Author Topic: Smartsecurity HJT scanlog (Read 2820 times)

funkandjazz · « **on:** April 06, 2005, 03:16:02 PM »

I am unable to rid my desktop of the smartsecurity red/black image, nor am i able to use the right-click feature on my desktop. Here is my HJT log from scan just completed:

Logfile of HijackThis v1.99.1
Scan saved at 1:10:17 PM, on 4/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mszx23.exe
C:\Program Files\IrfanView\I_VIEW32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

Please advise! What do I do now? Thanks very much.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

guestolo · « **Reply #1 on:** April 06, 2005, 07:18:01 PM »

Why is your log so small?

What have you fixed on your own
Please go into Hijackthis>>Open the View a list of Backups and Restore all backups

Post back with a fresh hijackthis log afterwards

funkandjazz · « **Reply #2 on:** April 06, 2005, 07:33:09 PM »

guestolo, thanks very much for your reply.

prior to finding this forum and seeking your help, i got advice from Microsoft tech support and also Hewlett Packard tech support. they advised me to run all my spyware/adware removal software and to run all my virus removal software. i did all this and much was removed. however, as i indicated, the smartsecurity screen still dominates my desktop and i have no right-click functionality on my desktop.

it was only at this point that i discovered this forum and i am doing my best to follow your instructions.

there are no backups listed in my HJT software, sorry.

i'm doing the best i can. please advise! here is my latest scan:

Logfile of HijackThis v1.99.1
Scan saved at 5:30:54 PM, on 4/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mszx23.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

guestolo · « **Reply #3 on:** April 06, 2005, 08:11:50 PM »

Let's try the following

Can you first create a fresh Restore point for me

Go to START>>All programs>>Accessories>>System Tools>>System Restore
Create a new Restore point
Name it and click Create

Something to fall back on and we don't want to undo any changes that you have done so far

=====Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, recylebin
Windows Cleanup
Install for now, don't run a scan yet

After you have done that
I need you too download and SAVE the following zip file and UNZIP it to a folder of your choice
So you will have fixdesktop.reg extracted in the folder
[attachment=119:attachment]
Ensure you unzip it, but don't run it yet

===Next: You show signs of Haxdoor infection

Download and UNZIP to a folder
HSFIX.zip
HSFix directory will be created
We'll need this later

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Please Print this out or save these instructions to a Notepad file in a folder of choice, so you can refer to this if needed
RESTART your Computer in SAFE MODE <--This is important

Double click on Fixdesktop.reg and allow to merge to the registry

Stay in Safe mode

Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Don't restart the computer or log off yet

===Navigate to the HSFix directory>>Open the folder, ensure you unzipped this
and double-click on HSFix.bat.
* It will produce a log file, located here: C:\hslog.txt. <--we'll need this later

Restart back to Normal mode
Do a fresh scan with Hijackthis and post the log and post the log from HSFix.bat>>C:\hslog.txt.

Guest · « **Reply #4 on:** April 06, 2005, 11:50:57 PM »

guestolo, you're amazing! you accomplished in a few simple instructions what "experts" at Microsoft and Hewlett Packard could not in hours of phone assistance. I'm grateful!

The nightmare red/black smartsecurity screen is gone and my righ-click functionality is back. Yay!

The only bad news is that a whole bunch of what was previously on my desktop is no longer there, and many of those files were of value to me:photos, documents, etc. what do you advise in terms of finding these missing items? is it possible they're gone for good?

anyway, here's the HJT log now:

Logfile of HijackThis v1.99.1
Scan saved at 9:47:15 PM, on 4/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\System32\mszx23.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

here's the hslog.txt:

Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
klogini.dll
p2.ini
ps.a3d
drct16.dll
mszx23.exe
w32tm.exe
-
4. Deleting files that were found.
-
unable to remove drct16.dll
unable to remove mszx23.exe
-
5. Checking for and Removing Winupdate
-
-
-

what do you suggest next? is there any way i can recover my previous full desktop?

thanks again!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

funkandjazz · « **Reply #5 on:** April 06, 2005, 11:52:31 PM »

that last message is from me. sorry, forgot to log in after the cleansweep.

guestolo · « **Reply #6 on:** April 07, 2005, 12:22:58 AM »

Let's back up a step
First go back and restore your computer to the last system restore point you made previously before this fix
I realize you may get the redblack screen again and the right click disability, but we'll fix that again

After the restart of the computer, we'll be back where we started, but I want to get rid of another infection first
Not to worry

Back in Windows, ensure you still have HSfix unzipped

Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it RKFiles
Download and UNZIP to that folder Rkfiles.zip>>Ensure you unzip this
[attachment=121:attachment]

Once that's done

Print the rest of this out or save too a notepad file

Restart into safe mode <--important

Make sure windows is set to show Hidden files and folders

Find and delete these files if found
C:\WINDOWS\System32\mszx23.exe <-file
C:\WINDOWS\SYSTEM32\drct16.dll <-file

Stay in safe mode
Open Hijackthis>>Open Misc tools section>>Open Process manager
Left click to Highlight and then kill this process if still running
C:\WINDOWS\System32\mszx23.exe

Do another scan with Hijackthis and put a check next to these entries that exist

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run HSfix.bat again

Next Navigate to where you unzipped Rkfiles.zip
Run Rkfiles.bat
Wait for the log to produce, by default it will be save too C:\log.txt

Restart back to Normal mode

Post back a fresh hijackthis log
The log again from HSFix.bat>>C:\hslog.txt
The log from Rkfiles.bat>>C:\log.txt

Could you also
Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the contents of the CODE box to notepad
In Notepad click FILE>>SAVE AS

Name the file as Export.bat

Code: [Select]

@echo off
regedit /e C:\temp.reg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
more C:\temp.reg >> C:\Display.txt
notepad C:\Display.txt
del /q c:\temp.reg
del /q C:\Display.txt

Double click Export.bat and copy and paste back the findings

EDIT>>The attachment didn't go through at first for Rkfiles.zip, I hope you see it now

guestolo · « **Reply #7 on:** April 07, 2005, 12:34:47 AM »

One question before you do the above, those icons on the desktop may have been shortcuts, can you find them on your hard drive
if you do a search for them?

Right click on them and send to desktop(Create shortcut)?

funkandjazz · « **Reply #8 on:** April 07, 2005, 12:42:38 AM »

forgive me if these are especially naive questions/concerns, please bear with me. i'm worried about attempting to restore to the day before the smartsecurity infection. after several hours of phone tech help last night, i was advised to attempt a system restore to the last good install date. i did this and it failed. i got an error message upon reboot that the system restore attempt was unsuccessful. i then ran a series of trojan/virus/spyware removal programs which identified numerous problem files, all of which i deleted/fixed. when i next tried to reboot, i got an immediate error message that a boot file had failed or was corrupted and it took Microsoft techs a couple hours rebuilding my CNG file before i could even reboot. SO, as you can imagine, i'm real skittish about taking any steps which could cause any of the above to happen again. is there any chance that following your instructions regarding system restore could cause me to have any of the trouble described above. that would not be good since it would mean i could not get online to get further assistance from you!

thanks!

p.s. as to the question you just asked, i did a search immediately for the most critical items (photos) that were in folders on my desktop, and i think i've found them. and yes, many of the missing desktop items were shortcuts (not so worried about that, can easily create them again). other missing items are files and folders. haven't yet searched for them all.

guestolo · « **Reply #9 on:** April 07, 2005, 12:54:58 AM »

I asked you to create a fresh restore point before doing the first set of instructions
I definitely don't want you to restore before we started any fixes

That's okay
Let me know If you can put a shortcut icon on the desktop now and if it sticks

But your log is still not clean

Can you carry on with the rest of the instructions with HSFix again
and Rkfiles
and running Hijackthis in safe mode

2 different infections all together

Can you also, before you restart into safe mode, do the following

1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Click the Customize Desktop button.
5. Click the Web tab in the Desktop Items window.
6. Make sure all checkboxes in this window are un-checked.
OK your way out

Remember, I need you to do this and running those fixes again in safe mode

funkandjazz · « **Reply #10 on:** April 07, 2005, 04:20:04 AM »

sorry, i misunderstood. yes, i did create a restore point before proceeding with any of your instructions, so all is well. i've printed out your instructions and will proceed in the morning, with follow-up results for you. thanks again!

funkandjazz · « **Reply #11 on:** April 07, 2005, 02:36:14 PM »

Ok, here's where things stand.

Due to my own irrational fears, I did not restore to the last system restore point.

I did this:

1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Click the Customize Desktop button.
5. Click the Web tab in the Desktop Items window.
6. Make sure all checkboxes in this window are un-checked.
OK your way out

Then I restarted in safe mode.

Then I located, but was UNable to delete these files:

C:\WINDOWS\System32\mszx23.exe <-file
C:\WINDOWS\SYSTEM32\drct16.dll <-file

I got a message that the files were being used by another process and therefore could NOT be deleted.

I was unsure exactly what to do at this point, but I elected to proceed with the rest of your instructions.

So, I did this:

Stay in safe mode
Open Hijackthis>>Open Misc tools section>>Open Process manager
Left click to Highlight and then kill this process if still running
C:\WINDOWS\System32\mszx23.exe

BUT-- that process did not show up at all in the list. I was therefore unable to kill it or do anything else with it.

So I proceeded to this:

Do another scan with Hijackthis and put a check next to these entries that exist

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

That all went fine.

I did all this:

Run HSfix.bat again

Next Navigate to where you unzipped Rkfiles.zip
Run Rkfiles.bat
Wait for the log to produce, by default it will be save too C:\log.txt

Restart back to Normal mode.

No problems there.

Here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:22:30 PM, on 4/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

Here's the new hslog.txt:

Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
klogini.dll
p2.ini
ps.a3d
drct16.dll
mszx23.exe
-
4. Deleting files that were found.
-
unable to remove ps.a3d
unable to remove drct16.dll
unable to remove mszx23.exe
-
5. Checking for and Removing Winupdate
-
-
-

Here's the log from RKfiles.bat:

C:\RKFiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\cpuinf32.dll: UPX!
C:\WINDOWS\system32\DefragH.exe: UPX!
C:\WINDOWS\system32\devil.dll: UPX!
C:\WINDOWS\system32\ilu.dll: UPX!
C:\WINDOWS\system32\ilut.dll: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: >UPX!t
C:\WINDOWS\system32\kl_upx.exe: t[hUPX!
C:\WINDOWS\system32\kl_upx.exe: MThUPX!PQ
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!t
C:\WINDOWS\system32\kl_upx.exe: hUPX!PQ
C:\WINDOWS\system32\kl_upx.exe: JMUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: JMUPX!
C:\WINDOWS\system32\kl_upx.exe: JMPDUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: JMPOUPX!
C:\WINDOWS\system32\kl_upx.exe: JMPDUPX!
C:\WINDOWS\system32\patin.cpl: UPX!
C:\WINDOWS\system32\rmme3260.dll: +F!f:G!fSG!fmG!f
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\uscscsi.dll: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye

Where do we stand now?

Thanks again.

guestolo · « **Reply #12 on:** April 08, 2005, 01:54:28 AM »

Please try one more time to restart into safe mode with windows set to Show Hidden files and folders
You must be in safe mode and disconnected from the Internet

Run HSFIx.bat again

Run Rkfiles.bat again<<You must be in safe mode

Restart back to normal mode and post a fresh hijackthis log
the log from hsfix.bat and the log from rkfiles.bat

funkandjazz · « **Reply #13 on:** April 08, 2005, 10:58:24 AM »

First, I failed to answer a previous question of yours. Yes, I am able to create shortcuts on my desktop and they do stick.

Now, I followed your most recent instructions. I shut off my DSL modem, restarted in safe mode, and ran HSFix.bat and RKfiles.bat.

Here are the latest logs:

Logfile of HijackThis v1.99.1
Scan saved at 8:53:40 AM, on 4/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
ps.a3d
drct16.dll
mszx23.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-

C:\RKFiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\cpuinf32.dll: UPX!
C:\WINDOWS\system32\DefragH.exe: UPX!
C:\WINDOWS\system32\devil.dll: UPX!
C:\WINDOWS\system32\ilu.dll: UPX!
C:\WINDOWS\system32\ilut.dll: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: >UPX!t
C:\WINDOWS\system32\kl_upx.exe: t[hUPX!
C:\WINDOWS\system32\kl_upx.exe: MThUPX!PQ
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!t
C:\WINDOWS\system32\kl_upx.exe: hUPX!PQ
C:\WINDOWS\system32\kl_upx.exe: JMUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: JMUPX!
C:\WINDOWS\system32\kl_upx.exe: JMPDUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: JMPOUPX!
C:\WINDOWS\system32\kl_upx.exe: JMPDUPX!
C:\WINDOWS\system32\patin.cpl: UPX!
C:\WINDOWS\system32\rmme3260.dll: +F!f:G!fSG!fmG!f
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\uscscsi.dll: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye

How are we doing?

Thanks!

guestolo · « **Reply #14 on:** April 08, 2005, 03:25:30 PM »

Looks like the Haxdoor infection is gone, but you still have some nasties indicated by RKFiles, not all are bad however

The next suggestion I have
I see no anti-Virus software running on your computer

Could you do the following please
If you have your own AV software, install it now, make sure it's fully updated and run a full system scan

If you don't have your own and need a free solution
I highly recommend that you download and install AVG free
from the link below
http://free.grisoft.com/doc/2/lng/us/tpl/v5

Scroll down and click on
AVG Free Edition installation files
File Version
avg70free_308a468.exe <-this link or similiar

Save the installer to desktop, double click to install and follow the prompts
Restart the computer if prompted
After installation, ensure you Check for updates>>> run a Full system scan, let it fix what it finds

Restart into safe mode afterwards and run RkFiles.bat again
restart back to Normal mode and post back one more Hijackthis log and the log from RKFiles.bat again

Let's see if AVG finds and cleans some of those files for you

funkandjazz · « **Reply #15 on:** April 09, 2005, 01:01:18 AM »

guestolo, thanks as always for your guidance. after reading your post, specifically your observation that I lack anti-virus software, a light bulb went off in my head. i actually do have anti-virus software installed: Panda AV Platinum. BUT, Microsoft phone tech support, as they tried to help me get rid of the smartsecurity infection, advised me to use msconfig to switch from "normal startup" to "selective startup" as a means to isolate the source of the infection. i never reverted to "normal startup." so, the boxes checked now for startup items are: Process SYSTEM.INI file and Process WIN.INI file. "Load system services" and "load startup items" are checked, but they're grayed out.

This is why my av software isn't showing up! I haven't been loading my normal startup items, including av software. ugh!

what do you suggest? is there any danger in now reverting to "normal startup"?

is this also the reason my HJT logs are so small?

i did download and run AVG software, did a full scan, and no viruses or other infections were detected.

i now realize the above msconfig information may have been crucial to your diagnosis of my situation. my apologies. i'd forgotten all about it.

please advise! and thanks again.

guestolo · « **Reply #16 on:** April 09, 2005, 01:08:43 AM »

Ahhh, yes, but do the following first

I didn't realize you had Panda's installed, you don't want to run 2 Anti-Virus software
if you could go to Msconfig and do a Normal startup
Don't restart when prompted, instead
Shut down AVG and uninstall it

Restart your computer

Back in Windows, ensure Panda is right up to date

Restart into safe mode
Run a full system scan>>let Panda's fix whatever it finds

Restart your computer after running the scan back into safe mode and run rkfiles.bat

Wait for the log

Restart back to Normal mode
and post the log from Rkfiles and a new Hijackthis log

funkandjazz · « **Reply #17 on:** April 09, 2005, 10:44:37 AM »

ok, here is what happened: i went to msconfig and selected normal startup. i did not restart immediately but rather shut down AVG and uninstalled it. i then updated Panda AV. i then attempted to restart the computer.

then: trouble!

my computer got stuck on the first blue screen that says "HP Invent" and i could not get past that screen. none of the F keys had any effect. so, after much frustration, i called HP tech support and they suggested that i might have a buildup of static electricity. they advised me to disconnect all the cables from my computer, then hold down the on/off button for 30 seconds or so, then restart. amazingly, it worked! whew!

i was then able to boot up into safe mode, start Panda and run a full system scan. Panda found no infections.

i then ran RKfiles.bat, restarted into normal mode, ran HJT, and here we are:

C:\RKFiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\cpuinf32.dll: UPX!
C:\WINDOWS\system32\DefragH.exe: UPX!
C:\WINDOWS\system32\devil.dll: UPX!
C:\WINDOWS\system32\ilu.dll: UPX!
C:\WINDOWS\system32\ilut.dll: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: >UPX!t
C:\WINDOWS\system32\kl_upx.exe: t[hUPX!
C:\WINDOWS\system32\kl_upx.exe: MThUPX!PQ
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: hUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!t
C:\WINDOWS\system32\kl_upx.exe: hUPX!PQ
C:\WINDOWS\system32\kl_upx.exe: JMUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: JMUPX!
C:\WINDOWS\system32\kl_upx.exe: JMPDUPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: UPX!u
C:\WINDOWS\system32\kl_upx.exe: JMPOUPX!
C:\WINDOWS\system32\kl_upx.exe: JMPDUPX!
C:\WINDOWS\system32\patin.cpl: UPX!
C:\WINDOWS\system32\rmme3260.dll: +F!f:G!fSG!fmG!f
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\uscscsi.dll: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye

Logfile of HijackThis v1.99.1
Scan saved at 8:33:18 AM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB002" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

What now?? Thanks again!

guestolo · « **Reply #18 on:** April 09, 2005, 11:09:42 AM »

Can you do me a favor please

Some of the files are legit from from RKFiles, but a few are probably nasties

Could you also go to this site please
Give this site time to load
Jotti's Online Malware scan

Use the browse button and navigate to this file on your hard disk
C:\WINDOWS\system32\kl_upx.exe <--this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please, just the scanner results

Can you scan these files too
C:\WINDOWS\uscscsi.dll
C:\WINDOWS\system32\cpuinf32.dll
C:\WINDOWS\system32\DefragH.exe
C:\WINDOWS\system32\devil.dll
C:\WINDOWS\system32\ilu.dll
C:\WINDOWS\system32\patin.cpl
C:\WINDOWS\system32\rmme3260.dll <--this one may be related to Realplayer
If the scanner shows inconclusive, could you right click on the file, left click properties
Version tab>>find what it's related too
Do this for any file found inconclusive

funkandjazz · « **Reply #19 on:** April 09, 2005, 06:27:20 PM »

scanner results for kl_upx.exe:

AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

then:

Service load: 0% 100%

File: uscscsi.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: UPX
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

description: Universal control library

then:

Service load: 0% 100%

File: cpuinf32.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: UPX
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

This is an unknown application extension

then:

Service load: 0% 100%

File: DefragH.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: UPX
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

Application: DefragH

next:

Service load: 0% 100%

File: devil.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: UPX
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

Description: DevIL: A portable image library in development from Abysmal Software

next:

Service load: 0% 100%

File: ilu.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: UPX
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

Description: ILU: A portable image library in development, Abysmal Software

next:

Service load: 0% 100%

File: patin.cpl
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: UPX
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

Description: Access layer configuration tool for VSO softwares, VSO software

next:

Service load: 0% 100%

File: rmme3260.dll
Status: OK
Packers detected: -
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

how are we doing?

News:

Author Topic: Smartsecurity HJT scanlog (Read 2820 times)

Guest