PDA

View Full Version : Virtumonde Issue



Toolate
2007-11-21, 00:07
Hello everybody. Spybot Search & Destroy detects a virus named Virtumonde. When it tries to fix it it does not go away and continues to come back for more disaster. I created a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:27 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winferno\Secure IE\SIEPulse.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\rgdwhvdb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [b80698f6] rundll32.exe "C:\WINDOWS\System32\agikgwea.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Download File - C:\Program Files\Winferno\Secure IE\Scripts\AddToTransferQueue.htm
O8 - Extra context menu item: &Highlight - C:\Program Files\Winferno\Secure IE\Scripts\highlight.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Zoom &In - C:\Program Files\Winferno\Secure IE\Scripts\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\Program Files\Winferno\Secure IE\Scripts\zoomout.htm
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/19423c8cbd92cc7e9c01/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145398142453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154608751609
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.25.14/ttinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8992 bytes

ken545
2007-11-21, 02:36
Toolate,

Welcome to Safer Networking, you have other issues besides Vundo, you have a trojan downloader that is responsible for downloading all this garbage.


Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply




This is important , do this and post a new Hijackthis log
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass ) and rename it to Scanner.exe

Toolate
2007-11-21, 02:51
Hey ken, I have two logs for you, thanks for helping!

Deckard's System Scanner v20071014.68
Run by Franchesca on 2007-11-20 19:41:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-11-21 00:42:01 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2007-11-20 06:05:37 UTC - RP3 - Installed Google Toolbar for Internet Explorer
2: 2007-11-20 06:01:31 UTC - RP2 - Installed Java(TM) 6 Update 3
1: 2007-11-20 05:50:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.4 GiB (less than 15%) free.


-- HijackThis (run as Franchesca.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:39 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winferno\Secure IE\SIEPulse.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Franchesca\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Franchesca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06127A10-42DD-4E61-AF69-078DECCC1283} - C:\WINDOWS\System32\awtqn.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\ADBLOC~1\NAMESP~1.DLL
O2 - BHO: {a0c27eba-b517-2e2a-c3b4-192d91a09cc4} - {4cc90a19-d291-4b3c-a2e2-715babe72c0a} - C:\WINDOWS\System32\mktvnnnc.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\rgdwhvdb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\System32\ljjjhfc.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\rgdwhvdb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [b80698f6] rundll32.exe "C:\WINDOWS\System32\agikgwea.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Download File - C:\Program Files\Winferno\Secure IE\Scripts\AddToTransferQueue.htm
O8 - Extra context menu item: &Highlight - C:\Program Files\Winferno\Secure IE\Scripts\highlight.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Zoom &In - C:\Program Files\Winferno\Secure IE\Scripts\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\Program Files\Winferno\Secure IE\Scripts\zoomout.htm
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/19423c8cbd92cc7e9c01/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145398142453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154608751609
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.25.14/ttinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
O20 - Winlogon Notify: ljjjhfc - C:\WINDOWS\SYSTEM32\ljjjhfc.dll
O20 - Winlogon Notify: rgdwhvdb - C:\WINDOWS\SYSTEM32\rgdwhvdb.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11069 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 StillCam (Still Serial Digital Camera Driver) - c:\windows\system32\drivers\serscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
S1 SABKUTIL - c:\program files\superadblocker.com\super ad blocker\sabkutil.sys (file missing)
S3 dsreader (MaxDrive Driver (dsreader.sys)) - c:\windows\system32\drivers\dsreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 gbalink (GBA Link Driver (gbalink.sys)) - c:\windows\system32\drivers\gbalink.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
S3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>
S3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys (file missing)
S3 USB_RNDIS_XP (Westell WireSpeed Dual Connect Modem) - c:\windows\system32\drivers\usb8023.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 dvpapi - "c:\program files\common files\command software\dvpapi.exe" <Not Verified; Command Software Systems, Inc.; Command AntiVirus for Windows>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 NMSSvc (Intel(R) NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
S3 usnsvc (Messenger Sharing USN Journal Reader service) - c:\windows\system32\svchost.exe -k usnsvc <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft System Management BIOS Driver
Device ID: ROOT\SYSTEM\0002
Manufacturer: (Standard system devices)
Name: Microsoft System Management BIOS Driver
PNP Device ID: ROOT\SYSTEM\0002
Service: mssmbios


-- Scheduled Tasks -------------------------------------------------------------

2007-11-20 10:45:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-20 01:47:10 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 16:49:39 0 d-------- C:\Program Files\Trend Micro
2007-11-20 00:01:57 35840 --a------ C:\WINDOWS\mrofinu1188.exe
2007-11-20 00:01:50 37376 --a------ C:\WINDOWS\System32\ddcbyvt.dll
2007-11-19 21:58:43 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2007-11-19 21:58:43 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-19 17:50:03 85056 --a------ C:\WINDOWS\System32\agikgwea.dll
2007-11-19 17:47:04 83008 --a------ C:\WINDOWS\System32\mktvnnnc.dll
2007-11-19 17:41:44 71232 --a------ C:\WINDOWS\System32\gxpgfwcc.exe <Not Verified; ; DDC>
2007-11-19 17:41:35 145984 --a------ C:\WINDOWS\System32\rgdwhvdb.dll
2007-11-19 17:41:00 145984 --a------ C:\WINDOWS\System32\bmyhqeca.dll
2007-11-19 04:34:54 11564 --ahs---- C:\WINDOWS\System32\nqtwa.ini2
2007-11-19 04:34:37 329824 --a------ C:\WINDOWS\System32\awtqn.dll
2007-11-19 04:33:06 147456 --a------ C:\WINDOWS\System32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-19 04:30:44 120 --a------ C:\n.bat
2007-11-19 04:30:18 0 --a------ C:\x.dat
2007-11-19 04:30:06 36352 --a------ C:\WINDOWS\System32\pmnmmnk.dll
2007-11-19 04:30:03 0 --a------ C:\z.dat
2007-11-19 04:29:31 36352 --a------ C:\WINDOWS\System32\ljjjhfc.dll
2007-11-19 04:28:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 19:48:47 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-18 19:46:15 0 d-------- C:\Program Files\Diner Dash 2
2007-11-18 19:46:02 0 d-------- C:\Program Files\ReflexiveArcade
2007-11-16 23:19:09 0 d-------- C:\Program Files\AIM6
2007-11-14 19:44:03 12160 --a------ C:\WINDOWS\System32\drivers\mouhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-14 19:44:03 22016 --a------ C:\WINDOWS\System32\drivers\mouclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-10 18:39:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-10 18:39:49 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-11-10 18:10:17 33792 --a------ C:\WINDOWS\System32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 10:24:20 53760 --a------ C:\WINDOWS\b122.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-20 01:17:20 0 d-------- C:\Program Files\Ad Blocker
2007-11-20 01:07:27 0 d-------- C:\Program Files\Google
2007-11-20 01:04:57 0 d-------- C:\Program Files\Java
2007-11-19 21:59:22 3476 --a------ C:\WINDOWS\System32\tmp.reg
2007-11-19 20:24:59 0 d-------- C:\Program Files\LimeWire
2007-11-18 19:48:47 0 d-------- C:\Documents and Settings\Franchesca\Application Data\PlayFirst
2007-11-16 23:22:22 0 d-------- C:\Program Files\Viewpoint
2007-11-16 23:21:11 0 d-------- C:\Program Files\Common Files\AOL
2007-11-14 22:57:26 0 d-------- C:\Program Files\HyCam2
2007-11-14 20:52:07 0 d-------- C:\Program Files\SwiftSwitch
2007-11-10 19:35:10 0 d-------- C:\Program Files\ReaConverter 4.0 Pro
2007-11-10 19:12:15 0 d-------- C:\Program Files\Wizardbrush 6
2007-11-10 19:01:39 0 d-------- C:\Program Files\NetBattle
2007-11-10 18:57:51 0 d-------- C:\Program Files\AudioLabel
2007-11-10 18:55:48 0 d-------- C:\Program Files\MP3 Wav Editor
2007-11-10 18:55:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-10 18:52:27 0 d-------- C:\Program Files\Common Files
2007-11-10 18:49:47 0 d-------- C:\Program Files\GIMP-2.0
2007-11-10 18:47:48 0 d-------- C:\Program Files\QuickTime
2007-11-10 18:41:25 0 d-------- C:\Program Files\PortTrigger
2007-11-10 18:06:51 0 d-------- C:\Program Files\AbiSuite2


-- Registry Dump ---------------------------------------------------------------
(continued)

Toolate
2007-11-21, 02:52
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06127A10-42DD-4E61-AF69-078DECCC1283}]
11/19/2007 04:34 AM 329824 --a------ C:\WINDOWS\System32\awtqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4cc90a19-d291-4b3c-a2e2-715babe72c0a}]
11/19/2007 05:47 PM 83008 --a------ C:\WINDOWS\System32\mktvnnnc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
11/19/2007 05:41 PM 145984 --a------ C:\WINDOWS\System32\rgdwhvdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
11/19/2007 04:29 AM 36352 --a------ C:\WINDOWS\System32\ljjjhfc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\System32\rgdwhvdb.dll [11/19/2007 05:41 PM 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [09/23/2001 06:14 AM]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [05/18/2002 11:04 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/18/2006 08:27 PM]
"SIE2004"="C:\Program Files\Winferno\Secure IE\SIEPulse.exe" [07/06/2004 11:07 AM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 03:59 AM C:\WINDOWS\BCMSMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 11:28 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 10:46 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [03/24/2004 10:04 AM]
"nwiz"="nwiz.exe" [03/24/2004 10:04 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [03/24/2004 10:04 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/03/2006 05:12 PM]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [02/01/2006 06:33 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 AM]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [01/10/2007 12:15 PM]
"b80698f6"="C:\WINDOWS\System32\agikgwea.dll" [11/19/2007 05:50 PM]
"runner1"="C:\WINDOWS\mrofinu1188.exe" [11/20/2007 12:01 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [06/16/2006 01:38 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 10:20 AM]
"WinAble"="C:\Program Files\WinAble\winable.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/20/2007 07:11 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [11/21/2006 11:49:10 AM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2/22/2007 6:09:24 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2/22/2007 6:06:13 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [4/18/2006 7:09:02 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\System32\ljjjhfc.dll [11/19/2007 04:29 AM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhfc]
ljjjhfc.dll 11/19/2007 04:29 AM 36352 C:\WINDOWS\system32\ljjjhfc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rgdwhvdb]
rgdwhvdb.dll 11/19/2007 05:41 PM 145984 C:\WINDOWS\system32\rgdwhvdb.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\awtqn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stisvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc




-- End of Deckard's System Scanner: finished at 2007-11-20 19:44:46 ------------
Main.txt finished

Toolate
2007-11-21, 02:53
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.53GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 511 MiB / 217.5 MiB
Pagefile Memory (total/avail): 1248.43 MiB / 948.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1952.74 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.89 GiB total, 3.4 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD300BB-75DEA0 - 27.94 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 27.89 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1043 [VPS 071120-0] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\System32\\gxpgfwcc.exe"="C:\\WINDOWS\\System32\\gxp"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Franchesca\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRANNY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Franchesca
LOGONSERVER=\\FRANNY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\System32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\ImageConverter Plus;;C:\Program Files\ImageConverter Plus
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\FRANCH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\FRANCH~1\LOCALS~1\Temp
USERDOMAIN=FRANNY
USERNAME=Franchesca
USERPROFILE=C:\Documents and Settings\Franchesca
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Franchesca (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\VERIZO~1\Uninstall.exe Verizon
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00BF-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03D9-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad Blocker 1.20 --> "C:\Program Files\Ad Blocker\unins000.exe"
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced Batch Converter --> "C:\Program Files\Advanced Batch Converter\uninstall.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Audible Download Manager --> C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup.exe /Uninstall
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Broadcom Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DellTouch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Easy GIF Animator 4.0 --> "C:\Program Files\Easy GIF Animator\unins000.exe"
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Fx Video Converter --> C:\PROGRA~1\FXVIDE~1\UNWISE.EXE C:\PROGRA~1\FXVIDE~1\INSTALL.LOG
Gaim (remove only) --> C:\Program Files\Gaim\gaim-uninst.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
Intel(R) PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Japanese Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Macromedia Flash Player 8 --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Manga Viewer --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\MangaViewer\ST6UNST.LOG"
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nintendo DS - GBA Max Drive --> "C:\Program Files\Datel\Nintendo DS - GBA Max Drive\unins000.exe"
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Core Media Player 4.0 --> "C:\Program Files\CoreCodec\The Core Media Player\uninstall-tcmp4.exe"
Toontown Doodle Trainer --> MsiExec.exe /I{D6378499-9C30-4F44-86C3-2F33459B0D2F}
Verizon Online --> C:\WINDOWS\System32\VerizonUninstaller.exe
Verizon Online Consumer DSL 6.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
Verizon Online Support Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00A1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
Verizon PC Security Checkup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{40ACEAF4-1EB2-45FC-90C3-6810700C0595}
Verizon Servicepoint 1.3.21 --> "C:\Program Files\Verizon\Servicepoint\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinAble --> "C:\Program Files\WinAble\winable.exe" -uninstall
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Live Messenger --> MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type466 / Error
Event Submitted/Written: 11/20/2007 04:35:50 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type465 / Error
Event Submitted/Written: 11/20/2007 04:35:49 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type464 / Error
Event Submitted/Written: 11/20/2007 02:40:40 AM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : explorer: Mutex Recovery Code - Process f78 has been kicked out

Event Record #/Type463 / Error
Event Submitted/Written: 11/20/2007 02:40:40 AM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : explorer: Mutex Recovery Code - leaving recovery code.

Event Record #/Type462 / Error
Event Submitted/Written: 11/20/2007 02:40:39 AM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : explorer: SEVERE nView Mutex Error - NOT recoverable. NView (and Mutexes) have been disabled for the time being while process f78 is active.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type299 / Error
Event Submitted/Written: 11/20/2007 07:09:25 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error:
%%2

Event Record #/Type298 / Error
Event Submitted/Written: 11/20/2007 07:09:25 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The HTTP service failed to start due to the following error:
%%2

Event Record #/Type280 / Error
Event Submitted/Written: 11/20/2007 07:08:14 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Event Record #/Type279 / Error
Event Submitted/Written: 11/20/2007 07:08:14 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.

Event Record #/Type278 / Error
Event Submitted/Written: 11/20/2007 07:07:54 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Security Center service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2007-11-20 19:44:46 ------------

extra done, reply now!

ken545
2007-11-21, 03:04
Download VundoFix (http://www.atribune.org/ccount/click.php?id=4 ) to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Post the Vundo log and a new HJT log please

Toolate
2007-11-21, 03:27
This is the vundofix.txt log.


VundoFix V6.6.2

Checking Java version...

Scan started at 8:05:38 PM 11/20/2007

Listing files found while scanning....

C:\windows\system32\bmyhqeca.dll
C:\WINDOWS\System32\rgdwhvdb.dll
C:\windows\system32\rgdwhvdb.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\bmyhqeca.dll
C:\windows\system32\bmyhqeca.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\rgdwhvdb.dll
C:\WINDOWS\System32\rgdwhvdb.dll Has been deleted!

Attempting to delete C:\windows\system32\rgdwhvdb.dllbox
C:\windows\system32\rgdwhvdb.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

Toolate
2007-11-21, 03:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:00 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winferno\Secure IE\SIEPulse.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\ADBLOC~1\NAMESP~1.DLL
O2 - BHO: {a0c27eba-b517-2e2a-c3b4-192d91a09cc4} - {4cc90a19-d291-4b3c-a2e2-715babe72c0a} - C:\WINDOWS\System32\mktvnnnc.dll
O2 - BHO: (no name) - {4D7EBF69-4DC6-4551-87D5-09AF2419BCCC} - C:\WINDOWS\System32\awtqn.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\System32\ljjjhfc.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [b80698f6] rundll32.exe "C:\WINDOWS\System32\agikgwea.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Download File - C:\Program Files\Winferno\Secure IE\Scripts\AddToTransferQueue.htm
O8 - Extra context menu item: &Highlight - C:\Program Files\Winferno\Secure IE\Scripts\highlight.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Zoom &In - C:\Program Files\Winferno\Secure IE\Scripts\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\Program Files\Winferno\Secure IE\Scripts\zoomout.htm
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/19423c8cbd92cc7e9c01/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145398142453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154608751609
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.25.14/ttinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
O20 - Winlogon Notify: ljjjhfc - C:\WINDOWS\SYSTEM32\ljjjhfc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10788 bytes

ken545
2007-11-21, 04:08
Hello,

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: {a0c27eba-b517-2e2a-c3b4-192d91a09cc4} - {4cc90a19-d291-4b3c-a2e2-715babe72c0a} - C:\WINDOWS\System32\mktvnnnc.dll
O2 - BHO: (no name) - {4D7EBF69-4DC6-4551-87D5-09AF2419BCCC} - C:\WINDOWS\System32\awtqn.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\System32\ljjjhfc.dll

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: rundll32.exe "C:\WINDOWS\System32\agikgwea.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/19423c8c...p/RdxIE601.cab

O20 - Winlogon Notify: ljjjhfc - C:\WINDOWS\SYSTEM32\ljjjhfc.dll



Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop if you don't already have it.

Open a new notepad window
Paste the list of files from the quote box below into the notepad window.



C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\System32\ddcbyvt.dll
C:\WINDOWS\System32\WS2Fix.exe
C:\WINDOWS\System32\VCCLSID.exe
C:\WINDOWS\System32\agikgwea.dll
C:\WINDOWS\System32\mktvnnnc.dll
C:\WINDOWS\System32\gxpgfwcc.exe
C:\WINDOWS\System32\rgdwhvdb.dll
C:\WINDOWS\System32\bmyhqeca.dll
C:\WINDOWS\System32\nqtwa.ini2
C:\WINDOWS\System32\awtqn.dll
C:\WINDOWS\System32\vbzip10.dll
C:\n.bat
C:\x.dat
C:\WINDOWS\System32\pmnmmnk.dll
C:\z.dat
C:\WINDOWS\System32\ljjjhfc.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\System32\awtqn.dll
C:\WINDOWS\System32\mktvnnnc.dll
C:\WINDOWS\System32\rgdwhvdb.dll
C:\WINDOWS\System32\rgdwhvdb.dll
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\System32\agikgwea.dll
C:\WINDOWS\System32\gxpgfwcc.exe
C:\WINDOWS\Fonts\svchost.exe


Save this as vundofix.vft and Save as type "all files".
Double-click [b]VundoFix.exe to run it.
Drag vundofix.vft onto the listbox (white box) of VundoFix.
Click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting


Please run this free online virus scanner from ESET (http://www.eset.eu/online-scanner)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic


Delete this folder
C:\Program Files\WinAble


I need to see the Vundo log, the log from ESET and a new HJT log please

tashi
2007-11-28, 22:05
Toolate, still with us?