Hello there....I seem to have a problem. Spybot found the virtumonde on my pc & I found my way to the forum. So far I ran Vundofix & combofix - I'll post my combofix log below....I would appreciate any help.:eek:
_________________________________________________
ComboFix 07-07-30.2 - "bwebbe" 08/01/2007 13:40:15.1 [GMT -5:00] - NTFS
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.True


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\jkkjj.dll
C:\WINNT\system32\irhdqdws.dll
C:\WINNT\system32\swaixabg.dll
C:\WINNT\system32\yobjlvyk.dll
C:\WINNT\system32\yobjlvyk.dll
C:\WINNT\SYSTEM32\jjkkj.bak1
C:\WINNT\SYSTEM32\jjkkj.ini
C:\WINNT\system32\opnkkjh.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\fnts~1
C:\Program Files\fnts~1\dexplore.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\WINNT\system32\hlfnj.dll
C:\WINNT\system32\wcpisvit.exe


((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


2007-08-01 13:39 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-01 08:19 <DIR> d-------- C:\VundoFix Backups
2007-08-01 05:45 125,504 --a------ C:\WINNT\SYSTEM32\uluqytql.dll
2007-07-31 12:02 83,208 --a------ C:\WINNT\SYSTEM32\S32EVNT1.DLL
2007-07-31 12:02 73,496 --a------ C:\WINNT\SYSTEM32\DRIVERS\SYMEVENT.SYS
2007-07-31 12:01 <DIR> d-------- C:\Program Files\Symantec_Client_Security
2007-07-28 05:41 126,016 --a------ C:\WINNT\SYSTEM32\dahhqege.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-08-01 13:37 --------- d-------- C:\Program Files\PestPatrol
07-07-31 12:02 --------- d-------- C:\Program Files\Symantec
07-07-31 12:01 --------- d-------- C:\Program Files\Common Files\Symantec Shared
04-03-26 09:50 69198 --a------ C:\DOCUME~1\BWEBBE~1.GAD\APPLIC~1\Winsock2.reg
03-07-22 12:32 12118 --a------ C:\Program Files\complete.wav
03-07-17 14:29 12888 --a------ C:\DOCUME~1\BWEBBE~1.GAD\APPLIC~1\GDIPFONTCACHEV1.DAT
03-01-22 17:08 271 --ah----- C:\Program Files\DESKTOP.INI
03-01-22 17:08 21952 --ah----- C:\Program Files\FOLDER.HTT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F59B5A2-7B52-449F-B033-3243C20CF2E2}]
C:\WINNT\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{547AD8C8-FEFF-4D41-A791-FE1522C5ABF9}]
C:\WINNT\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69C4B269-5C27-4142-9BBC-B50A058A7957}]
C:\WINNT\system32\dmcompops.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BB0C23AD-F210-4AB9-BF39-3B4E97B8993C}"= C:\Program Files\SuperBar\SuperBar.Dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{BB0C23AD-F210-4AB9-BF39-3B4E97B8993C}]
[HKEY_CLASSES_ROOT\SuperBar.Component]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [02-07-24 13:00 C:\WINNT\SYSTEM32\MOBSYNC.EXE]
"CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-12-17 20:14 ]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [02-12-17 19:28 ]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [02-07-01 09:50 ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [02-05-20 19:36 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04-01-20 18:00 ]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [04-11-15 11:49 ]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [03-04-19 07:53 ]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [05-01-10 09:35 ]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [05-10-31 12:05 ]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [05-10-31 12:18 ]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [07-01-12 18:45 ]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [03-05-21 01:21 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Internat.exe"="internat.exe" [02-07-24 13:00 C:\WINNT\SYSTEM32\INTERNAT.EXE]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06-06-20 22:36 ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07-06-15 19:05 ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [06-03-30 16:45 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-06-04 21:53:14]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-07-23 11:59:45]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
WcesWlgn.dll 06-06-20 22:34 14120 C:\WINNT\SYSTEM32\WcesWlgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttrak.sys
R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys
R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k.sys
R1 Cdr4_2K;Cdr4_2K;C:\WINNT\system32\drivers\Cdr4_2K.sys
R1 Cdralw2k;Cdralw2k;C:\WINNT\system32\drivers\Cdralw2k.sys
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys
R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys
R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe
R2 AsfAlrt;AsfAlrt;\??\C:\WINNT\System32\drivers\AsfAlrt.sys
R2 NAVAPEL;NAVAPEL;\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
R3 E1000;Intel(R) PRO/1000 Adapter Driver;C:\WINNT\system32\DRIVERS\e1000nt5.sys
R3 lkbdflt2;Logitech Keyboard Class Filter Driver;C:\WINNT\system32\DRIVERS\lkbdflt2.sys
R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys
R3 MxlW2k;MxlW2k;C:\WINNT\system32\drivers\MxlW2k.sys
R3 NAVAP;NAVAP;\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-07-28 01:01:02 C:\WINNT\Tasks\BackupMD.job - C:\Tools\BackupMD.cmd

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 13:48:28
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINNT\system32\Perflib_Perfdata_6f8.dat

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-08-01 13:50:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-01 13:49

--- E O F ---

Hi

Please post the Vundofix log as well...

Download a self-extracting copy of HijackThis from :-
http://downloads.malwareremoval.com/hijackthis_sfx.exe
1. save it to your Desktop.
2. Double-click on the file hijackthis_sfx.exe and it will self-extract into its own folder,
C:\Program Files\HijackThis
3. Go to this folder and run the hijackthis.exe file
4. click Do a system scan and save a logfile
5. Copy & paste the logfile into your next post here...

steam

Steam - thanks for getting back me. I could not find vundo fix so I ran again and nothing was found. Also, spybot now does not find virtumonde. My PC is now runnig excellent - programs open quickly, etc. Everything seemed to change when I ran the combofix program (from looking at suggetions in other postings). Is that possible it did the job? Looks like you can close this log out. thanks for checking in, sorry to bother.

HI

You still have vundo files & registry entries...

I wont waste time if you don't plan on coming back...

If you want the remaining entries removed, post the hijackthis log I requested, & the C:\vundofix.txt

cheers

steam

I'm not as smooth as I thought. MY GG Parents are from Liverpool - I'm in Chicago.

Here's vundo fix.txt:
VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 8:19:38 AM 8/1/2007

Listing files found while scanning....

C:\WINNT\system32\mllmm.dll
C:\WINNT\system32\mmllm.bak1
C:\WINNT\system32\mmllm.bak2
C:\WINNT\system32\mmllm.ini

Beginning removal...

Attempting to delete C:\WINNT\system32\mllmm.dll
C:\WINNT\system32\mllmm.dll Has been deleted!

Attempting to delete C:\WINNT\system32\mmllm.bak1
C:\WINNT\system32\mmllm.bak1 Has been deleted!

Attempting to delete C:\WINNT\system32\mmllm.bak2
C:\WINNT\system32\mmllm.bak2 Has been deleted!

Attempting to delete C:\WINNT\system32\mmllm.ini
C:\WINNT\system32\mmllm.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 1:28:38 PM 8/1/2007

Listing files found while scanning....

C:\WINNT\system32\dccdd.bak1
C:\WINNT\system32\dccdd.ini
C:\WINNT\system32\ddccd.dll

Beginning removal...

Attempting to delete C:\WINNT\system32\dccdd.bak1
C:\WINNT\system32\dccdd.bak1 Has been deleted!

Attempting to delete C:\WINNT\system32\dccdd.ini
C:\WINNT\system32\dccdd.ini Has been deleted!

Attempting to delete C:\WINNT\system32\ddccd.dll
C:\WINNT\system32\ddccd.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINNT\system32\ddccd.dll
C:\WINNT\system32\ddccd.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Sun Java not detected
Scan started at 2:19:07 PM 8/2/2007

Listing files found while scanning....

No infected files were found.
__________________________________________________
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 8:26:41 AM, on 8/3/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\BWEBBE~1.GAD\LOCALS~1\Temp\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F59B5A2-7B52-449F-B033-3243C20CF2E2} - C:\WINNT\system32\mllmm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {547AD8C8-FEFF-4D41-A791-FE1522C5ABF9} - C:\WINNT\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {69C4B269-5C27-4142-9BBC-B50A058A7957} - C:\WINNT\system32\dmcompops.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = groupadministrators.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = groupadministrators.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = groupadministrators.com
O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

HI

Hijackthis needs to be in a permanent folder before you use it to remove anything (for your own safety) in case you remove the wrong entry... In a permanent folder, it will create backups, in a temp folder it will not.

You also have files to delete, so we'll use Combofix to remove them all...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)


File::
C:\WINNT\SYSTEM32\uluqytql.dll
C:\WINNT\SYSTEM32\dahhqege.dll

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F59B5A2-7B52-449F-B033-3243C20CF2E2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{547AD8C8-FEFF-4D41-A791-FE1522C5ABF9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69C4B269-5C27-4142-9BBC-B50A058A7957}]



Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

steam

How is it going webbe? :)

This topic has been archived due to lack of a response.

If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.