Results of VundoFix and latest HijackThis log
Ok, let's get this PC clean! Many thanks in advance for your help...
Here is the VundoFix log. I got the reboot message but over that I did have a Registry Editor window with the following message: 'Cannot import C:\\VundoFix.reg: Error opening the file. There may be a disk or file system error. I closed that window and clicked OK on reboot.
Anyway, here's the VundoFix log:
VundoFix V6.3.9
Checking Java version...
Sun Java not detected
Scan started at 6:29:00 PM 2/20/2007
Listing files found while scanning....
C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINNT\system32\awtqrro.dll
C:\WINNT\system32\awtsqrq.dll
C:\WINNT\system32\cbxxxus.dll
C:\WINNT\system32\dfhkj.bak1
C:\WINNT\system32\dfhkj.bak2
C:\WINNT\system32\dfhkj.ini
C:\WINNT\system32\dfhkj.ini2
C:\WINNT\system32\dfhkj.tmp
C:\WINNT\system32\jkhfd.dll
C:\WINNT\system32\ujnavfls.dll
C:\WINNT\system32\wvuvsrr.dll
Beginning removal...
Attempting to delete C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\administrator\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\WINNT\system32\awtqrro.dll
C:\WINNT\system32\awtqrro.dll Has been deleted!
Attempting to delete C:\WINNT\system32\awtsqrq.dll
C:\WINNT\system32\awtsqrq.dll Has been deleted!
Attempting to delete C:\WINNT\system32\cbxxxus.dll
C:\WINNT\system32\cbxxxus.dll Has been deleted!
Attempting to delete C:\WINNT\system32\dfhkj.bak1
C:\WINNT\system32\dfhkj.bak1 Has been deleted!
Attempting to delete C:\WINNT\system32\dfhkj.bak2
C:\WINNT\system32\dfhkj.bak2 Has been deleted!
Attempting to delete C:\WINNT\system32\dfhkj.ini
C:\WINNT\system32\dfhkj.ini Has been deleted!
Attempting to delete C:\WINNT\system32\dfhkj.ini2
C:\WINNT\system32\dfhkj.ini2 Has been deleted!
Attempting to delete C:\WINNT\system32\dfhkj.tmp
C:\WINNT\system32\dfhkj.tmp Has been deleted!
Attempting to delete C:\WINNT\system32\jkhfd.dll
C:\WINNT\system32\jkhfd.dll Has been deleted!
Attempting to delete C:\WINNT\system32\ujnavfls.dll
C:\WINNT\system32\ujnavfls.dll Has been deleted!
Attempting to delete C:\WINNT\system32\wvuvsrr.dll
C:\WINNT\system32\wvuvsrr.dll Has been deleted!
Performing Repairs to the registry.
Done!
And here are the results of HijackThis scan run after VundoFix.exe was run:
Logfile of HijackThis v1.99.1
Scan saved at 8:05:03 PM, on 2/20/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis\Scanner.exe.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://sr009rd/opsreporter/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80
R3 - URLSearchHook: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {873E6CE5-4F6A-4C4A-B918-A2352F2EC6BB} - C:\WINNT\system32\jkhfd.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINNT\system32\awtqrro.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINNT\system32\ujnavfls.dll (file missing)
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Chinese Keyword - {5D73EE86-05F1-49ed-B850-E423120EC338} -
http://assistant.3721.com/index.htm (file missing)
O9 - Extra button: (no name) - {BF1F4A1A-BDCD-43ac-9D17-261D2C197AB8} -
http://assistant.3721.com/uninstall.htm (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -
http://assistant.3721.com/security1.htm (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -
http://assistant.3721.com/security1.htm (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -
http://assistant.3721.com/clean1.htm (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -
http://assistant.3721.com/clean1.htm (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=http://sr009rd/opsreporter/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = internal.sungard.corp
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: OracleOra9ias_homeClientCache - Unknown owner - C:\ora9ias\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe