbfd34b} - C:\Windows\system32\glecjawl.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\Windows\system32\rqRJDstU.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [BM1368e581] Rundll32.exe "C:\Windows\system32\tkkdnidv.dll",s
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.ritzpix.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188221027600
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188221018146
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nylan.locl
O17 - HKLM\Software\..\Telephony: DomainName = nylan.locl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nylan.locl
O20 - Winlogon Notify: rqRJDstU - C:\Windows\SYSTEM32\rqRJDstU.dll
O23 - Service: Configuration Loader (a3) - Unknown owner - C:\Windows\System32\smss32.exe (file missing)
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: IntelŪ NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 8679 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\jsmith\Desktop\backups\) --------------

backup-20080425-142740-128 O4 - HKLM\..\Run: [BM1368e581] Rundll32.exe "C:\Windows\system32\vwxiqakx.dll",s
backup-20080425-142740-243 O4 - HKLM\..\Run: [105bd61d] rundll32.exe "C:\Windows\system32\ihawujcc.dll",b
backup-20080425-142740-254 O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
backup-20080425-142740-336 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080425-142740-395 O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
backup-20080425-142740-429 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
backup-20080425-142740-594 O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
backup-20080425-142740-942 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080425-142844-754 O4 - HKLM\..\Run: [BM1368e581] Rundll32.exe "C:\Windows\system32\vwxiqakx.dll",s
backup-20080425-142859-547 O4 - HKLM\..\Run: [BM1368e581] Rundll32.exe "C:\Windows\system32\vwxiqakx.dll",s
backup-20080428-093735-618 O4 - HKLM\..\Run: [105bd61d] rundll32.exe "C:\Windows\system32\jigvdlay.dll",b
backup-20080428-093735-660 O4 - HKLM\..\Run: [BM1368e581] Rundll32.exe "C:\Windows\system32\tkkdnidv.dll",s
backup-20080428-093852-866 O4 - HKLM\..\Run: [BM1368e581] Rundll32.exe "C:\Windows\system32\tkkdnidv.dll",s
backup-20080428-093908-661 O4 - HKLM\..\Run: [BM1368e581] Rundll32.exe "C:\Windows\system32\tkkdnidv.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 ClntMgmt (Compaq Client Management Driver) - c:\windows\system32\drivers\clntmgmt.sys <Not Verified; Compaq Computer Corp; Compaq Client Management Driver>
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; IntelŪ NMSCFG Driver>

S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AClient (Altiris Client Service) - c:\compaq\aclient\aclient.exe -service <Not Verified; Altiris, Inc.; Altiris Client Agent for Windows>
R2 CPQALERT (Compaq Local Alerter) - c:\program files\compaq\compaq management agents\cpqalert.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 CpqDfwWebAgent (Compaq Remote Diagnostics Enabling Agent) - c:\windows\cpqdiag\cpqdfwag.exe <Not Verified; Compaq Computer Corporation; Compaq Remote Diagnostics Enabling Agent>
R2 cpqdmi - c:\progra~1\compaq\compaq~1\cpqdmi.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 cpqWebDmi (Compaq DMI Web Agent) - c:\progra~1\compaq\compaq~1\cpqweb~1\webdmi.exe <Not Verified; Compaq Computer Corporation; Compaq Management Agents>
R2 NMSSvc (IntelŪ NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
R2 WIN32SL - c:\program files\compaq\compaq management agents\dmi\win32\bin\win32sl.exe <Not Verified; Intel; DMI 2.0 SDK>
R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>

S2 a3 (Configuration Loader) - "c:\windows\system32\smss32.exe" -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 18:28:06 284 --a------ C:\Windows\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-28 and 2008-04-28 -----------------------------

2008-04-28 09:55:04 20480 --a------ C:\Windows\system32\HPZISN12.DLL <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-04-28 09:55:04 30208 --a------ C:\Windows\system32\HPZIPT12.DLL <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-04-28 09:55:04 33792 --a------ C:\Windows\system32\HPZIPR12.DLL <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-04-28 09:55:04 52736 --a------ C:\Windows\system32\HPZIPM12.DLL <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-04-28 09:55:04 43520 --a------ C:\Windows\system32\HPZINW12.DLL <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-04-28 09:55:04 49152 --a------ C:\Windows\system32\HPZIDR12.DLL <Not Verified; Hewlett-Packard; Bidi User Mode>
2008-04-28 09:55:04 94208 --a------ C:\Windows\system32\HPJIPX1U.DLL <Not Verified; Hewlett-Packard; Hewlett-Packard HPNWIPX>
2008-04-28 09:55:04 163840 --a------ C:\Windows\system32\HPJCMN2U.DLL <Not Verified; Hewlett-Packard; Hewlett-Packard Federation Hpcommon Library>
2008-04-28 09:55:04 7680 --a------ C:\Windows\system32\HPBPROPS.DLL <Not Verified; Hewlett-Packard Company; Bidi (Missile) User Mode>
2008-04-28 09:55:04 38912 --a------ C:\Windows\system32\HPBPRO.DLL <Not Verified; Hewlett-Packard Company; Bidi (Missile) User Mode>
2008-04-28 09:55:04 7680 --a------ C:\Windows\system32\HPBOIDPS.DLL <Not Verified; Hewlett-Packard Company; Bidi (Missile) User Mode>
2008-04-28 09:55:04 49152 --a------ C:\Windows\system32\HPBNRAC2.DLL <Not Verified; Hewlett-Packard; HPBNRAC2>
2008-04-28 09:55:04 241721 --a------ C:\Windows\system32\HPBMINI.DLL <Not Verified; Hewlett-Packard; Hewlett-Packard Mini-Installer>
2008-04-28 09:55:03 25600 --a------ C:\Windows\system32\HPBOID.DLL <Not Verified; Hewlett-Packard Company; Bidi (Missile) User Mode>
2008-04-28 09:55:03 24576 --a------ C:\Windows\system32\HPBMIAPI.DLL <Not Verified; Hewlett-Packard Company; Bidi (Missile) User Mode>
2008-04-28 09:33:29 95296 --a------ C:\Windows\system32\avikhqwr.dll
2008-04-28 09:30:29 108608 --a------ C:\Windows\system32\glecjawl.dll
2008-04-28 09:28:44 104000 --a------ C:\Windows\system32\tkkdnidv.dll
2008-04-27 09:25:38 94784 -----n--- C:\Windows\system32\jigvdlay.dll
2008-04-27 09:22:38 107072 --a------ C:\Windows\system32\ionabymt.dll
2008-04-27 09:19:38 105024 --a------ C:\Windows\system32\rxayfbta.dll
2008-04-26 09:19:38 107072 --a------ C:\Windows\system32\nglcpnot.dll
2008-04-26 09:17:06 106048 --a------ C:\Windows\system32\jcqhdnrx.dll
2008-04-25 16:53:02 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-25 16:47:33 0 d-------- C:\Program Files\McAfee
2008-04-25 16:47:33 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-25 15:12:01 0 d-------- C:\!KillBox
2008-04-25 12:08:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-04-24 12:40:36 1495552 --a------ C:\Windows\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-04-24 09:03:59 516530 --ahs---- C:\Windows\system32\sCceOnmp.ini2
2008-04-24 09:03:50 272384 --a------ C:\Windows\system32\pmnOecCs.dll
2008-04-23 17:44:37 37888 --a------ C:\Windows\system32\rqRJDstU.dll
2008-04-02 15:30:59 0 d-------- C:\Documents and Settings\jsmith\Application Data\Google
2008-04-02 15:30:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-31 10:15:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2008-04-25 16:53:48 0 d-------- C:\Program Files\Network Associates
2008-04-25 16:49:59 0 d-------- C:\Program Files\Common Files\Network Associates
2008-04-25 16:47:33 0 d-------- C:\Program Files\Common Files
2008-04-24 12:15:09 0 d-------- C:\Program Files\Picasa2
2008-04-23 10:14:24 0 d-------- C:\Documents and Settings\jsmith\Application Data\AdobeUM
2008-04-09 14:49:23 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-02 15:30:51 0 d-------- C:\Program Files\Google
2008-03-05 11:37:18 17232 --a----c- C:\Windows\mozver.dat
2008-03-03 10:24:55 0 d-------- C:\Documents and Settings\jsmith\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14473703-A96F-4ABA-9179-2C631DAC63AC}]
04/24/2008 09:03 AM 272384 --a------ C:\Windows\system32\pmnOecCs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58bafbd9-64b1-4b5d-a251-0da4acbfd34b}]
04/28/2008 09:30 AM 108608 --a------ C:\Windows\system32\glecjawl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6C54318-5AC7-477D-B0A7-49AF5189300C}]
04/25/2008 04:58 PM 37888 --a------ C:\Windows\system32\rqRJDstU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\System32\igfxtray.exe" [04/24/2002 04:28 PM]
"HotKeysCmds"="C:\Windows\System32\hkcmd.exe" [04/24/2002 04:20 PM]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [12/14/2001 04:01 PM]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [01/30/2002 07:01 PM]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [01/24/2002 07:03 PM]
"HPDJ Taskbar Utility"="C:\Windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [12/17/2002 06:25 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [08/19/2003 06:23 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [11/17/2006 01:39 PM]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [06/20/2004 09:45 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/22/2006 10:06 AM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 08:50 AM]
"BM1368e581"="C:\Windows\system32\tkkdnidv.dll" [04/28/2008 09:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/02/2008 03:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQDFWAG"=C:\Windows\Cpqdiag\CpqDfwAg.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 1:19:50 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/2/2008 3:30:10 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A6C54318-5AC7-477D-B0A7-49AF5189300C}"= C:\Windows\system32\rqRJDstU.dll [04/25/2008 04:58 PM 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJDstU]
rqRJDstU.dll 04/25/2008 04:58 PM 37888 C:\WINDOWS\system32\rqRJDstU.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\pmnOecCs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - NMSCFG
*Newly Created Service* - PML_DRIVER_HPZ12



-- End of Deckard's System Scanner: finished at 2008-04-28 10:46:12 ------------

=========And here is the extra log:=========
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: IntelŪ PentiumŪ 4 CPU 2.40GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 503.48 MiB / 240.17 MiB
Pagefile Memory (total/avail): 1230.21 MiB / 888.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.02 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 21.5 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT32)
M: is Network (NTFS)

\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:

\\.\PHYSICALDRIVE1 - Flash Drive UT_USB20 USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 244.98 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:Run Ultr@VNC SERVER"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

;Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jsmith\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOEY
ComSpec=C:\Windows\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jsmith
LOGONSERVER=\\NY_PDC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Blackbaud\The Raisers Edge 7\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\DOCUME~1\jsmith\LOCALS~1\Temp
TMP=C:\DOCUME~1\jsmith\LOCALS~1\Temp
USERDNSDOMAIN=NYLAN.LOCL
USERDOMAIN=NYLAN
USERNAME=jsmith
USERPROFILE=C:\Documents and Settings\jsmith
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
WIN32DMIPATH=C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

cdobson
lbenson (new local, net ready)
esimmons (admin)
administrator.NYLAN (admin)
Administrator (admin)
tball


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
#1 Free Solitaire --> "C:\Program Files\#1 Free Solitaire\unins000.exe"
AddressAccelerator Datafiles --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD09B91C-F9CE-4D9A-B06C-CE008A4216C2}\setup.exe"
Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat 6.0 Standard --> MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnalogX TSDropCopy --> C:\Program Files\AnalogX\TSDropCopy\tsdcu.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Belarc Advisor 5.0 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Compaq Management Agents --> C:\Windows\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Management Agents\DeIsL1.isu" -c"C:\Program Files\Compaq\Compaq Management Agents\cpqdmun.dll"
Compaq Remote Diagnostics Enabling Agent --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71A470E1-27E7-424E-803A-F9C0D41968D3}\SETUP.EXE" -l0x9
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crystal Report --> MsiExec.exe /I{F8B2F6A2-1429-44EF-A604-81CEF70B82CA}
Crystal Reports XI --> MsiExec.exe /I{7505DE9C-4E85-4636-82F0-50F38077B900}
Easy Access Button Support --> C:\Program Files\COMPAQ\Easy Access Button Support\Uninst.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToMeeting/GoToWebinar 3.0.0.190 --> C:\Documents and Settings\jsmith\Local Settings\Application Data\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "E:\HijackThis.exe" /uninstall
hp deskjet 6127 --> MsiExec.exe /X{EE2135D1-AE49-4D42-B856-DA3F2CC09E39}
IntelŪ 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\Windows\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelŪ PRO Ethernet Adapter and Software --> Prounstl.exe
IntelŪ PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (en-US)"
Netscape (7.1) --> C:\Windows\NSUninst.exe /ua "7.1b1 (en)"
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Radio@Netscape --> C:\Program Files\Radio@Netscape\Uninstall Radio@Netscape.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Setup Compaq Software --> C:\Windows\IsUninst.exe -f"C:\Program Files\COMPAQ\Setup Compaq Software\Uninst.isu" -c"C:\Program Files\COMPAQ\Setup Compaq Software\CPQUNST.DLL"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Symantec pcAnywhere --> MsiExec.exe /I{B05E8183-866A-11D3-97DF-0000F8D8F2E9}
The Raiser's Edge --> MsiExec.exe /I{3ED92977-5FCD-11D3-9293-00104BD34E29}
Ultr@VNC Release 1.0.0 RC 18 - Win32 --> "C:\Program Files\UltraVNC\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinZip --> C:\PROGRA~1\WinZip\winzip32.exe /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type11226 / Error
Event Submitted/Written: 04/28/2008 09:28:28 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hkcmd.exe, version 3.0.0.1545, faulting module oleaut32.dll, version 5.1.2600.2180, fault address 0x00004874.
Processing media-specific event for [hkcmd.exe!ws!]

Event Record #/Type11220 / Error
Event Submitted/Written: 04/28/2008 09:25:16 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16473, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11218 / Error
Event Submitted/Written: 04/27/2008 01:00:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type11216 / Warning
Event Submitted/Written: 04/26/2008 05:53:03 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\System Volume Information\_restore{B22743D3-F062-426E-B1F6-9338BC116202}\RP845\A0045437.dll contains Vundo Trojan. The file was successfully deleted.

Event Record #/Type11215 / Warning
Event Submitted/Written: 04/26/2008 05:53:02 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\SYSTEM VOLUME INFORMATION\_RESTORE{B22743D3-F062-426E-B1F6-9338BC116202}\RP845\A0045437.DLL contains Vundo Trojan. The file was successfully deleted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35489 / Warning
Event Submitted/Written: 04/28/2008 10:28:35 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP Color LaserJet 2600n for Windows NT x86 Version-3 was added or updated. Files:- IMFNT5.DLL, SDNT5UI.DLL, SDhp2600.SDD, SDhp2600.HLP, a2600IP.dll, hp2600n.img, SDhp2600.DLL, SDhp2600.UNZ, SUhp2600.dll, SUhp2600.ent, SUhp2600.VER, vshp2600.dll, HP2600IR.dll, zlhp2600.dll, zshp2600.exe, ZSHP2600.HLP, IMF32.DLL, IMFPRINT.DLL, QDPRINT.DLL, Sd32.dll, SDIMF32.DLL, SDDM32.DLL, SDDMUI.DLL, Sr32.dll, SUxml.dll, xerces-c.dll, ZGDI32.DLL, ZJBIG.dll, zlm.dll, ZSPOOL.DLL, ZSPOOL32.EXE, ZTAG32.DLL, ZUNINST.EXE, SDNTUM4.DLL.

Event Record #/Type35486 / Warning
Event Submitted/Written: 04/28/2008 09:55:11 AM
Event ID/Source: 25 / Print
Event Description:
File(s) HPBOID.DLL associated with printer \\ny_pdc\HP LaserJet 4350 got added or updated.

Event Record #/Type35485 / Warning
Event Submitted/Written: 04/28/2008 09:55:00 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet 4350 PCL 6 for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPC43506.GPD, UNIDRV.HLP, hplj4x50.CFG, hpc4x506.gpd, hpzsc4wm.dtd, hpzui4wm.DLL, hpzpe4wm.DLL, hpzpi4wm.DLL, hpz6r4wm.DLL, hpcdmc32.DLL, hpbcfgre.DLL, HPBMIAPI.DLL, HPBOID.DLL, HPBOIDPS.DLL, HPBPRO.DLL, HPBPROPS.DLL, HPZIPM12.DLL, HPZINW12.DLL, HPZIPT12.DLL, HPZIPR12.DLL, HPZISN12.DLL, HPZIDR12.DLL, HPNRA.EXE, HPBNRAC2.DLL, HPBMINI.DLL, hpceac06.hpi, HPJCMN2U.DLL, HPJIPX1U.DLL, hpz6m4wm.GPD, hpzsm4wm.GPD, hpc4350c.ini, hpc43506.xml, hpzst4wm.DLL, hpzev4wm.DLL, pclxl.DLL, pjl.GPD, pclxl.GPD, HPZHL4wm.CAB, UNIRES.DLL, STDNAMES.GPD, hpzls4wm.DLL, hpzss4wm.DLL, hpzst4wm.dll, hpz3c4wm.dll, hpzur4wm.dll, hpzpnp.dll.

Event Record #/Type35469 / Error
Event Submitted/Written: 04/28/2008 09:28:22 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Configuration Loader service failed to start due to the following error:
%%2

Event Record #/Type35465 / Warning
Event Submitted/Written: 04/28/2008 09:20:56 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot JOEY failed



-- End of Deckard's System Scanner: finished at 2008-04-28 10:46:12 ------------

Edited by joeyt100, 29 April 2008 - 09:20 AM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:48 PM

Posted 29 April 2008 - 07:08 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:48 PM

Posted 11 May 2008 - 01:37 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users