Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Analyze For Me


  • This topic is locked This topic is locked
6 replies to this topic

#1 Vonneguts

Vonneguts

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 10 September 2006 - 12:40 AM

out of nowhere a pop up that looked like one of the windows messages...well i guess popped up, but anyway, it said in it Dr. Watson Postmortem and my computer froze, i googled it found it was a trojan and then did all the steps that brought me to this point, please help and analyze for me.

Logfile of HijackThis v1.99.1
Scan saved at 12:39:19 AM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\1141788766\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryan\Desktop\stng260.exe
C:\Documents and Settings\Bryan\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141788766\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

THANK YOU!!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 AM

Posted 10 September 2006 - 12:05 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download and run AimFix
It should return a small log. Please post that in your next reply.

Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Vonneguts

Vonneguts
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 10 September 2006 - 02:47 PM

Hi Sam, and thank you for helping me, here are the two logs you asked for

first the aimfix log
AIMFix version: 1.6.98.2220 (Sep 8 2006 22:20:36)
SeDebug Privilege set successfully
First, closing any running copies of AOL Instant Messenger (aim.exe):
KillProcByName(): aim.exe successfully terminated.

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

RegRunKeyExist(): Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
FU rootkit detected!
RegValueWrite() for HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\*AIMFix failed on call to RegOpenKeyEx: Cannot create a file when that file already exists.

RegWriteValue failed on creating RunOnce key for AIMFix
RegRunKeyExist(): Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegKill(): Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegKill(): Removed HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockts.xexe


AIMFix version: 1.6.98.2220 (Sep 8 2006 22:20:36)
SeDebug Privilege set successfully

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

RegRunKeyExist(): Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
FU rootkit detected!
RegValueWrite() for HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\*AIMFix failed on call to RegOpenKeyEx: Cannot create a file when that file already exists.

RegWriteValue failed on creating RunOnce key for AIMFix
RegRunKeyExist(): Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegKill(): Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegKill(): Removed HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stratas
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
RegKill(): "Run" key stratas found, removing value "lockx.exe"
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\msdirectx.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lo70.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lover.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\haxdrv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\msdrv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\sdkcore.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lo31.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\rdriv.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lock1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\l071.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\remon.sys
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockbr.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\nvidGUIv.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockbar.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\cdROM Drivers
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\l074.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\xz.bat
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\pics.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\pics[1].exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx10.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx11.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx12.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx2.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx3.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx4.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx5.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx7.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx8.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx1.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx6.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockx9.exe
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system32\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\system\lockts.xexe
quarantine(): Attemtped to Quarantine nonexistent file C:\WINDOWS\lockts.xexe
Reboot requested by user
BlockRemove(): Now checking for Block-Checker: .5
BlockRemove(): Block-Checker not found
IMNamesRemove(): Now checking for IMNames: .2
IMNamesRemove(): IM Names not found
CleanMstc(): mstc not found
C:\xz.bat found, attempting to remove...
quarantine(): C:\xz.bat quarantined
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\aprilbabyk\info.htm
Profile for aprilbabyk edited to remove possible virus code.
quarantine(): C:\Documents and Settings\Bryan\Application Data\Aim\brybort1\info.htm quarantined
Profile for brybort1 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\deadpetrock\info.htm
Profile for deadpetrock edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\deusexmachina231\info.htm
Profile for deusexmachina231 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\disciple53787\info.htm
Profile for disciple53787 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\festethefool23\info.htm
Profile for festethefool23 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\jpocks\info.htm
Profile for jpocks edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\mdurda84\info.htm
Profile for mdurda84 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\mourdecai\info.htm
Profile for mourdecai edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\ndbabe2004\info.htm
Profile for ndbabe2004 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\petarius2\info.htm
Profile for petarius2 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\rgbywing12\info.htm
Profile for rgbywing12 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\snetram123321\info.htm
Profile for snetram123321 edited to remove possible virus code.
quarantine(): Attemtped to Quarantine nonexistent file C:\Documents and Settings\Bryan\Application Data\Aim\snetram1233321\info.htm
Profile for snetram1233321 edited to remove possible virus code.

***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------

and the new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 2:45:50 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\1141788766\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Bryan\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141788766\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thank you again

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 AM

Posted 10 September 2006 - 05:02 PM

I notice that you have two antivirus programs running in your log - AVG and Norton. It's important that you only run one antivirus at a time. Running more than one can cause problems. Please uninstall one of them.


You must disable Spybot's Teatimer function before proceeding with this fix. Otherwise it will intefere with hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - SOFTWARE - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k




Please click Start -> Control Panel -> Add/Remove Programs and uninstall this program.

Viewpoint Manager



Update Java:
  • Click Start -> Control Panel -> Add/Remove Programs
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • The current version of Java can be downloaded from http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 8' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
Reboot and post a new hijackthis log.
Let me know of any problems that you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Vonneguts

Vonneguts
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 11 September 2006 - 12:24 AM

here ya go, and one thing i noticed that i also had in the add/remove programs a Viewpoint manager media player, should i also remove that?

Logfile of HijackThis v1.99.1
Scan saved at 12:21:58 AM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\1141788766\ee\AOLSoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Bryan\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimtoday.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141788766\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thank you :thumbsup:

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 AM

Posted 11 September 2006 - 08:38 PM

i noticed that i also had in the add/remove programs a Viewpoint manager media player, should i also remove that?

Yes, uninstall that one as well.

You still have both AVG and Norton in your log. I strongly recommend that you uninstall one of them.
Let me know of any problems that you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:42 AM

Posted 30 September 2006 - 10:10 AM

Unfortunately there has been no response, and this thread will now be closed. :thumbsup:

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users