Page 2 - vtwtm.dll/index.html#37049

Didn't mean to jump the gun on ya, boss. Here are the logs for about:Buster and hijackthis.

about:Buster
.dll File not found, Continuing fix
Removed! : C:\WINDOWS\cilxz.dat
Removed! : C:\WINDOWS\cvvyw.dat
Removed! : C:\WINDOWS\dcatw.dat
Removed! : C:\WINDOWS\flgcd.dat
Removed! : C:\WINDOWS\gdzjb.dat
Removed! : C:\WINDOWS\gique.dat
Removed! : C:\WINDOWS\jukni.dat
Removed! : C:\WINDOWS\lwblc.dat
Removed! : C:\WINDOWS\mhnqoq.dat
Removed! : C:\WINDOWS\mujhc.dat
Removed! : C:\WINDOWS\nhzwu.dat
Removed! : C:\WINDOWS\pzrfs.dat
Removed! : C:\WINDOWS\qqdha.dat
Removed! : C:\WINDOWS\tjzpt.dat
Removed! : C:\WINDOWS\tnihh.dat
Removed! : C:\WINDOWS\vsmve.dat
Removed! : C:\WINDOWS\vttea.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed __NS_Service_3 Key
Pages Reset... Done!

and hijackthis
Logfile of HijackThis v1.97.7
Scan saved at 1:39:05 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Helexis\Drive Health\dhcore.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CallWave\IAM.exe
C:\Documents and Settings\Bill Nxxxxxx\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

One more question to add to the post from yesterday, What's your feeling on System Restore? It's off now. Should it be turned on or left off until I want to create a restore point then turn it back off? billn

You are clean! Credit goes to RubberDucky for the fix and many others who helped.

Yes, turn on System Restore now that you are clean.

Why didn't Norton A/V pick any of these problems up on my regular scans?
I don't think Norton is picking up these types of infections.

Should I empty the C:\windows\avxoscan folder, with all the trojans the scan found?
This folder seems to be used by BitDefender. It's probably safe to delete. Here's BitDefender instructing people to delete the folder if they have problems with the scans:
http://www.bitdefender.com/knowledg...=77&language=en

What is the meaning of "unable to unpack" in one of the scans? Is that something to be concerned about in the future?
My best answer is a file or folder is being protected by Windows or it may be encrypted.

And yes, a cup of coffe sounds great! Thanks

Tom

Edited for typo

Hi Tom,
Tks to you and "RubberDucky" (and everyone else) for your help on my problem. It is appreciated. A prayer will be said for you guys tonight.

Billn..

Thanks!