View Full Version : Command Service help
Allright, so, here's everything I believe I need.
It said the panda scan was too long so I attached it, hope that's okay.
heres the HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 7:29:36 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Update.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1159855070\ee\aolsoftware.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\kill the bugs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {5E66ECAE-776E-7C9A-1E65-2EC79E73B395} - (no file)
R3 - URLSearchHook: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\xxyyaxv.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rmufebdh.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
pskelley
2006-10-27, 15:37
Welcome to the forum, if your issues are not resolved, and you want me to try to help, please make sure you read and follow all directions. I will number the order we need to complete them in.
1) "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288
Please do not ask us to download or unzip the logs.
If they are too long for one post just make as many posts to your topic as necessary.
Post all logs as instructed, I will not open attachments from an infected machine.
2) Turn off TeaTimer until we are finished, it will block changes we must make.
http://russelltexas.com/malware/teatimer.htm
3) Follow the instruction here, make sure you run the fix until all files located by it have been deleted. Then post the Vundofix log.
Thanks to Atribune and any others who helped with this fix.
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
4) Thanks to sUBs and anyone who helped with this fix.
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
5) Make sure to restart, then post the Vundofix report, combofix log and a new HJT log.
Thanks
Thanks for the help!
Vundo Log
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.6
Scan started at 6:06:58 PM 10/26/2006
Listing files found while scanning....
C:\WINDOWS\system32\aaegrxj.dll
C:\WINDOWS\system32\byxvvus.dll
C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\jkkkjhf.dll
C:\WINDOWS\system32\ksrpmje.dll
C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\pqqrase.dll
C:\WINDOWS\system32\rmufebdh.dll
C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\xxyyaxv.dll
C:\WINDOWS\system32\odlfqvhp.exe
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\aaegrxj.dll
C:\WINDOWS\system32\aaegrxj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxvvus.dll
C:\WINDOWS\system32\byxvvus.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\ikrfind.dll Has been deleted!
Combofix Log
Sam - 06-10-27 11:05:01.68 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Sam\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Sam\Application Data\Dxcuknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\misc002
C:\Program Files\PrintView
C:\WINDOWS\system32\components
C:\WINDOWS\system32\crunner
C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}
C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Sam\My Documents\STEM~1
C:\QooBox\Purity\Documents and Settings\Sam\My Documents\STEM~1\scanregw.exe
C:\QooBox\Purity\Documents and Settings\Sam\My Documents\STEM~1\??stem
C:\QooBox\Purity\Program Files\Common Files\STEM~1
C:\QooBox\Purity\Program Files\Common Files\TSKS~1
C:\QooBox\Purity\Program Files\Common Files\STEM~1\?canregw_exe.vir
C:\QooBox\Purity\WINDOWS\MCROSO~1.NET
((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))
2006-10-26 13:14 131,072 --a------ C:\WINDOWS\system32\mejfurf.dll
2006-10-25 16:29 93,696 --a------ C:\WINDOWS\system32\cijlbtc.dll
2006-10-19 21:44 67,604 --a------ C:\WINDOWS\system32\sqxiurvt.exe
2006-10-19 15:02 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-10-18 18:46 94,208 --a------ C:\WINDOWS\system32\vikhzl.dll
2006-10-16 12:45 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-16 12:45 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-14 23:37 32,768 --a------ C:\WINDOWS\unstall.exe
2006-10-14 23:36 25,105 --a------ C:\WINDOWS\idlemg.exe
2006-10-14 23:36 139,264 --a------ C:\WINDOWS\MirarSetup_876057.exe
2006-10-14 23:35 433,632 --a------ C:\WINDOWS\hancerdoem.exe
2006-10-14 23:35 2,560 --a------ C:\WINDOWS\ac3_0002.exe
2006-10-11 08:27 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-10-11 08:27 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2006-10-11 08:27 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2006-10-11 08:27 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2006-10-11 08:27 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-10-11 08:20 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
2006-10-11 08:20 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
2006-10-09 22:35 299,520 --a------ C:\WINDOWS\uninst.exe
2006-10-06 22:57 142 --a------ C:\WINDOWS\ncedr.dll
2006-10-06 22:30 46,452 --a------ C:\WINDOWS\elitepop06.exe
2006-10-06 22:30 433,632 --a------ C:\WINDOWS\hanceremm.exe
2006-10-06 22:30 217,346 --a------ C:\WINDOWS\Setup90.exe
2006-10-06 22:30 1,233 --a------ C:\WINDOWS\system32\yce70091.sys
2006-10-06 18:11 65,536 --a------ C:\WINDOWS\system32\Winwcd.dll
2006-10-01 23:00 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-30 16:48 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-30 15:51 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-30 15:51 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-09-30 15:51 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-30 03:39 5,127,800 --a------ C:\Firefox Setup 1.5.0.7.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-27 11:06 -------- d-------- C:\Program Files\Common Files
2006-10-27 11:00 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-27 01:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\uTorrent
2006-10-26 18:44 -------- d-------- C:\Program Files\WinRAR
2006-10-26 18:38 -------- d-------- C:\Program Files\Internet Explorer
2006-10-26 18:38 -------- d-------- C:\Program Files\Google
2006-10-26 18:38 -------- d-------- C:\Program Files\Dell Support
2006-10-26 14:46 -------- d---s---- C:\Documents and Settings\Sam\Application Data\Microsoft
2006-10-25 17:51 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-25 17:51 -------- d-------- C:\Program Files\Ubisoft
2006-10-22 00:32 -------- d-------- C:\Documents and Settings\Sam\Application Data\MySpace
2006-10-22 00:31 -------- d-------- C:\Program Files\MySpace
2006-10-21 23:35 -------- d-------- C:\Program Files\CDisplay
2006-10-20 23:05 -------- d-------- C:\Program Files\Planetwide Games
2006-10-19 16:20 -------- d-------- C:\Program Files\Combined Community Codec Pack
2006-10-15 16:17 -------- d-------- C:\Program Files\Dell
2006-10-15 14:37 -------- d-------- C:\Documents and Settings\Sam\Application Data\Talkback
2006-10-15 09:43 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-12 00:07 -------- d-------- C:\Program Files\Valve
2006-10-09 22:36 -------- d-------- C:\Program Files\LucasArts
2006-10-09 18:16 -------- d--h----- C:\Program Files\Common Files\cloader
2006-10-08 01:26 -------- d-------- C:\Documents and Settings\Sam\Application Data\Apple Computer
2006-10-07 18:33 12528 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-07 14:03 -------- d-------- C:\Documents and Settings\Sam\Application Data\Lavasoft
2006-10-07 14:02 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 01:39 -------- d-------- C:\Documents and Settings\Sam\Application Data\Help
2006-10-07 01:36 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sun
2006-10-06 20:56 -------- d-------- C:\Documents and Settings\Sam\Application Data\PC Tools
2006-10-05 17:34 -------- d-------- C:\Documents and Settings\Sam\Application Data\AdobeUM
2006-10-04 14:13 -------- d-------- C:\Program Files\AVI Codec Pack
2006-10-04 14:11 -------- d-------- C:\Program Files\AVIcodec
2006-10-03 22:15 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sony
2006-10-03 22:15 -------- d-------- C:\Documents and Settings\Sam\Application Data\Publish Providers
2006-10-03 22:07 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-03 22:05 -------- d-------- C:\Program Files\Vstplugins
2006-10-03 22:05 -------- d-------- C:\Program Files\Sony
2006-10-03 21:53 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sony Setup
2006-10-03 13:27 -------- d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2006-10-03 01:59 -------- d-------- C:\Documents and Settings\Sam\Application Data\acccore
2006-10-03 01:57 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-03 01:57 -------- d-------- C:\Documents and Settings\Sam\Application Data\Mozilla
2006-10-02 00:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-01 23:03 -------- d-------- C:\Program Files\DAEMON Tools
2006-10-01 23:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-30 18:21 -------- d-------- C:\Documents and Settings\Sam\Application Data\CoreCodec
2006-09-30 16:38 -------- d-------- C:\Program Files\Haali
2006-09-30 16:38 -------- d-------- C:\Program Files\CoreCodec
2006-09-30 16:08 -------- d-------- C:\Program Files\iTunes
2006-09-30 16:08 -------- d-------- C:\Program Files\iPod
2006-09-30 16:07 -------- d-------- C:\Program Files\QuickTime
2006-09-30 16:05 -------- d-------- C:\Program Files\Apple Software Update
2006-09-30 04:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2006-09-22 10:38 53248 --a------ C:\WINDOWS\109uninst.exe
2006-09-22 10:36 53248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-19 16:08 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-09-19 16:07 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-09-19 16:07 -------- d-------- C:\Program Files\Microsoft Small Business
2006-09-19 16:07 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-09-19 16:03 -------- d--h----- C:\Documents and Settings\Sam\Application Data\Gtek
2006-09-19 16:01 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-19 16:01 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-19 16:01 -------- d-------- C:\Program Files\Microsoft Office
2006-09-19 16:01 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-19 16:01 -------- d-------- C:\Program Files\Common Files\System
2006-09-19 16:01 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-19 16:00 -------- d-------- C:\Program Files\Microsoft Works
2006-09-19 16:00 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-19 16:00 -------- d-------- C:\Program Files\Adobe
2006-09-19 15:54 -------- d-------- C:\Program Files\Corel Corporation
2006-09-19 15:51 -------- d-------- C:\Program Files\MUSICMATCH
2006-09-19 15:49 -------- d-------- C:\Program Files\Symantec
2006-09-19 15:49 -------- d-------- C:\Documents and Settings\Sam\Application Data\Symantec
2006-09-19 15:48 -------- d-------- C:\Program Files\Sonic
2006-09-19 15:48 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-09-19 15:48 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-19 15:47 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-09-19 15:47 -------- d-------- C:\Program Files\Viewpoint
2006-09-19 15:47 -------- d-------- C:\Program Files\Real
2006-09-19 15:47 -------- d-------- C:\Program Files\Common Files\Real
2006-09-19 15:47 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-19 15:45 -------- d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2006-09-19 15:45 -------- d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2006-09-19 15:45 -------- d-------- C:\Program Files\Common Files\TiVo Shared
2006-09-19 15:44 -------- d-------- C:\Program Files\Windows Media Player
2006-09-19 15:43 -------- d-------- C:\Program Files\NetWaiting
2006-09-19 15:43 -------- d-------- C:\Program Files\Modem Helper
2006-09-19 15:43 -------- d-------- C:\Program Files\CyberLink
2006-09-19 15:41 -------- d-------- C:\Program Files\CONEXANT
2006-09-19 15:40 -------- d-------- C:\Program Files\Sigmatel
2006-09-19 15:39 17056 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-09-19 15:39 -------- d-------- C:\Program Files\Intel, Inc
2006-09-19 15:39 -------- d-------- C:\Program Files\Broadcom
2006-09-19 15:39 -------- d-------- C:\Documents and Settings\Sam\Application Data\Intel
2006-09-19 15:38 -------- d-------- C:\Program Files\Synaptics
2006-09-19 15:38 -------- d-------- C:\Program Files\Outlook Express
2006-09-19 15:38 -------- d-------- C:\Program Files\Intel
2006-09-19 15:36 -------- d-------- C:\Program Files\Messenger
2006-09-19 15:35 -------- d-------- C:\Program Files\Java
2006-09-19 15:35 -------- d-------- C:\Program Files\Common Files\Java
2006-09-19 15:14 49152 --a------ C:\WINDOWS\setpwrcg.exe
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Sen"="\"C:\\DOCUME~1\\Sam\\MYDOCU~1\\STEM~1\\scanregw.exe\" -vt yazb"
"Cyxxo"="C:\\Program Files\\Common Files\\??stem\\?canregw.exe"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0E24427B-DF2A-40EB-980B-A819F5FF3DD0}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyaxv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-10-27 11:06:53.23
C:\ComboFix.txt ... 06-10-27 11:06
*continued*
HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 11:14:35 AM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\AOL\1159855070\ee\aolsoftware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\kill the bugs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {5E66ECAE-776E-7C9A-1E65-2EC79E73B395} - (no file)
R3 - URLSearchHook: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\xxyyaxv.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rmufebdh.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
And here are the results of that Panda Scan
Logfile of HijackThis v1.99.1
Scan saved at 11:14:35 AM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\AOL\1159855070\ee\aolsoftware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\kill the bugs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {5E66ECAE-776E-7C9A-1E65-2EC79E73B395} - (no file)
R3 - URLSearchHook: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\xxyyaxv.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rmufebdh.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Panda continued
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sam\Cookies\sam@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sam\Cookies\sam@atwola[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Sam\Cookies\sam@searchportal.information[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Sam\Cookies\sam@stats1.reliablestats[2].txt
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b103.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b104.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b111.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b116.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b122.exe[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b122.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b123.exe[wni.exe][installer.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b123.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b124.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\b126.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\i388.tmp
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\mitFC7.tmp
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\mitFC7.tmp.cab
Spyware:Spyware/Here4search Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\mst5C.tmp
Adware:Adware/Adservice Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\mst67.tmp
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\NNBar_VCSetup_876057.exe
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\sa1D.exe[Spy-Quake2.exe]
Adware:Adware/UltimateCleaner Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\tinst26.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Sam\Local Settings\Temp\win60.tmp.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\6LWPEFMZ\122[1].net[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\6LWPEFMZ\122[1].net[²ÜÇ\nsRandom.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\KDCFSDQ5\111[1].net
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\WX0FKLQP\104[1].net[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\WX0FKLQP\104[1].net[²ÜÇ\nsRandom.dll]
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\Sam\My Documents\Programs\Beetle Bomp + Serpengo+ Bone Out from Boneville + Zuma Deluxe + Lemonade Tycoon 2 [found with kelforum.com ].rar[Creatures The Albian Years PC Game [by PeerFactor.fr].exe]
Possible Virus. Not disinfected C:\Documents and Settings\Sam\My Documents\??stem\scanregw.exe
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\Common Files\misc002\DXC.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\Activate.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\MyToolBar.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\services.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\Uninst.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-0256-1033-0629-061114200001}\Update.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Activate.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\MyToolBar.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Uninst.exe
Possible Virus. Renamed C:\Program Files\Common Files\??stem\?canregw.exe
Adware:Adware/PrintView Not disinfected C:\Program Files\PrintView\printhook030.dll
Adware:Adware/PrintView Not disinfected C:\Program Files\PrintView\pvmodule.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\byxvvus.dll.bad
Possible Virus. Not disinfected C:\VundoFix Backups\jkkjh.dll.bad
Shoot, I totally posted the HJT logfile as the first part of the panda scan and it won't let me edit the post. Sorry, here's what I was supposed to put.
Incident Status Location
Adware:Adware/PrintView Not disinfected C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Services.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{349582CE-069F-1033-0629-061114200001}\Update.exe
Adware:adware/mirar Not disinfected c:\windows\system32\WinNB58.dll
Spyware:spyware/media-motor Not disinfected c:\windows\unstall.exe
Adware:adware/commad Not disinfected Windows Registry
Possible Virus. Not disinfected C:\dell\Utilities\DSR\demo\DEMO.EXE
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.com.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.go.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\hgwt3lzr.default\cookies.txt[stats.drivecleaner.com/]
Last part of panda, sorry about the confusion above.
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jkkkjhf.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nnnmnkl.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\odlfqvhp.exe.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\rmufebdh.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ssqopqn.dll.bad
Spyware:Spyware/Here4search Not disinfected C:\VundoFix Backups\winrkp32.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xxyyaxv.dll.bad
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\ac3_0002.exe
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whiehlpr.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hanceremm.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hanceremm.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hanceremm.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hanceremm.exe[whCC-GIANT3.exe][whiehlpr.dll]
Adware:Adware/ISearch Not disinfected C:\WINDOWS\idlemg.exe
Adware:Adware/Mirar Not disinfected C:\WINDOWS\MirarSetup_876057.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe[Sos28.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe[TagASaurus.exe]
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\crunner\cproc.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\crunner\cupdater.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\sqxiurvt.exe
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst12A.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst164.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst61.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mstA8.tmp
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\Temp\winE5.tmp.exe
Thanks for your time!
pskelley
2006-10-27, 18:02
Could you post the complete Vundofix report, you cut it off early and I can't tell if it completed removal.
Thanks
Yeah...it's a mess, you ought to be on this end of it :o(
Sorry, didn't see that.
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.6
Scan started at 6:06:58 PM 10/26/2006
Listing files found while scanning....
C:\WINDOWS\system32\aaegrxj.dll
C:\WINDOWS\system32\byxvvus.dll
C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\jkkkjhf.dll
C:\WINDOWS\system32\ksrpmje.dll
C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\pqqrase.dll
C:\WINDOWS\system32\rmufebdh.dll
C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\xxyyaxv.dll
C:\WINDOWS\system32\odlfqvhp.exe
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\aaegrxj.dll
C:\WINDOWS\system32\aaegrxj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxvvus.dll
C:\WINDOWS\system32\byxvvus.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ikrfind.dll
C:\WINDOWS\system32\ikrfind.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkkjhf.dll
C:\WINDOWS\system32\jkkkjhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ksrpmje.dll
C:\WINDOWS\system32\ksrpmje.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmnkl.dll
C:\WINDOWS\system32\nnnmnkl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqqrase.dll
C:\WINDOWS\system32\pqqrase.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rmufebdh.dll
C:\WINDOWS\system32\rmufebdh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqopqn.dll
C:\WINDOWS\system32\ssqopqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\winrkp32.dll
C:\WINDOWS\system32\winrkp32.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyyaxv.dll
C:\WINDOWS\system32\xxyyaxv.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\odlfqvhp.exe
C:\WINDOWS\system32\odlfqvhp.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\xxyyaxv.dll
C:\WINDOWS\system32\xxyyaxv.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.6
Checking Java version...
Java version is 1.5.0.6
Scan started at 10:56:10 AM 10/27/2006
Listing files found while scanning....
No infected files were found.
pskelley
2006-10-27, 18:17
Some entries in the Panda scan make me think there may be Smitfraud we can not see. Would you follow the directions in the link:
http://siri.geekstogo.com/SmitfraudFix.php
Only run the "Search" function and post that report. That will tell us if we need to do more.
Thanks
pskelley
2006-10-27, 18:45
Post the results of the Smitfraud "Search" before starting on these instructions.
1) Make sure TeaTimer is still turned off.
2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R3 - URLSearchHook: (no name) - {5E66ECAE-776E-7C9A-1E65-2EC79E73B395} - (no file)
R3 - URLSearchHook: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\xxyyaxv.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\rmufebdh.dll (file missing)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - C:\WINDOWS\system32\ksrpmje.dll (file missing)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - C:\WINDOWS\system32\jkkjh.dll (file missing)
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - C:\WINDOWS\system32\mejfurf.dll
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
(you may remove these two restrictions if you wish)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\Common Files\??stem\ <<< look for and delete that folder if it is there.
6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post a new HJT log.
Thanks
Allright, here's the smitfraud.
SmitFraudFix v2.114
Scan done at 13:39:04.15, Fri 10/27/2006
Run from C:\Documents and Settings\Sam\Desktop\kill the bugs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sam
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sam\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sam\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2006-10-27, 19:46
Thanks, looks clean, you can remove that Smitfraudfix from your computer and continue with the balance of the instructions.
Thanks
Allright, here's my new HJT logfile.
Logfile of HijackThis v1.99.1
Scan saved at 1:57:11 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1159855070\ee\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sam\Desktop\kill the bugs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - (no file)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - (no file)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - (no file)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
pskelley
2006-10-27, 20:14
Something is blocking HJT from doing it's work. You must have TeaTimer disabled, if you do and you run this again without success, then try uninstalling Spybot, reboot and run the HJT removal again. Once we get the junk gone you can reinstall Spybot S&D.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - (no file)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - (no file)
O2 - BHO: (no name) - {4472E2B2-FB44-FBD4-2A58-0101EBECF47E} - (no file)
O2 - BHO: (no name) - {48C2CAEF-13C9-42B2-AFCB-27727C44E1A0} - (no file)
O2 - BHO: (no name) - {60EC0F61-97FC-9403-8289-C06944FE86CA} - (no file)
(next is not working...missing it's file, if you use it download it again when we are finished)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
(next...were you able to delete that folder?)
O4 - HKCU\..\Run: [Cyxxo] C:\Program Files\Common Files\??stem\?canregw.exe
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} -
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\
O20 - Winlogon Notify: xxyyaxv - C:\WINDOWS\
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Unless I miss my guess that junk is all leftovers that is being held in the registry by probably TeaTimer. We should be getting close, how is the computer running now?
Thanks
Allright, I uninstalled spybot and all that jazz, and I guess the HJT worked because the files are not there anymore.
About that folder you said to delete, when I looked for it it wasn't there. So, I don't know if it got deleted or wasn't there.
My computer seems to be working great, no pop ups or anything, nor any slowdown that I can tell.
Latest HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 6:27:47 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\AOL\1159855070\ee\aolsoftware.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\kill the bugs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Sam\MYDOCU~1\STEM~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
pskelley
2006-10-28, 00:53
Thanks for working with me to clean things up. You can install Spybot S&D again if you have not. I do see one dead line:
O2 - BHO: (no name) - {D4E0C464-30CE-4075-9A10-71FD106C2847} - (no file)
You can use HJT to remove it if you wish or you can leave it. It can cause you do harm with the file missing. The balance of the log looks fine.
I apologize for having to take those steps, normally turning off TeaTimer is enough, but every once in a while the stuff stays in the memory and uninstalling is the only way to do it.
Let's do this: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Safe surfing...tashi :) will close your topic in a few days.
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Allright, all done! Thank you so much for everything!
LonnyRJones
2006-11-02, 01:00
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).