Command Service help

**fidelis** · 2006-10-27, 01:38

Allright, so, here's everything I believe I need.

It said the panda scan was too long so I attached it, hope that's okay.

heres the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:29:36 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Update.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1159855070\ee\aolsoftware.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\kill the bugs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {5E66ECAE-776E-7C9A-1E65-2EC79E73B395} - (no file)
R3 - URLSearchHook: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\xxyyaxv.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rmufebdh.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

**pskelley** · 2006-10-27, 15:37

Welcome to the forum, if your issues are not resolved, and you want me to try to help, please make sure you read and follow all directions. I will number the order we need to complete them in.

1) "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288

Please do not ask us to download or unzip the logs.
If they are too long for one post just make as many posts to your topic as necessary.

Post all logs as instructed, I will not open attachments from an infected machine.

2) Turn off TeaTimer until we are finished, it will block changes we must make.
http://russelltexas.com/malware/teatimer.htm

3) Follow the instruction here, make sure you run the fix until all files located by it have been deleted. Then post the Vundofix log.
Thanks to Atribune and any others who helped with this fix.

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

4) Thanks to sUBs and anyone who helped with this fix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

5) Make sure to restart, then post the Vundofix report, combofix log and a new HJT log.

Thanks

**fidelis** · 2006-10-27, 17:13

Thanks for the help!

Vundo Log

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 6:06:58 PM 10/26/2006

Listing files found while scanning....

C:\WINDOWS\system32\aaegrxj.dll
C:\WINDOWS\system32\byxvvus.dll
C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\jkkkjhf.dll
C:\WINDOWS\system32\ksrpmje.dll
C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\pqqrase.dll
C:\WINDOWS\system32\rmufebdh.dll
C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\xxyyaxv.dll
C:\WINDOWS\system32\odlfqvhp.exe
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aaegrxj.dll
C:\WINDOWS\system32\aaegrxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvvus.dll
C:\WINDOWS\system32\byxvvus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\ikrfind.dll Has been deleted!

Combofix Log
Sam - 06-10-27 11:05:01.68 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Sam\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Sam\Application Data\Dxcuknwrd.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\misc002
C:\Program Files\PrintView
C:\WINDOWS\system32\components
C:\WINDOWS\system32\crunner
C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}
C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Sam\My Documents\STEM~1
C:\QooBox\Purity\Documents and Settings\Sam\My Documents\STEM~1\scanregw.exe
C:\QooBox\Purity\Documents and Settings\Sam\My Documents\STEM~1\??stem
C:\QooBox\Purity\Program Files\Common Files\STEM~1
C:\QooBox\Purity\Program Files\Common Files\TSKS~1
C:\QooBox\Purity\Program Files\Common Files\STEM~1\?canregw_exe.vir
C:\QooBox\Purity\WINDOWS\MCROSO~1.NET

((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))

2006-10-26 13:14 131,072 --a------ C:\WINDOWS\system32\mejfurf.dll
2006-10-25 16:29 93,696 --a------ C:\WINDOWS\system32\cijlbtc.dll
2006-10-19 21:44 67,604 --a------ C:\WINDOWS\system32\sqxiurvt.exe
2006-10-19 15:02 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-10-18 18:46 94,208 --a------ C:\WINDOWS\system32\vikhzl.dll
2006-10-16 12:45 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-16 12:45 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-14 23:37 32,768 --a------ C:\WINDOWS\unstall.exe
2006-10-14 23:36 25,105 --a------ C:\WINDOWS\idlemg.exe
2006-10-14 23:36 139,264 --a------ C:\WINDOWS\MirarSetup_876057.exe
2006-10-14 23:35 433,632 --a------ C:\WINDOWS\hancerdoem.exe
2006-10-14 23:35 2,560 --a------ C:\WINDOWS\ac3_0002.exe
2006-10-11 08:27 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-10-11 08:27 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2006-10-11 08:27 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2006-10-11 08:27 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2006-10-11 08:27 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-10-11 08:20 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
2006-10-11 08:20 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
2006-10-09 22:35 299,520 --a------ C:\WINDOWS\uninst.exe
2006-10-06 22:57 142 --a------ C:\WINDOWS\ncedr.dll
2006-10-06 22:30 46,452 --a------ C:\WINDOWS\elitepop06.exe
2006-10-06 22:30 433,632 --a------ C:\WINDOWS\hanceremm.exe
2006-10-06 22:30 217,346 --a------ C:\WINDOWS\Setup90.exe
2006-10-06 22:30 1,233 --a------ C:\WINDOWS\system32\yce70091.sys
2006-10-06 18:11 65,536 --a------ C:\WINDOWS\system32\Winwcd.dll
2006-10-01 23:00 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-30 16:48 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-30 15:51 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-30 15:51 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-09-30 15:51 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-30 03:39 5,127,800 --a------ C:\Firefox Setup 1.5.0.7.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-27 11:06 -------- d-------- C:\Program Files\Common Files
2006-10-27 11:00 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-27 01:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\uTorrent
2006-10-26 18:44 -------- d-------- C:\Program Files\WinRAR
2006-10-26 18:38 -------- d-------- C:\Program Files\Internet Explorer
2006-10-26 18:38 -------- d-------- C:\Program Files\Google
2006-10-26 18:38 -------- d-------- C:\Program Files\Dell Support
2006-10-26 14:46 -------- d---s---- C:\Documents and Settings\Sam\Application Data\Microsoft
2006-10-25 17:51 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-25 17:51 -------- d-------- C:\Program Files\Ubisoft
2006-10-22 00:32 -------- d-------- C:\Documents and Settings\Sam\Application Data\MySpace
2006-10-22 00:31 -------- d-------- C:\Program Files\MySpace
2006-10-21 23:35 -------- d-------- C:\Program Files\CDisplay
2006-10-20 23:05 -------- d-------- C:\Program Files\Planetwide Games
2006-10-19 16:20 -------- d-------- C:\Program Files\Combined Community Codec Pack
2006-10-15 16:17 -------- d-------- C:\Program Files\Dell
2006-10-15 14:37 -------- d-------- C:\Documents and Settings\Sam\Application Data\Talkback
2006-10-15 09:43 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-12 00:07 -------- d-------- C:\Program Files\Valve
2006-10-09 22:36 -------- d-------- C:\Program Files\LucasArts
2006-10-09 18:16 -------- d--h----- C:\Program Files\Common Files\cloader
2006-10-08 01:26 -------- d-------- C:\Documents and Settings\Sam\Application Data\Apple Computer
2006-10-07 18:33 12528 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-07 14:03 -------- d-------- C:\Documents and Settings\Sam\Application Data\Lavasoft
2006-10-07 14:02 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 01:39 -------- d-------- C:\Documents and Settings\Sam\Application Data\Help
2006-10-07 01:36 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sun
2006-10-06 20:56 -------- d-------- C:\Documents and Settings\Sam\Application Data\PC Tools
2006-10-05 17:34 -------- d-------- C:\Documents and Settings\Sam\Application Data\AdobeUM
2006-10-04 14:13 -------- d-------- C:\Program Files\AVI Codec Pack
2006-10-04 14:11 -------- d-------- C:\Program Files\AVIcodec
2006-10-03 22:15 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sony
2006-10-03 22:15 -------- d-------- C:\Documents and Settings\Sam\Application Data\Publish Providers
2006-10-03 22:07 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-03 22:05 -------- d-------- C:\Program Files\Vstplugins
2006-10-03 22:05 -------- d-------- C:\Program Files\Sony
2006-10-03 21:53 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sony Setup
2006-10-03 13:27 -------- d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2006-10-03 01:59 -------- d-------- C:\Documents and Settings\Sam\Application Data\acccore
2006-10-03 01:57 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-03 01:57 -------- d-------- C:\Documents and Settings\Sam\Application Data\Mozilla
2006-10-02 00:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-01 23:03 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-01 23:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-30 18:21 -------- d-------- C:\Documents and Settings\Sam\Application Data\CoreCodec
2006-09-30 16:38 -------- d-------- C:\Program Files\Haali
2006-09-30 16:38 -------- d-------- C:\Program Files\CoreCodec
2006-09-30 16:08 -------- d-------- C:\Program Files\iTunes
2006-09-30 16:08 -------- d-------- C:\Program Files\iPod
2006-09-30 16:07 -------- d-------- C:\Program Files\QuickTime
2006-09-30 16:05 -------- d-------- C:\Program Files\Apple Software Update
2006-09-30 04:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2006-09-22 10:38 53248 --a------ C:\WINDOWS\109uninst.exe
2006-09-22 10:36 53248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-19 16:08 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-09-19 16:07 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-09-19 16:07 -------- d-------- C:\Program Files\Microsoft Small Business
2006-09-19 16:07 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-09-19 16:03 -------- d--h----- C:\Documents and Settings\Sam\Application Data\Gtek
2006-09-19 16:01 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-19 16:01 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-19 16:01 -------- d-------- C:\Program Files\Microsoft Office
2006-09-19 16:01 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-19 16:01 -------- d-------- C:\Program Files\Common Files\System
2006-09-19 16:01 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-19 16:00 -------- d-------- C:\Program Files\Microsoft Works
2006-09-19 16:00 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-19 16:00 -------- d-------- C:\Program Files\Adobe
2006-09-19 15:54 -------- d-------- C:\Program Files\Corel Corporation
2006-09-19 15:51 -------- d-------- C:\Program Files\MUSICMATCH
2006-09-19 15:49 -------- d-------- C:\Program Files\Symantec
2006-09-19 15:49 -------- d-------- C:\Documents and Settings\Sam\Application Data\Symantec
2006-09-19 15:48 -------- d-------- C:\Program Files\Sonic
2006-09-19 15:48 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-09-19 15:48 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-19 15:47 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-09-19 15:47 -------- d-------- C:\Program Files\Viewpoint
2006-09-19 15:47 -------- d-------- C:\Program Files\Real
2006-09-19 15:47 -------- d-------- C:\Program Files\Common Files\Real
2006-09-19 15:47 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-19 15:45 -------- d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2006-09-19 15:45 -------- d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2006-09-19 15:45 -------- d-------- C:\Program Files\Common Files\TiVo Shared
2006-09-19 15:44 -------- d-------- C:\Program Files\Windows Media Player
2006-09-19 15:43 -------- d-------- C:\Program Files\NetWaiting
2006-09-19 15:43 -------- d-------- C:\Program Files\Modem Helper
2006-09-19 15:43 -------- d-------- C:\Program Files\CyberLink
2006-09-19 15:41 -------- d-------- C:\Program Files\CONEXANT
2006-09-19 15:40 -------- d-------- C:\Program Files\Sigmatel
2006-09-19 15:39 17056 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-09-19 15:39 -------- d-------- C:\Program Files\Intel, Inc
2006-09-19 15:39 -------- d-------- C:\Program Files\Broadcom
2006-09-19 15:39 -------- d-------- C:\Documents and Settings\Sam\Application Data\Intel
2006-09-19 15:38 -------- d-------- C:\Program Files\Synaptics
2006-09-19 15:38 -------- d-------- C:\Program Files\Outlook Express
2006-09-19 15:38 -------- d-------- C:\Program Files\Intel
2006-09-19 15:36 -------- d-------- C:\Program Files\Messenger
2006-09-19 15:35 -------- d-------- C:\Program Files\Java
2006-09-19 15:35 -------- d-------- C:\Program Files\Common Files\Java
2006-09-19 15:14 49152 --a------ C:\WINDOWS\setpwrcg.exe
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Sen"="\"C:\\DOCUME~1\\Sam\\MYDOCU~1\\STEM~1\\scanregw.exe\" -vt yazb"
"Cyxxo"="C:\\Program Files\\Common Files\\??stem\\?canregw.exe"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0E24427B-DF2A-40EB-980B-A819F5FF3DD0}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyaxv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-10-27 11:06:53.23
C:\ComboFix.txt ... 06-10-27 11:06

**fidelis** · 2006-10-27, 17:15

*continued*

HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 11:14:35 AM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\AOL\1159855070\ee\aolsoftware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\kill the bugs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {5E66ECAE-776E-7C9A-1E65-2EC79E73B395} - (no file)
R3 - URLSearchHook: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\xxyyaxv.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rmufebdh.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

**fidelis** · 2006-10-27, 17:16

And here are the results of that Panda Scan

Logfile of HijackThis v1.99.1
Scan saved at 11:14:35 AM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\AOL\1159855070\ee\aolsoftware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\kill the bugs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {5E66ECAE-776E-7C9A-1E65-2EC79E73B395} - (no file)
R3 - URLSearchHook: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\xxyyaxv.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rmufebdh.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

**fidelis** · 2006-10-27, 17:17

Panda continued

Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sam\Cookies\sam@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sam\Cookies\sam@atwola[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Sam\Cookies\sam@searchportal.information[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Sam\Cookies\sam@stats1.reliablestats[2].txt
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b103.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b104.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b111.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b116.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b122.exe[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b122.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b123.exe[wni.exe][installer.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b123.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b124.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b126.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\i388.tmp
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\mitFC7.tmp
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\mitFC7.tmp.cab
Spyware:Spyware/Here4search Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\mst5C.tmp
Adware:Adware/Adservice Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\mst67.tmp
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\NNBar_VCSetup_876057.exe
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\sa1D.exe[Spy-Quake2.exe]
Adware:Adware/UltimateCleaner Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\tinst26.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\win60.tmp.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\6LWPEFMZ\122[1].net[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\6LWPEFMZ\122[1].net[²ÜÇ\nsRandom.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\KDCFSDQ5\111[1].net
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\WX0FKLQP\104[1].net[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\WX0FKLQP\104[1].net[²ÜÇ\nsRandom.dll]
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\Sam\My Documents\Programs\Beetle Bomp + Serpengo+ Bone Out from Boneville + Zuma Deluxe + Lemonade Tycoon 2 [found with kelforum.com ].rar[Creatures The Albian Years PC Game [by PeerFactor.fr].exe]
Possible Virus. Not disinfected C:\Documents and Settings\Sam\My Documents\??stem\scanregw.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\Common Files\misc002\DXC.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\Activate.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\MyToolBar.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\services.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\Uninst.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Activate.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\MyToolBar.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Uninst.exe
Possible Virus. Renamed C:\Program Files\Common Files\??stem\?canregw.exe
Adware:Adware/PrintView Not disinfected C:\Program Files\PrintView\printhook030.dll
Adware:Adware/PrintView Not disinfected C:\Program Files\PrintView\pvmodule.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\byxvvus.dll.bad
Possible Virus. Not disinfected C:\VundoFix Backups\jkkjh.dll.bad

**fidelis** · 2006-10-27, 17:18

Shoot, I totally posted the HJT logfile as the first part of the panda scan and it won't let me edit the post. Sorry, here's what I was supposed to put.

Incident Status Location

Adware:Adware/PrintView Not disinfected C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Services.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Update.exe
Adware:adware/mirar Not disinfected c:\windows\system32\WinNB58.dll
Spyware:spyware/media-motor Not disinfected c:\windows\unstall.exe
Adware:adware/commad Not disinfected Windows Registry
Possible Virus. Not disinfected C:\dell\Utilities\DSR\demo\DEMO.EXE
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.com.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.go.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[stats.drivecleaner.com/]

**fidelis** · 2006-10-27, 17:19

Last part of panda, sorry about the confusion above.

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jkkkjhf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nnnmnkl.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\odlfqvhp.exe.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\rmufebdh.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ssqopqn.dll.bad
Spyware:Spyware/Here4search Not disinfected C:\VundoFix Backups\winrkp32.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xxyyaxv.dll.bad
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\ac3_0002.exe
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whiehlpr.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hanceremm.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hanceremm.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hanceremm.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hanceremm.exe[whCC-GIANT3.exe][whiehlpr.dll]
Adware:Adware/ISearch Not disinfected C:\WINDOWS\idlemg.exe
Adware:Adware/Mirar Not disinfected C:\WINDOWS\MirarSetup_876057.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe[Sos28.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe[TagASaurus.exe]
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\crunner\cproc.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\crunner\cupdater.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\sqxiurvt.exe
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst12A.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst164.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst61.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mstA8.tmp
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\winE5.tmp.exe

Thanks for your time!

**pskelley** · 2006-10-27, 18:02

Could you post the complete Vundofix report, you cut it off early and I can't tell if it completed removal.

Thanks

Yeah...it's a mess, you ought to be on this end of it :o(

**fidelis** · 2006-10-27, 18:07

Sorry, didn't see that.

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 6:06:58 PM 10/26/2006

Listing files found while scanning....

C:\WINDOWS\system32\aaegrxj.dll
C:\WINDOWS\system32\byxvvus.dll
C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\jkkkjhf.dll
C:\WINDOWS\system32\ksrpmje.dll
C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\pqqrase.dll
C:\WINDOWS\system32\rmufebdh.dll
C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\xxyyaxv.dll
C:\WINDOWS\system32\odlfqvhp.exe
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aaegrxj.dll
C:\WINDOWS\system32\aaegrxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvvus.dll
C:\WINDOWS\system32\byxvvus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\ikrfind.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkkjhf.dll
C:\WINDOWS\system32\jkkkjhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ksrpmje.dll
C:\WINDOWS\system32\ksrpmje.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\nnnmnkl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqqrase.dll
C:\WINDOWS\system32\pqqrase.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rmufebdh.dll
C:\WINDOWS\system32\rmufebdh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\ssqopqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\winrkp32.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyyaxv.dll
C:\WINDOWS\system32\xxyyaxv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\odlfqvhp.exe
C:\WINDOWS\system32\odlfqvhp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xxyyaxv.dll
C:\WINDOWS\system32\xxyyaxv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 10:56:10 AM 10/27/2006

Listing files found while scanning....

No infected files were found.

Thread: Command Service help

Thread Tools

Display

Command Service help

Posting Permissions