943,948 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Viruses and Spyware Help Needed
Ad:
Permalink
Dec 3rd, 2007
0

Viruses and Spyware Help Needed

Expand Post »
I recently started having big problems. When I start my computer, I get 2 messages almost immediately

"services.exe - Bad Image" and "lmass.exe - Bad Image"

Both including the same message...

"The application or DLL C:\WINNT\system32\append.dll is not a valid Windows image. Please check this against your installation diskette."

I get several other of the same messages as the start up continues. Anytime I try to run a program after startup, I get the same message regarding that program..."iexplore.exe - Bad Image," "Hijack This.exe - Bad Image," etc...

I've tried running some virus and spyware sweepers, but no luck. Can anyone help me? Thanks in advance.

Here are my AVG scan report and Hijack This log...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:27 2007-12-03

+ Scan result:



C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002087.dll -> Adware.Adstart : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002088.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\Program Files\AutoUpdate -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\AutoUpdate\libexpat.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001182.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001183.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001184.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001185.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001178.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001179.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002016.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\7C0DD2B1-9103-4BE1-8F47-16467C\29D4D50C-312D-4006-90AF-DDB274 -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002086.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~239064.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~248483.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249168.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249205.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~249245.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~280090.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~325454.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~330030.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339105.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339255.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339381.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339506.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339571.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~339631.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~345747.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~346342.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~355863.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~362447.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~363453.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372354.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372430.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372496.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372554.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372606.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372646.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~372818.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~374586.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375663.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375921.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~375984.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376035.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376076.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376168.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~376277.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383472.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383828.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419325.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~423436.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489196.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489241.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~489942.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~633062.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~774260.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~779693.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~873761.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~926839.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~928950.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\7072AE43-5D2E-4D36-97AB-6080D7 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\9FF387BD-4071-41D1-A564-B37101 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\A16D4060-0D29-46FA-B157-8D5B1C -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3562A1D7-E310-4E47-A853-D21F65\C4415EA3-6C55-4BB4-80E2-AEE61A -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\50791341-753E-490A-B0F4-3B9CAE -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\5F3D3C00-E5FB-4BB8-87AE-C4EF51 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B9BA7E3-A88B-4718-9FB8-26C8AA\76A7F209-79CC-434D-B55F-5B7CBC -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB984125-EBF3-4038-9EBE-B62076\4480DFD0-4F70-4122-8B7E-891B92 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB984125-EBF3-4038-9EBE-B62076\EDC02DA4-E8E9-4F4C-B6F7-FA8768 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\C9F8D8D3-4F32-4807-8F7D-81958B\F5CDC9FB-BE66-4CB9-BA72-674CF6 -> Adware.Wintol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002089.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002090.exe -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002091.dll -> Adware.WurldMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002028.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\Program Files\WinAble\winable.exe -> Downloader.Adload.ni : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002022.exe -> Downloader.Agent.bkw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002079.exe -> Downloader.Agent.erf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\printer.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000006.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000007.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000008.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0000009.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001021.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001022.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001023.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001024.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002018.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002019.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002020.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002031.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002036.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002037.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002038.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002080.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002101.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002104.exe -> Downloader.Agent.fag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UZYG03OD\l3[1] -> Downloader.Agent.fv : Cleaned with backup (quarantined).
C:\2C.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\4.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002027.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002023.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002024.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002029.exe -> Downloader.Small.cpg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002103.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\system32\agh.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\wodejat4444.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\Outlook Express\wodejat83122.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\Program Files\TTC.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002092.dll -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\_dGhyZXc2YXJfbWEz__a2V5aW4_.exe -> Not-A-Virus.Hoax.Win32.Renos.pf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0001180.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@onetoone.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@findwhat[2].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Inet-cash : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@info[2].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@web.info[1].txt -> TrackingCookie.Info : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.457:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ylsqg939.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002081.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002082.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002083.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002084.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002085.dll -> Trojan.Obfuscated.lf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002025.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP1\A0002026.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34, on 2007-12-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\rundll32.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\NOTEDAD.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINNT\System32\msiexec.exe
C:\WINNT\System32\MsiExec.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49B424C9-D1D9-4858-BD8C-C88136551AFD} - C:\Program Files\Outlook Express\wodejat83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: (no name) - {935FCB4E-7A37-44F4-953A-962E8F027214} - C:\Program Files\Outlook Express\wodejat4444.dll (file missing)
O2 - BHO: 0 - {AC44819F-AC10-4316-248B-825D839B35A9} - C:\Program Files\WindowsUpdate\bapucoven112.dll (file missing)
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINNT\system32\qomllmm.dll (file missing)
O2 - BHO: (no name) - {E4AEF346-17F8-367C-D227-4BE603840EC7} - C:\WINNT\system32\ckqbg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [rundll32app] C:\WINNT\rundll32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Laxkmbd] "C:\Program Files\Common Files\F?nts\logonui.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\COMMON~1\FNTS~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINNT\System32\spoolvs.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://hq-notesmail05.ita.doc.gov/iNotes6W.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINNT\system32\append.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qomllmm - qomllmm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\fsoxyqiprum.html

--
End of file - 7663 bytes
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sbarron2000 is offline Offline
3 posts
since Dec 2007
Permalink
Dec 7th, 2007
0

Re: Viruses and Spyware Help Needed

I have the same issue on a computer - I have looked for the error message on Google but only found your entry. Have you managed to solve the problem?
Also - in Control Panel when trying to to Add/Remove programs it does not work in my case.
I have run Spybot and cleaned 160 issues - and am currently running a full virus scan.
Reputation Points: 10
Solved Threads: 1
Newbie Poster
richardtate is offline Offline
2 posts
since Dec 2007
Permalink
Dec 7th, 2007
0

Re: Viruses and Spyware Help Needed

sbarron2000. Hi and welcome to Daniweb forums .

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,164 posts
since Feb 2004
Permalink
Dec 7th, 2007
0

Re: Viruses and Spyware Help Needed

Click to Expand / Collapse  Quote originally posted by richardtate ...
I have the same issue on a computer - I have looked for the error message on Google but only found your entry. Have you managed to solve the problem?
Also - in Control Panel when trying to to Add/Remove programs it does not work in my case.
I have run Spybot and cleaned 160 issues - and am currently running a full virus scan.
Hi and welcome to Daniweb forums .

Please start your own thread stating the problems you are having. Read through the sticky threads at the top of this forum and follow the instructions found there.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,164 posts
since Feb 2004
Permalink
Dec 7th, 2007
0

Re: Viruses and Spyware Help Needed

Thanks, crunchie. I was a little surprised that I couldn't find more people with the same problem on the web. Usually when I hit a snag, I can find 50 threads and websites explaining how to resolve the issue. Anyway, yesterday I finally just I gave up and reformatted.

Hopefully richardtate starts his own thread and there can be a record of this issue being resolved.

Thanks again,
sbarron2000
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sbarron2000 is offline Offline
3 posts
since Dec 2007

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Message: "...Restrictions in effect..."
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: C:\windows\system32\append.dll is not a valid Windows image





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC