Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

infected

Unread postby samone » September 29th, 2006, 9:29 pm

Friday, September 29, 2006 9:07:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/09/2006
Kaspersky Anti-Virus database records: 214402


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 55059
Number of viruses found 3
Number of infected objects 14 / 0
Number of suspicious objects 0
Duration of the scan process 01:24:16

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\newacct1031725\MyDB.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\newacct1031725\toolbar.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\newacct1031700 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\newacct1031725 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\newacct1031725.abi Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\newacct1031725.aby Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-06032006-102044.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Support.com\profiles\hspizzarelli\triggers.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640000.VBN/Counter.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640000.VBN/Beyond.class Infected: Trojan.Java.Femad skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640000.VBN/Worker.class Infected: Trojan.Java.Femad skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640000.VBN/web.exe Infected: Trojan-Downloader.Win32.Small.dmj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640000.VBN ZIP: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640000.VBN CryptZ: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640001.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640001.VBN/Counter.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640001.VBN/Beyond.class Infected: Trojan.Java.Femad skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640001.VBN/Worker.class Infected: Trojan.Java.Femad skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640001.VBN/web.exe Infected: Trojan-Downloader.Win32.Small.dmj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640001.VBN ZIP: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C640001.VBN CryptZ: infected - 5 skipped

C:\Documents and Settings\hspizzarelli\Application Data\Aim\ygjazbuf\sstarkiss52\cert8.db Object is locked skipped

C:\Documents and Settings\hspizzarelli\Application Data\Aim\ygjazbuf\sstarkiss52\key3.db Object is locked skipped

C:\Documents and Settings\hspizzarelli\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped

C:\Documents and Settings\hspizzarelli\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped

C:\Documents and Settings\hspizzarelli\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped

C:\Documents and Settings\hspizzarelli\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped

C:\Documents and Settings\hspizzarelli\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\ApplicationHistory\QUCat.exe.d82a6b0.ini.inuse Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{216F4700-5515-43C8-A404-1E15A0E60D34} Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\History\History.IE5\MSHist012006092920060930\index.dat Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Temp\Perflib_Perfdata_f24.dat Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Temp\~DF80C9.tmp Object is locked skipped

C:\Documents and Settings\hspizzarelli\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\hspizzarelli\ntuser.dat Object is locked skipped

C:\Documents and Settings\hspizzarelli\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\hspizzarelli\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0069NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0504NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{86E2E372-87ED-4F43-BBB8-9580C75EC52A}\RP218\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{86E2E372-87ED-4F43-BBB8-9580C75EC52A}\RP218\change.log Object is locked skipped

Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 8:19:17 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\QU STP\Computer Checkup Service\QUCat.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HSPIZZ~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quinnipiac.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QUCat] C:\Program Files\QU STP\Computer Checkup Service\QUCat.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://citrix/citrix/ICAWEB/en/ica32/ica32t.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4667734093
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = quinnipiac.edu
O17 - HKLM\Software\..\Telephony: DomainName = quinnipiac.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = quinnipiac.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = quinnipiac.edu
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
samone
Regular Member
 
Posts: 23
Joined: September 4th, 2006, 10:02 pm
Advertisement
Register to Remove

Unread postby Susan528 » September 30th, 2006, 8:31 am

Hello sameone,

Your Norton anti-virus has quarantined the infections and that is all Kapersky found.
Are you experiencing any problems?

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.

You can permanently delete the file in quarantine if you so desire.
http://service1.symantec.com/SUPPORT/na ... 1213443506

Let's go ahead and delete those files from Quarantine.
WARNING: Do not do this unless you are sure that you do not need the files that are in Quarantine. Files removed from Quarantine are not placed in the Recycle bin. Removing files from Quarantine will permanently delete the files from the computer.
________________________________________
Go to the section that describes your version of Norton AntiVirus and follow the steps.

To remove Norton AntiVirus 2006 files from Norton Quarantine and Restore
  • Start Norton AntiVirus.
  • If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program and click Norton AntiVirus.
  • In the left pane, click Reports.
  • Click View Norton Quarantined and Restore
  • In the left pane, select the type of risk that you want to remove.
  • In the right pane, select the files that you want to remove.
  • To select multiple items, press and hold down the Ctrl key while clicking the items that you want to select for deletion. To select everything in Quarantine, click the first item in the list, and then press Shift+End.
  • Click Delete Item.
  • When prompted "Warning! Are you sure that you want to remove this item from Quarantine," click Yes.
  • Close the Quarantine window, and then exit Norton AntiVirus.


Go ahead and run Kapersky again after deleting the files in Quarantine--Kapersky should not find any infected files. Let me know the results.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Nellie2 » November 5th, 2006, 11:59 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: wannabeageek and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware