0

Hey, I came home last night and I went on the internet. After like a minute I got a error box saying

Server Busy

This action cannot be completed because the other program is busy. Choose 'Switch To' to activate the busy program and correct the problem.

buttons: [Switch To...] [Retry] [Cancel] (grayed out)


any help?

3
Contributors
13
Replies
14
Views
8 Years
Discussion Span
Last Post by jholland1964
0

Very possible the server was busy at the time. If too many users are on at once the server could reach it's limits. Does this happen often? What were you doing at the time? How are you connected to the internet?

0

At the time I came home and got on the internet. Then I got the error box. Since then it has happened often, normally when I let the comp go idle. I come back and there are several pop ups open with internet explorer. Not sure what you mean by connected to the internet but I'm using comcast highspeed internet.

0

Just websites random ones. There was a youtube window that opened, a website on travel , another on buying things. I can list them if they start popping up again

0

Think you better begin some clean ups....
Do the following:
Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Finally download HiJackThis.
Run a Full system scan and save the log.
Post back here with the MBA-M log, the ESET Scanner log and the HiJackThis log, in that order.

0

Malwarebytes' Anti-Malware 1.31
Database version: 1500
Windows 5.1.2600 Service Pack 3

12/14/2008 3:20:43 PM
mbam-log-2008-12-14 (15-20-43).txt

Scan type: Full Scan (F:\|)
Objects scanned: 83525
Time elapsed: 52 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 8
Registry Keys Infected: 21
Registry Values Infected: 3
Registry Data Items Infected: 11
Folders Infected: 3
Files Infected: 24

Memory Processes Infected:
F:\Program Files\GetModule\GetModule32.exe (Adware.Agent) -> Unloaded process successfully.

Memory Modules Infected:
F:\WINDOWS\system32\cgkjvpqd.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\tuvTmmMC.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\gupupehi.dll (Trojan.Vundo) -> Delete on reboot.
F:\WINDOWS\system32\rogiwofi.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\foyuroke.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\damireke.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\iifCTjIX.dll (Trojan.Vundo) -> Delete on reboot.
F:\WINDOWS\system32\vaxagi.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c567edd6-1857-4b6e-ab10-b7f98e8ca5ce} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c567edd6-1857-4b6e-ab10-b7f98e8ca5ce} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d86d8383-9cde-45e2-b0e0-5a40ce9af01f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d86d8383-9cde-45e2-b0e0-5a40ce9af01f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{839476c3-cfbd-497b-8bec-4584736f3cdf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{839476c3-cfbd-497b-8bec-4584736f3cdf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{839476c3-cfbd-497b-8bec-4584736f3cdf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifctjix (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d86d8383-9cde-45e2-b0e0-5a40ce9af01f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c567edd6-1857-4b6e-ab10-b7f98e8ca5ce} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\000000af (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mojuyomoju (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule32 (Adware.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: f:\windows\system32\tuvtmmmc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: f:\windows\system32\gupupehi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: f:\windows\system32\gupupehi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\gupupehi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: f:\windows\system32\rogiwofi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: f:\windows\system32\rogiwofi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\rogiwofi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: f:\windows\system32\foyuroke.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: f:\windows\system32\foyuroke.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\foyuroke.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: f:\windows\system32\tuvtmmmc -> Delete on reboot.

Folders Infected:
F:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
F:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
F:\Documents and Settings\jackie\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
F:\WINDOWS\system32\tuvTmmMC.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\CMmmTvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\CMmmTvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\vaxagi.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\cgkjvpqd.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\dqpvjkgc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\damireke.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\rogiwofi.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\gupupehi.dll (Trojan.Vundo) -> Delete on reboot.
F:\WINDOWS\system32\foyuroke.dll (Trojan.Vundo.H) -> Delete on reboot.
F:\WINDOWS\system32\iifCTjIX.dll (Trojan.Vundo) -> Delete on reboot.
F:\Program Files\GetModule\GetModule32.exe (Adware.Agent) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{E36E2AFB-8406-48D8-90E6-C0FF7B8686BE}\RP534\A0153055.dll (Trojan.Agent) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{E36E2AFB-8406-48D8-90E6-C0FF7B8686BE}\RP535\A0153059.exe (Adware.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\ewtptiiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\nepovefe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\nowowise.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\wosibeli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\wpv771229211116.cpx (Adware.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
F:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
F:\Documents and Settings\jackie\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
F:\Documents and Settings\jackie\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
F:\Documents and Settings\jackie\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3691 (20081214)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=a0d8c94e6a7d0643bf776314c3f75a3d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-14 09:43:38
# local_time=2008-12-14 04:43:38 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=162148
# found=0
# scan_time=2596


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:31 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\jackie\Desktop\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] F:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] F:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] F:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [mojuyomoju] Rundll32.exe "F:\WINDOWS\system32\damireke.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mojuyomoju] Rundll32.exe "F:\WINDOWS\system32\damireke.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170974568265
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O20 - AppInit_DLLs: vaxagi.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7523 bytes

0

The problem seemed to have stopped but now I'm getting a security center alert from windows fire wall the window is saying

Name: win32.netsky.Q
Risk level: high
Description: Neysky.Q is a worm Trojan program that records keystrokes and takes screen shots of the computer, stealing personal financial information.

the buttons are

-keep blocking (grayed out and not selectable)
- unblock ( grayed out and not selectable)
- Enable protection ( I can press this button)

When I click enable protection it sends me here
http://www.defender-review.com/?a=112

Is this the solution and should I download this?

0

Alright,

Try this,

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Cohen

0

ComboFix 08-12-15.04 - jackie 2008-12-15 23:39:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.624 [GMT -5:00]
Running from: f:\documents and settings\jackie\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\jackie\Application Data\Google\fhexj6825097.exe
f:\documents and settings\jackie\Application Data\Google\mjkdpl.dll
f:\documents and settings\jackie\Favorites\Download programs.url
f:\documents and settings\jackie\Favorites\Games.url
f:\documents and settings\jackie\Favorites\Translator.url
f:\documents and settings\jackie\Favorites\Videos.url
f:\documents and settings\jackie\Start Menu\Programs\Download programs.url
f:\documents and settings\jackie\Start Menu\Programs\Games.url
f:\documents and settings\jackie\Start Menu\Programs\Translator.url
f:\documents and settings\jackie\Start Menu\Programs\Videos.url
f:\windows\Downloaded Program Files\setup.inf
f:\windows\system32\drivers\svchost.exe
f:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-15 10:21 . 2008-12-15 10:21 49,152 --a------ f:\documents and settings\jackie\Application Data\upd.exe
2008-12-14 15:31 . 2008-12-14 16:43 <DIR> d-------- f:\program files\EsetOnlineScanner
2008-12-14 14:22 . 2008-12-14 14:22 <DIR> d-------- f:\program files\Malwarebytes' Anti-Malware
2008-12-14 14:22 . 2008-12-14 14:22 <DIR> d-------- f:\documents and settings\jackie\Application Data\Malwarebytes
2008-12-14 14:22 . 2008-12-14 14:22 <DIR> d-------- f:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 14:22 . 2008-12-03 19:52 38,496 --a------ f:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 14:22 . 2008-12-03 19:52 15,504 --a------ f:\windows\system32\drivers\mbam.sys
2008-12-14 13:33 . 2008-12-14 13:33 <DIR> d-------- f:\documents and settings\jackie\Application Data\Uniblue
2008-12-14 13:31 . 2008-12-14 13:42 <DIR> d--h-c--- f:\documents and settings\All Users\Application Data\~0
2008-11-17 21:58 . 2008-11-23 16:59 <DIR> d-------- f:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 04:37 --------- d---a-w f:\documents and settings\All Users\Application Data\TEMP
2008-12-16 03:03 --------- d-----w f:\documents and settings\jackie\Application Data\uTorrent
2008-12-15 09:24 --------- d-----w f:\program files\Spyware Doctor
2008-12-13 17:21 --------- d-----w f:\program files\Diablo II
2008-11-12 01:02 --------- d-----w f:\program files\Common Files\Blizzard Entertainment
2008-11-02 03:08 --------- d-----w f:\documents and settings\jackie\Application Data\Viewpoint
2008-11-02 01:52 --------- d--h--w f:\program files\InstallShield Installation Information
2008-11-02 01:31 --------- d-----w f:\program files\MSBuild
2008-11-02 01:28 --------- d-----w f:\program files\Reference Assemblies
2008-10-31 22:58 --------- d-----w f:\program files\DAEMON Tools Toolbar
2008-10-31 22:58 --------- d-----w f:\program files\DAEMON Tools Lite
2008-10-31 22:54 717,296 ----a-w f:\windows\system32\drivers\sptd.sys
2008-10-31 22:54 --------- d-----w f:\documents and settings\jackie\Application Data\DAEMON Tools
2008-10-24 11:21 455,296 ----a-w f:\windows\system32\drivers\mrxsmb.sys
2008-08-13 02:01 32,768 -csha-w f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="f:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"AdobeUpdater"="f:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"DAEMON Tools Lite"="f:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="f:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"vptray"="f:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"SSBkgdUpdate"="f:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="f:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="f:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="f:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="f:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="f:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"SunJavaUpdateSched"="f:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 f:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vaxagi.dll

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=f:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2005-05-12 21:05 344064 f:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-07-22 02:00 81920 f:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"f:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-enUS-downloader.exe"=
"f:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"f:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"f:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"f:\\Program Files\\LimeWire\\LimeWire.exe"=
"f:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"f:\program files\Viewpoint\Common\ViewpointService.exe" [2008-01-22 24652]
S3 sdAuxService;PC Tools Auxiliary Service;f:\program files\Spyware Doctor\pctsAuxs.exe [2008-04-02 747912]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-12 f:\windows\Tasks\Norton Security Scan.job
- f:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - f:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-windpipe - f:\documents and settings\jackie\Application Data\Google\fhexj6825097.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/index.php?rvs=hompag
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\jackie\Application Data\Mozilla\Firefox\Profiles\2zpdjzjy.default\
FF - prefs.js: browser.startup.homepage - w.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: f:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: f:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 23:43:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
f:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\ati2evxx.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
f:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
f:\windows\system32\ati2evxx.exe
f:\program files\Brother\ControlCenter3\BrccMCtl.exe
f:\program files\Brother\Brmfcmon\BrMfcMon.exe
f:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-15 23:45:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-16 04:44:56

Pre-Run: 67,299,553,280 bytes free
Post-Run: 67,332,468,736 bytes free

164 --- E O F --- 2008-12-14 18:02:32


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:46 PM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Brother\ControlCenter3\brccMCtl.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
F:\Program Files\DAEMON Tools Lite\daemon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\jackie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] F:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] F:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170974568265
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O20 - AppInit_DLLs: vaxagi.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6949 bytes

0

Alright, how is your PC now???

Is it better??? still have any problems???

Thanks,

Cohen

0

Still an unknown entry showing in HJT log which should be fixed:

Run HJT again and place a check mark next to the one below.
O20 - AppInit_DLLs: vaxagi.dll

When you have placed this check mark then click the Fix Checked button.
Exit HJT.
Reboot, run a new HJT scan and post the log.
Judy

0

its been fine ever since the last two logs combo fix and the new hjt thanks so much!!! ill mark as solved

0

Still an unknown entry showing in HJT log which should be fixed:

Run HJT again and place a check mark next to the one below.
O20 - AppInit_DLLs: vaxagi.dll

When you have placed this check mark then click the Fix Checked button.
Exit HJT.
Reboot, run a new HJT scan and post the log.
Judy

Did you complete the request above?
I need to see a new HJT log.
Judy

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.