View Full Version : PLEASE help, I'm New & confused
MrsLynam
2007-04-13, 03:55
I've spent hours reading your forum, trying misc. things such as Vundo, HJT and spybot...not to mention McAfee's. I have Fgilm.ini, Mljgf.dll, vtuutss.dll on my computer. Vundo deleted about 10 others, but CAN'T get rid of these.
I'm not the brightest crayon in the box, but I can handle any instructions you give (kind'a ...lol).
Should I give you my original HJT log or should I delete it and give you a new one?
Please help & Thank you in advance.
MrsLynam
2007-04-13, 04:04
Logfile of HijackThis v1.99.1
Scan saved at 6:36:55 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\flsravsi.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Hi MrsLynam
Rename HijackThis.exe to scanner.exe and post back a fresh HijackThis log, please :)
MrsLynam
2007-04-13, 21:28
Shaba, Thank you for your help. I wanted to let you know that no matter how many times I try, I CAN'T bootup in "Safe mode".
Here's the HJT file & Thank you again.
Logfile of HijackThis v1.99.1
Scan saved at 2:25:21 PM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02A1D035-F07F-4A7B-8FDF-F8171A2B4709} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\vtuutss.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\flsravsi.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll
O20 - Winlogon Notify: vtuutss - C:\WINDOWS\SYSTEM32\vtuutss.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Hi
We'll check that safe mode issue a bit later :)
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
MrsLynam
2007-04-14, 23:54
Logfile of HijackThis v1.99.1
Scan saved at 4:41:38 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\vtuutss.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AD9AF502-752C-47FD-803B-830C37637E34} - C:\WINDOWS\system32\mljgf.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\flsravsi.dll",setvm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll
O20 - Winlogon Notify: vtuutss - C:\WINDOWS\SYSTEM32\vtuutss.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
[B][I][U]VundoFix
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\vtuutss.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\vtuutss.dll
C:\WINDOWS\system32\vtuutss.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\vtuutss.dll
C:\WINDOWS\system32\vtuutss.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Thank you for all of your help...;)
Hi
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
and save it to your desktop.
2. Go to start -> run.
type this in box and click ok
"%userprofile%\desktop\ComboFix.exe" /v mljgf vtuuts
3. When finished, it shall produce a log for you. Post that log in your next reply
4. Reboot
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
MrsLynam
2007-04-16, 02:15
-- C:\DOCUME~1\MONALY~1\APPLIC~1\Sun
2007-04-05 14:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-04-05 13:55 <DIR> d-------- C:\CloneDVDTemp
2007-04-05 13:44 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-04-05 13:32 <DIR> d-------- C:\Program Files\SlySoft
2007-04-04 22:59 <DIR> d-------- C:\DOCUME~1\MONALY~1\Incomplete
2007-04-04 22:46 <DIR> d-------- C:\DOCUME~1\MONALY~1\.limewire
2007-04-04 21:03 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 18:56 <DIR> d-------- C:\Program Files\Total Video Converter
2007-04-04 13:41 <DIR> d-------- C:\divx
2007-04-04 13:40 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\DivX
2007-04-04 12:39 56 -rahs---- C:\WINDOWS\system32\819E506783.sys
2007-04-04 12:39 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-04 12:39 <DIR> d-------- C:\Program Files\DivX
2007-04-03 21:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\55-85-oq-1r-48-n2
2007-04-01 15:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-03-29 10:14 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-03-29 10:14 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-03-29 10:14 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-03-29 10:14 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-03-29 10:14 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-03-29 10:14 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-03-29 10:14 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-03-29 10:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-27 00:55 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 00:55 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 00:55 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 00:55 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 00:49 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 00:49 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 00:49 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 00:49 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 00:49 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 00:49 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 00:49 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 00:49 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 00:48 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 00:48 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 00:48 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 00:48 639,066 --a------ C:\WINDOWS\system32\DivX.dll
2007-03-26 23:58 <DIR> d-------- C:\Program Files\DaisyWords
2007-03-26 21:22 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Beep Industries
2007-03-26 21:20 <DIR> d-------- C:\Program Files\GameHouse
2007-03-25 19:16 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\WNR
2007-03-22 19:27 <DIR> d-------- C:\Program Files\_ArcadeDownloadFolder
2007-03-21 22:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-21 22:42 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\vlc
2007-03-21 22:38 <DIR> d-------- C:\Program Files\VideoLAN
2007-03-21 17:01 4 --ah----- C:\WINDOWS\uccspecb.sys
2007-03-20 16:56 <DIR> d-------- C:\WINDOWS\Dora's Carnival Adventure
2007-03-19 22:16 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-19 20:51 <DIR> d-------- C:\Program Files\eBrainyGames
2007-03-18 21:49 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Nology
2007-03-18 20:20 <DIR> d-------- C:\Program Files\Oberon Media
2007-03-15 15:42 77,000 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-03-15 12:23 497,496 --a------ C:\WINDOWS\system32\XceedZip.dll
2007-03-15 12:19 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-15 17:09 -------- d-------- C:\Program Files\avpersonal
2007-04-15 12:43 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-15 11:48 -------- d-------- C:\Program Files\online services
2007-04-10 22:20 -------- d-------- C:\Program Files\_arcadedownloadfolder
2007-04-10 22:19 -------- d-------- C:\Program Files\wingowspoker98
2007-04-10 22:12 -------- d-------- C:\Program Files\wingowspoker
2007-04-10 22:12 -------- d-------- C:\Program Files\windows media connect 2
2007-04-10 21:53 -------- d-------- C:\Program Files\stomp
2007-04-10 21:47 -------- d-------- C:\Program Files\reflexivearcade
2007-04-10 20:07 -------- d-------- C:\Program Files\real
2007-04-10 20:06 -------- d-------- C:\Program Files\microsoft carioca rummy
2007-04-10 20:06 -------- d-------- C:\Program Files\lexmark x74-x75
2007-04-10 19:40 -------- d-------- C:\Program Files\java
2007-04-10 19:39 -------- d-------- C:\Program Files\google
2007-04-10 19:34 -------- d-------- C:\Program Files\bfg
2007-04-10 18:51 700416 --a------ C:\StubInstaller.exe
2007-04-05 23:17 -------- d-------- C:\Program Files\Common Files\real
2007-04-05 22:17 -------- d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\lavasoft
2007-03-27 00:55 36624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-04 19:31 3084 --a------ C:\WINDOWS\system32\x.dat
2007-02-28 21:55 -------- d-------- C:\Program Files\Common Files\java
2007-02-28 21:26 -------- d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\kazaa lite
2007-02-28 16:05 86016 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-02-28 13:56 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-15 18:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-15 17:56 11984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2007-02-06 23:14 80 -rahs---- C:\WINDOWS\system32\819e506783.dll
2007-01-29 22:33 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-01-27 23:04 592 --a------ C:\WINDOWS\chgkey.vbs
2007-01-27 21:54 774144 --a------ C:\Program Files\rnginterstitial.dll
2007-01-26 23:57 0 -rahs---- C:\MSDOS.SYS
2007-01-26 23:57 0 -rahs---- C:\IO.SYS
2007-01-26 23:57 0 --a------ C:\CONFIG.SYS
2007-01-26 23:57 0 --a------ C:\AUTOEXEC.BAT
2007-01-26 15:33 62 --ahs---- C:\DOCUME~1\MONALY~1\APPLIC~1\desktop.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
@=""
"BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"Lexmark X74-X75"="\"C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ShStatEXE"="\"C:\\Program Files\\McAfee\\VirusScan Enterprise\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe\" /StartedFromRunKey"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{68218620-3D65-43F6-AD47-D38D84B5412A}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuutss
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-15 17:28:17
C:\ComboFix-quarantined-files.txt ... 07-04-15 17:28
07-03-05 15:38 3065 --a------ C:\Qoobox\Quarantine\Program Files\Common Files\{84AC9~3\system.dll.lzma.vir
07-03-05 15:48 3065 --a------ C:\Qoobox\Quarantine\Program Files\Common Files\{84AC9~2\system.dll.lzma.vir
07-04-07 17:50 22 --a------ C:\Qoobox\Quarantine\Program Files\outlook\p.zip.vir
07-04-11 21:54 280676 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\mljgf.dll.vir
07-04-14 22:45 1870975 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\fgjlm.tmp.vir
07-04-15 00:08 1896883 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\fgjlm.ini.vir
07-04-15 17:10 1896943 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\fgjlm.ini2.vir
Folder PATH listing
Volume serial number is 84AC-9087
C:\QOOBOX
\---Quarantine
+---Program Files
| +---Common Files
| | +---{84AC9~2
| | | system.dll.lzma.vir
| | |
| | \---{84AC9~3
| | system.dll.lzma.vir
| |
| \---outlook
| p.zip.vir
|
+---Registry_backups
\---WINDOWS
\---system32
fgjlm.ini.vir
fgjlm.ini2.vir
fgjlm.tmp.vir
mljgf.dll.vir
HJT
Logfile of HijackThis v1.99.1
Scan saved at 7:13:26 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {68218620-3D65-43F6-AD47-D38D84B5412A} - C:\WINDOWS\system32\vtuutss.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: vtuutss - C:\WINDOWS\SYSTEM32\vtuutss.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Hi
Please re-run combofix like this:
"%userprofile%\desktop\ComboFix.exe" /v vtuutss
When finished, it shall produce a log for you. Post that log in your next reply
Reboot
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
MrsLynam
2007-04-17, 01:20
"MLynam" - 07-04-16 16:52:30 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\MLynam\desktop"
Command switches used :: /v vtuutss
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\vtuutss.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-03-16 to 2007-04-16 ))))))))))))))))))))))))))))))))))
2007-04-15 21:37 48,708 --a------ C:\WINDOWS\system32\wbldbfxb.dll
2007-04-15 21:37 280,676 ---hs---- C:\WINDOWS\system32\iifeb.dll
2007-04-15 21:37 123,972 --a------ C:\WINDOWS\system32\jvjsuvqv.dll
2007-04-15 21:37 1,363,869 ---hs---- C:\WINDOWS\system32\befii.bak1
2007-04-15 13:11 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-15 12:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-15 12:38 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-04-15 12:33 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-15 12:33 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-12 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-12 15:10 <DIR> d-------- C:\VundoFix Backups
2007-04-12 14:00 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\RecordNow MAX Wizard
2007-04-11 22:33 131,072 --a------ C:\WINDOWS\system32\datestamp.dll
2007-04-11 22:21 <DIR> d-------- C:\Program Files\FBM Software
2007-04-11 21:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-04-11 21:30 <DIR> d-------- C:\Program Files\Security Task Manager
2007-04-10 18:51 <DIR> d-------- C:\QUARANTINE
2007-04-10 18:39 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-04-10 18:39 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-04-10 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-10 18:38 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-10 18:38 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-04-10 18:38 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-04-10 18:38 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-10 18:38 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-10 18:35 <DIR> d-------- C:\Program Files\McAfee
2007-04-10 18:35 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-04-10 15:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-09 21:29 <DIR> d-------- C:\WINDOWS\uninstall
2007-04-09 20:51 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-08 23:38 <DIR> d-------- C:\{8001807E-0000-0000-9BBA-104992C36D50}
2007-04-08 20:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-04-07 15:59 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-07 15:54 <DIR> d-------- C:\DOCUME~1\MONALY~1\.housecall6.6
2007-04-06 08:14 <DIR> d-------- C:\Program Files\DVD Shrink
2007-04-06 08:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-05 23:32 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-05 23:32 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-05 23:32 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-04-05 23:32 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-04-05 23:32 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-04-05 23:18 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-04-05 23:10 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Real
2007-04-05 23:06 <DIR> d-------- C:\My Downloads
2007-04-05 21:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-05 21:44 <DIR> d-------- C:\Program Files\Lavasoft Ad-Aware
2007-04-05 21:23 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-04-05 21:23 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-04-05 21:23 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-04-05 21:23 16,877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-04-05 21:20 522,682 --a------ C:\WINDOWS\system\aspi_471a2.exe
2007-04-05 21:20 <DIR> d-------- C:\adaptec
2007-04-05 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-04-05 19:59 3,932,160 --a------ C:\DOCUME~1\MONALY~1\ntuser.dat
2007-04-05 19:45 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\SlySoft
2007-04-05 19:27 <DIR> d-------- C:\Program Files\LiveUpdate
2007-04-05 19:26 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-05 17:40 <DIR> d-------- C:\WINDOWS\Sun
2007-04-05 17:40 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Sun
2007-04-05 14:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-04-05 13:55 <DIR> d-------- C:\CloneDVDTemp
2007-04-05 13:44 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-04-05 13:32 <DIR> d-------- C:\Program Files\SlySoft
2007-04-04 22:59 <DIR> d-------- C:\DOCUME~1\MONALY~1\Incomplete
2007-04-04 22:46 <DIR> d-------- C:\DOCUME~1\MONALY~1\.limewire
2007-04-04 21:03 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 18:56 <DIR> d-------- C:\Program Files\Total Video Converter
2007-04-04 13:41 <DIR> d-------- C:\divx
2007-04-04 13:40 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\DivX
2007-04-04 12:39 56 -rahs---- C:\WINDOWS\system32\819E506783.sys
2007-04-04 12:39 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-04 12:39 <DIR> d-------- C:\Program Files\DivX
2007-04-03 21:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\55-85-oq-1r-48-n2
2007-04-01 15:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-03-29 10:14 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-03-29 10:14 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-03-29 10:14 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-03-29 10:14 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-03-29 10:14 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-03-29 10:14 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-03-29 10:14 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-03-29 10:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-27 00:55 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 00:55 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 00:55 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 00:55 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 00:49 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 00:49 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 00:49 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 00:49 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 00:49 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 00:49 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 00:49 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 00:49 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 00:48 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 00:48 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 00:48 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 00:48 639,066 --a------ C:\WINDOWS\system32\DivX.dll
2007-03-26 23:58 <DIR> d-------- C:\Program Files\DaisyWords
2007-03-26 21:22 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Beep Industries
2007-03-26 21:20 <DIR> d-------- C:\Program Files\GameHouse
2007-03-25 19:16 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\WNR
2007-03-22 19:27 <DIR> d-------- C:\Program Files\_ArcadeDownloadFolder
2007-03-21 22:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-21 22:42 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\vlc
2007-03-21 22:38 <DIR> d-------- C:\Program Files\VideoLAN
2007-03-21 17:01 4 --ah----- C:\WINDOWS\uccspecb.sys
2007-03-20 16:56 <DIR> d-------- C:\WINDOWS\Dora's Carnival Adventure
2007-03-19 22:16 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-19 20:51 <DIR> d-------- C:\Program Files\eBrainyGames
2007-03-18 21:49 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Nology
2007-03-18 20:20 <DIR> d-------- C:\Program Files\Oberon Media
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-15 17:09 -------- d-------- C:\Program Files\avpersonal
2007-04-15 12:43 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-15 11:48 -------- d-------- C:\Program Files\online services
2007-04-10 22:20 -------- d-------- C:\Program Files\_arcadedownloadfolder
2007-04-10 22:19 -------- d-------- C:\Program Files\wingowspoker98
2007-04-10 22:12 -------- d-------- C:\Program Files\wingowspoker
2007-04-10 22:12 -------- d-------- C:\Program Files\windows media connect 2
2007-04-10 21:53 -------- d-------- C:\Program Files\stomp
2007-04-10 21:47 -------- d-------- C:\Program Files\reflexivearcade
2007-04-10 20:07 -------- d-------- C:\Program Files\real
2007-04-10 20:06 -------- d-------- C:\Program Files\microsoft carioca rummy
2007-04-10 20:06 -------- d-------- C:\Program Files\lexmark x74-x75
2007-04-10 19:40 -------- d-------- C:\Program Files\java
2007-04-10 19:39 -------- d-------- C:\Program Files\google
2007-04-10 19:34 -------- d-------- C:\Program Files\bfg
2007-04-10 18:51 700416 --a------ C:\StubInstaller.exe
2007-04-05 23:17 -------- d-------- C:\Program Files\Common Files\real
2007-04-05 22:17 -------- d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\lavasoft
2007-03-27 00:55 36624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-15 15:42 77000 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-04 19:31 3084 --a------ C:\WINDOWS\system32\x.dat
2007-02-28 21:55 -------- d-------- C:\Program Files\Common Files\java
2007-02-28 21:26 -------- d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\kazaa lite
2007-02-28 16:05 86016 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-02-28 13:56 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-15 18:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-06 23:14 80 -rahs---- C:\WINDOWS\system32\819e506783.dll
2007-01-29 22:33 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-01-27 23:04 592 --a------ C:\WINDOWS\chgkey.vbs
2007-01-27 21:54 774144 --a------ C:\Program Files\rnginterstitial.dll
2007-01-26 23:57 0 -rahs---- C:\MSDOS.SYS
2007-01-26 23:57 0 -rahs---- C:\IO.SYS
2007-01-26 23:57 0 --a------ C:\CONFIG.SYS
2007-01-26 23:57 0 --a------ C:\AUTOEXEC.BAT
2007-01-26 15:33 62 --ahs---- C:\DOCUME~1\MONALY~1\APPLIC~1\desktop.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
@=""
"BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"Lexmark X74-X75"="\"C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ShStatEXE"="\"C:\\Program Files\\McAfee\\VirusScan Enterprise\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe\" /StartedFromRunKey"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifeb
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-16 17:11:50
C:\ComboFix-quarantined-files.txt ... 07-04-16 17:11
_________________________________________________________________
Combofix Quarantined Text
_________________________________________________________________
07-03-05 15:38 3065 --a------ C:\Qoobox\Quarantine\Program Files\Common Files\{84AC9~3\system.dll.lzma.vir
07-03-05 15:48 3065 --a------ C:\Qoobox\Quarantine\Program Files\Common Files\{84AC9~2\system.dll.lzma.vir
07-04-07 17:50 22 --a------ C:\Qoobox\Quarantine\Program Files\outlook\p.zip.vir
07-04-11 21:54 280676 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\mljgf.dll.vir
07-04-11 23:47 26694 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\vtuutss.dll.vir
07-04-14 22:45 1870975 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\fgjlm.tmp.vir
07-04-15 00:08 1896883 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\fgjlm.ini.vir
07-04-15 17:10 1896943 --a------ C:\Qoobox\Quarantine\WINDOWS\system32\fgjlm.ini2.vir
Folder PATH listing
Volume serial number is 84AC-9087
C:\QOOBOX
\---Quarantine
+---Program Files
| +---Common Files
| | +---{84AC9~2
| | | system.dll.lzma.vir
| | |
| | \---{84AC9~3
| | system.dll.lzma.vir
| |
| \---outlook
| p.zip.vir
|
+---Registry_backups
\---WINDOWS
\---system32
fgjlm.ini.vir
fgjlm.ini2.vir
fgjlm.tmp.vir
mljgf.dll.vir
vtuutss.dll.vir
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
MrsLynam
2007-04-17, 01:22
HJT
Logfile of HijackThis v1.99.1
Scan saved at 5:58:31 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4269250C-B0BA-4927-B21D-8C5144292124} - C:\WINDOWS\system32\iifeb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\wbldbfxb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: iifeb - C:\WINDOWS\system32\iifeb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Hi
This is going to probably be a long process because vundo seems to mutate :sad:
Let's try this final time, next time something else if it doesn't work.
Please re-run combofix like this:
"%userprofile%\desktop\ComboFix.exe" /v iifeb
When finished, it shall produce a log for you. Post that log in your next reply
Reboot
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Delete these:
C:\WINDOWS\system32\wbldbfxb.dlll
C:\WINDOWS\system32\jvjsuvqv.dll
Empty Recycle Bin
Post:
- a fresh HijackThis log
- combofix report
MrsLynam
2007-04-17, 23:24
"Mona Lynam" - 07-04-17 14:53:53 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Mona Lynam\desktop"
Command switches used :: /v iifeb
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\befii.bak1
C:\WINDOWS\system32\befii.ini
C:\WINDOWS\system32\befii.tmp
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-03-17 to 2007-04-17 ))))))))))))))))))))))))))))))))))
2007-04-16 21:03 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Prevx
2007-04-16 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-04-16 20:58 77,312 --a------ C:\WINDOWS\ua2.dll
2007-04-16 19:56 <DIR> d-------- C:\Program Files\InCode Solutions
2007-04-15 13:11 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-15 12:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-15 12:38 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-04-15 12:33 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-15 12:33 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-12 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-12 15:10 <DIR> d-------- C:\VundoFix Backups
2007-04-12 14:00 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\RecordNow MAX Wizard
2007-04-11 22:33 131,072 --a------ C:\WINDOWS\system32\datestamp.dll
2007-04-11 21:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-04-11 21:30 <DIR> d-------- C:\Program Files\Security Task Manager
2007-04-10 18:51 <DIR> d-------- C:\QUARANTINE
2007-04-10 18:39 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-04-10 18:39 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-04-10 18:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-04-10 18:38 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-10 18:38 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-04-10 18:38 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-04-10 18:38 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-10 18:38 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-10 18:35 <DIR> d-------- C:\Program Files\McAfee
2007-04-10 18:35 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-04-10 15:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-09 21:29 <DIR> d-------- C:\WINDOWS\uninstall
2007-04-09 20:51 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-08 23:38 <DIR> d-------- C:\{8001807E-0000-0000-9BBA-104992C36D50}
2007-04-08 20:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-04-07 15:59 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-06 08:14 <DIR> d-------- C:\Program Files\DVD Shrink
2007-04-06 08:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-05 23:32 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-05 23:32 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-05 23:32 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-04-05 23:32 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-04-05 23:32 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-04-05 23:18 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-04-05 23:10 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Real
2007-04-05 23:06 <DIR> d-------- C:\My Downloads
2007-04-05 21:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-05 21:44 <DIR> d-------- C:\Program Files\Lavasoft Ad-Aware
2007-04-05 21:23 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-04-05 21:23 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-04-05 21:23 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-04-05 21:23 16,877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-04-05 21:20 522,682 --a------ C:\WINDOWS\system\aspi_471a2.exe
2007-04-05 21:20 <DIR> d-------- C:\adaptec
2007-04-05 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-04-05 19:59 3,932,160 --a------ C:\DOCUME~1\MONALY~1\ntuser.dat
2007-04-05 19:45 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\SlySoft
2007-04-05 19:27 <DIR> d-------- C:\Program Files\LiveUpdate
2007-04-05 19:26 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-05 17:40 <DIR> d-------- C:\WINDOWS\Sun
2007-04-05 17:40 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Sun
2007-04-05 14:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-04-05 13:55 <DIR> d-------- C:\CloneDVDTemp
2007-04-05 13:44 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-04-05 13:32 <DIR> d-------- C:\Program Files\SlySoft
2007-04-04 22:59 <DIR> d-------- C:\DOCUME~1\MONALY~1\Incomplete
2007-04-04 22:46 <DIR> d-------- C:\DOCUME~1\MONALY~1\.limewire
2007-04-04 21:03 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 18:56 <DIR> d-------- C:\Program Files\Total Video Converter
2007-04-04 13:41 <DIR> d-------- C:\divx
2007-04-04 13:40 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\DivX
2007-04-04 12:39 56 -rahs---- C:\WINDOWS\system32\819E506783.sys
2007-04-04 12:39 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-04 12:39 <DIR> d-------- C:\Program Files\DivX
2007-04-03 21:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\55-85-oq-1r-48-n2
2007-04-01 15:27 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-03-29 10:14 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-03-29 10:14 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-03-29 10:14 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-03-29 10:14 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-03-29 10:14 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-03-29 10:14 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-03-29 10:14 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-03-29 10:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-27 00:55 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 00:55 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 00:55 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 00:55 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 00:49 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 00:49 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 00:49 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 00:49 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 00:49 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 00:49 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 00:49 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 00:49 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 00:48 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 00:48 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 00:48 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 00:48 639,066 --a------ C:\WINDOWS\system32\DivX.dll
2007-03-26 23:58 <DIR> d-------- C:\Program Files\DaisyWords
2007-03-26 21:22 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Beep Industries
2007-03-26 21:20 <DIR> d-------- C:\Program Files\GameHouse
2007-03-25 19:16 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\WNR
2007-03-22 19:27 <DIR> d-------- C:\Program Files\_ArcadeDownloadFolder
2007-03-21 22:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-21 22:42 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\vlc
2007-03-21 22:38 <DIR> d-------- C:\Program Files\VideoLAN
2007-03-21 17:01 4 --ah----- C:\WINDOWS\uccspecb.sys
2007-03-20 16:56 <DIR> d-------- C:\WINDOWS\Dora's Carnival Adventure
2007-03-19 22:16 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-19 20:51 <DIR> d-------- C:\Program Files\eBrainyGames
2007-03-18 21:49 <DIR> d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\Nology
2007-03-18 20:20 <DIR> d-------- C:\Program Files\Oberon Media
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-17 15:01 -------- d-------- C:\Program Files\avpersonal
2007-04-15 12:43 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-15 11:48 -------- d-------- C:\Program Files\online services
2007-04-10 22:20 -------- d-------- C:\Program Files\_arcadedownloadfolder
2007-04-10 22:19 -------- d-------- C:\Program Files\wingowspoker98
2007-04-10 22:12 -------- d-------- C:\Program Files\wingowspoker
2007-04-10 22:12 -------- d-------- C:\Program Files\windows media connect 2
2007-04-10 21:53 -------- d-------- C:\Program Files\stomp
2007-04-10 21:47 -------- d-------- C:\Program Files\reflexivearcade
2007-04-10 20:07 -------- d-------- C:\Program Files\real
2007-04-10 20:06 -------- d-------- C:\Program Files\microsoft carioca rummy
2007-04-10 20:06 -------- d-------- C:\Program Files\lexmark x74-x75
2007-04-10 19:40 -------- d-------- C:\Program Files\java
2007-04-10 19:39 -------- d-------- C:\Program Files\google
2007-04-10 19:34 -------- d-------- C:\Program Files\bfg
2007-04-10 18:51 700416 --a------ C:\StubInstaller.exe
2007-04-05 23:17 -------- d-------- C:\Program Files\Common Files\real
2007-04-05 22:17 -------- d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\lavasoft
2007-03-27 00:55 36624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-15 15:42 77000 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-04 19:31 3084 --a------ C:\WINDOWS\system32\x.dat
2007-02-28 21:55 -------- d-------- C:\Program Files\Common Files\java
2007-02-28 21:26 -------- d-------- C:\DOCUME~1\MONALY~1\APPLIC~1\kazaa lite
2007-02-28 16:05 86016 --a------ C:\WINDOWS\system32\elbycdio.dll
2007-02-28 13:56 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-02-15 18:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-06 23:14 80 -rahs---- C:\WINDOWS\system32\819e506783.dll
2007-01-29 22:33 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-01-27 23:04 592 --a------ C:\WINDOWS\chgkey.vbs
2007-01-27 21:54 774144 --a------ C:\Program Files\rnginterstitial.dll
2007-01-26 23:57 0 -rahs---- C:\MSDOS.SYS
2007-01-26 23:57 0 -rahs---- C:\IO.SYS
2007-01-26 23:57 0 --a------ C:\CONFIG.SYS
2007-01-26 23:57 0 --a------ C:\AUTOEXEC.BAT
2007-01-26 15:33 62 --ahs---- C:\DOCUME~1\MONALY~1\APPLIC~1\desktop.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
@=""
"BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVGCtrl"="\"C:\\Program Files\\AVPersonal\\AVGNT.EXE\" /min"
"Lexmark X74-X75"="\"C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ShStatEXE"="\"C:\\Program Files\\McAfee\\VirusScan Enterprise\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe\" /StartedFromRunKey"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifeb
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-17 15:09:40
C:\ComboFix-quarantined-files.txt ... 07-04-17 15:09
_________________________________________________________________
HJT
_______
Logfile of HijackThis v1.99.1
Scan saved at 3:15:19 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E43495CB-C08D-42C6-B8A5-68E0F9FC1E1A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: iifeb - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
MrsLynam
2007-04-18, 02:06
Shaba, I'm not sure, but I think that the're gone. Please check & see if I'm overlooking something.
Thank you,
M
Logfile of HijackThis v1.99.1
Scan saved at 6:59:17 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E43495CB-C08D-42C6-B8A5-68E0F9FC1E1A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\RunOnce: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe /install_sequence key="" name="" email=""
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: iifeb - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
Hi
Yes, it looks very good :)
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {E43495CB-C08D-42C6-B8A5-68E0F9FC1E1A} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O20 - Winlogon Notify: iifeb - C:\WINDOWS\
Close all windows including browser and press fix checked.
Reboot
Run a scan with panda activescan and save report.
Post:
- a fresh HijackThis log
- panda report
MrsLynam
2007-04-18, 23:05
Logfile of HijackThis v1.99.1
Scan saved at 3:59:40 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: International*
O15 - Trusted Zone: http://onecare.live.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
[B][I][U]Panda Scan
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\gtuadqxm.dll.q_804BE44_q
Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\ukrohrxi.dll.q_804BE44_q
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mona Lynam\Desktop\VundoFix\process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mona Lynam\Desktop\VundoFix.exe[process.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ptsbioxf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\sbcnsiuu.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\tidavgbp.dll.bad
Hi
Empty these folders:
C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\VundoFix Backups\
Empty Recycle Bin
Re-run panda
Post:
- a fresh HijackThis log
- panda report
MrsLynam
2007-04-21, 00:49
Logfile of HijackThis v1.99.1
Scan saved at 5:45:13 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://onecare.live.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
Incident Status Location
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mona Lynam\Desktop\VundoFix\process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mona Lynam\Desktop\VundoFix.exe[process.exe] :bigthumb:
Hi
Logs look good :)
However, you're running two antiviruses, AntiVir and F-prot. Are both up-to-date?
MrsLynam
2007-04-24, 02:14
Hi Shaba, Sorry to take so long getting back to you. I'm still having "sluggish" problems with my pc, but I've been busy trying to delete stuff from my computer I don't need / want. My only anti -v is "Antivir" now. I updated it, but I think it deleted a file Panda was trying to D/L to me, because now, Panda won't initiate scan. I tried, but Antivir popped up a "Virus found" on the Panda site & now Panda won't work for me. Also, when I start I.E7, it takes about 5-10 sec to come up. Any suggestions? Thanks for ALL that you've done for / with me.
Logfile of HijackThis v1.99.1
Scan saved at 6:35:38 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://wc.floridacitizensbank.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://onecare.live.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/UnileverAll/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
Hi
For general slowness, see here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Did it help?
Glad we could help, as the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.