Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Having problems removing Smitfraud-C. Toolbar888

  1. 2007-05-31, 03:50 #1
    fay23
    fay23 is offline
    Junior Member
    Join Date
    May 2007
    Posts
    18

    Default Having problems removing Smitfraud-C. Toolbar888

    Well i got this malware on my computer and Spybot deletes it but it comes back again and again on each scan, by the looks of the topics in the forum seems like this type of malware is running rampant well hope someone can help me .

    eTrust Virus scan result

    Scan Results: 41662 files scanned. 4 viruses were detected.

    File Infection Status Path
    lavu.dll Win32/Zquest.E deleted C:\Program Files\Windows Plus\
    qdafwup.exe Win32/SillyDl.CTT deleted C:\WINDOWS\
    dajaqsfv.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
    d5ll.exe Win32/Tesllar.A deleted C:\WINDOWS\system32\T4\


    Logfile of HijackThis v1.99.1
    Scan saved at 9:32:30 PM, on 5/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\qdafwupA.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\WINDOWS\system32\notepad.exe
    C:\highjackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [qdafwupA] C:\WINDOWS\qdafwupA.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\dajaqsfv.dll",realset
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2007\rtasks.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174705128591
    O16 - DPF: {76D68CA1-DD9D-41C4-B2CC-AA9C9A5CF220} - http://www.junkscanner.com/jsetup.exe
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  2. 2007-05-31, 19:37 #2
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi fay23

    Rename HijackThis.exe to scanner.exe and post back a fresh HijackThis log, please
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  3. 2007-05-31, 20:47 #3
    fay23
    fay23 is offline
    Junior Member
    Join Date
    May 2007
    Posts
    18

    Default

    Ok here is a new Hijackthis log.


    Logfile of HijackThis v1.99.1
    Scan saved at 2:45:26 PM, on 5/31/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\qdafwupA.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\highjackthis\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - C:\WINDOWS\system32\qomjjge.dll
    O2 - BHO: (no name) - {44823AEC-73B1-42C8-917C-69A262CD02E7} - \
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {6C44408D-E40B-4E27-B1E6-0AA3A3D347BC} - C:\WINDOWS\system32\awtqp.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: 0 - {BD00559B-62D3-4054-50AF-1B27933EA8C5} - C:\Program Files\Windows Plus\lavu.dll (file missing)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qinhgudi.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [qdafwupA] C:\WINDOWS\qdafwupA.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\dajaqsfv.dll",realset
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2007\rtasks.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174705128591
    O16 - DPF: {76D68CA1-DD9D-41C4-B2CC-AA9C9A5CF220} - http://www.junkscanner.com/jsetup.exe
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\system32\awtqp.dll
    O20 - Winlogon Notify: qomjjge - C:\WINDOWS\SYSTEM32\qomjjge.dll
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  4. 2007-06-01, 08:47 #4
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  5. 2007-06-02, 07:02 #5
    fay23
    fay23 is offline
    Junior Member
    Join Date
    May 2007
    Posts
    18

    Default

    Ok here is the information from vundo and a new Hijackthis log.



    VundoFix V6.4.1

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 2:46:01 AM 5/30/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\dajaqsfv.dll
    C:\WINDOWS\system32\pqtwa.bak1
    C:\WINDOWS\system32\pqtwa.ini
    C:\WINDOWS\system32\pqtwa.ini2
    C:\WINDOWS\system32\qomjjge.dll
    C:\WINDOWS\system32\qomkllk.dll
    C:\WINDOWS\system32\vfsqajad.ini

    VundoFix V6.4.1

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 11:58:45 PM 6/1/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\dajaqsfv.dll
    C:\WINDOWS\system32\pqtwa.bak1
    C:\WINDOWS\system32\pqtwa.bak2
    C:\WINDOWS\system32\pqtwa.ini
    C:\WINDOWS\system32\pqtwa.ini2
    C:\WINDOWS\system32\qomjjge.dll
    C:\WINDOWS\system32\qomkllk.dll
    C:\WINDOWS\system32\vfsqajad.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\awtqp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dajaqsfv.dll
    C:\WINDOWS\system32\dajaqsfv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pqtwa.bak1
    C:\WINDOWS\system32\pqtwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pqtwa.bak2
    C:\WINDOWS\system32\pqtwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pqtwa.ini
    C:\WINDOWS\system32\pqtwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pqtwa.ini2
    C:\WINDOWS\system32\pqtwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomjjge.dll
    C:\WINDOWS\system32\qomjjge.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomkllk.dll
    C:\WINDOWS\system32\qomkllk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vfsqajad.ini
    C:\WINDOWS\system32\vfsqajad.ini Has been deleted!

    Performing Repairs to the registry.
    Done!



    Logfile of HijackThis v1.99.1
    Scan saved at 12:59:32 AM, on 6/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\qdafwupA.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\highjackthis\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F390603-CC09-4FDD-886A-DE6BD30D50A2} - C:\WINDOWS\system32\awtqp.dll (file missing)
    O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - C:\WINDOWS\system32\qomjjge.dll (file missing)
    O2 - BHO: (no name) - {44823AEC-73B1-42C8-917C-69A262CD02E7} - \
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: 0 - {BD00559B-62D3-4054-50AF-1B27933EA8C5} - C:\Program Files\Windows Plus\lavu.dll (file missing)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\qinhgudi.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [qdafwupA] C:\WINDOWS\qdafwupA.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2007\rtasks.exe
    O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\eepoeiej.dll",realset
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174705128591
    O16 - DPF: {76D68CA1-DD9D-41C4-B2CC-AA9C9A5CF220} - http://www.junkscanner.com/jsetup.exe
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  6. 2007-06-02, 10:42 #6
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    1. Download combofix from one of these links:
    Link1
    Link2
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Post:

    - a fresh HijackThis log
    - combofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  7. 2007-06-02, 22:36 #7
    fay23
    fay23 is offline
    Junior Member
    Join Date
    May 2007
    Posts
    18

    Default

    Ok got the combofix log though had to see the adress of the link, ever since i got that Smitfraud thing browser stops reponding when i open a new window or link -.-.



    "Ramon Cruz" - 2007-06-02 16:18:29 Service Pack 2
    ComboFix 07-05.27.BV - Running from: "C:\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\qinhgudi.dll
    C:\WINDOWS\system32\wghymnoh.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\WINDOWS\cfg32.exe"
    "C:\WINDOWS\cfg32a.exe"
    "C:\WINDOWS\stub_mma2.exe"
    "C:\Program Files\Windows Plus\profsy.html"
    "C:\WINDOWS\cs_cache.ini"
    "C:\Temp\tn3"


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CORE


    ((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))


    2007-06-02 16:16 1,088,077 --a------ C:\ComboFix.exe
    2007-06-02 00:00 2,580 --a------ C:\WINDOWS\system32\momhnmoo.exe
    2007-06-01 23:51 131,124 --a------ C:\WINDOWS\system32\eepoeiej.dll
    2007-05-30 04:18 <DIR> d-------- C:\Documents and Settings\Ramon Cruz\.housecall6.6
    2007-05-30 04:18 <DIR> d-------- C:\DOCUME~1\RAMONC~1\.housecall6.6
    2007-05-30 03:46 <DIR> d-------- C:\highjackthis
    2007-05-30 02:46 <DIR> d-------- C:\VundoFix Backups
    2007-05-30 01:36 1,310,720 --ah----- C:\DOCUME~1\odin\NTUSER.DAT
    2007-05-30 01:36 <DIR> d-------- C:\DOCUME~1\odin\APPLIC~1\Gtek
    2007-05-30 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-05-29 23:43 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
    2007-05-29 23:43 <DIR> d--hs---- C:\UWA7P
    2007-05-29 23:43 <DIR> d-------- C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007
    2007-05-29 14:17 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-05-29 14:17 <DIR> d-------- C:\Program Files\Common Files\WinAntiVirus Pro 2007
    2007-05-29 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
    2007-05-29 13:59 881,920 -r-hs---- C:\WINDOWS\qdafwupA.exe
    2007-05-29 13:59 <DIR> d-------- C:\WINDOWS\system32\TQ0
    2007-05-29 13:59 <DIR> d-------- C:\WINDOWS\system32\T6
    2007-05-29 13:59 <DIR> d-------- C:\WINDOWS\system32\T4
    2007-05-29 13:59 <DIR> d-------- C:\WINDOWS\system32\T3
    2007-05-29 13:59 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ
    2007-05-29 13:59 <DIR> d-------- C:\WINDOWS\system32\pog
    2007-05-29 13:59 <DIR> d-------- C:\Temp\0b9
    2007-05-17 19:26 <DIR> d-------- C:\Program Files\CDisplay
    2007-05-10 18:11 983,101 --a------ C:\WINDOWS\system32\dlbtgf.dll
    2007-05-10 18:11 69,632 --a------ C:\WINDOWS\system32\dlbtcu.dll
    2007-05-10 18:11 557,056 --a------ C:\WINDOWS\system32\dlbtjswr.dll
    2007-05-10 18:11 520,192 --a------ C:\WINDOWS\system32\dlbtcomc.dll
    2007-05-10 18:11 495,616 --a------ C:\WINDOWS\system32\dlbthbn1.dll
    2007-05-10 18:11 471,040 --a------ C:\WINDOWS\system32\dlbtpmui.dll
    2007-05-10 18:11 450,560 --a------ C:\WINDOWS\system32\dlbtlmpm.dll
    2007-05-10 18:11 421,888 --a------ C:\WINDOWS\system32\dlbtcoms.exe
    2007-05-10 18:11 401,408 --a------ C:\WINDOWS\system32\dlbtutil.dll
    2007-05-10 18:11 40,960 --a------ C:\WINDOWS\system32\dlbtvs.dll
    2007-05-10 18:11 385,024 --a------ C:\WINDOWS\system32\dlbtcomm.dll
    2007-05-10 18:11 344,064 --a------ C:\WINDOWS\system32\dlbtcfg.exe
    2007-05-10 18:11 294,912 --a------ C:\WINDOWS\system32\dlbtih.exe
    2007-05-10 18:11 126,976 --a------ C:\WINDOWS\system32\dlbtprox.dll
    2007-05-10 18:11 114,688 --a------ C:\WINDOWS\system32\dlbtpplc.dll
    2007-05-10 18:11 114,688 --a------ C:\WINDOWS\system32\dlbtcur.dll
    2007-05-10 18:11 1,048,576 --a------ C:\WINDOWS\system32\dlbtserv.dll
    2007-05-10 18:11 1,040,384 --a------ C:\WINDOWS\system32\dlbtusb1.dll
    2007-05-10 18:11 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
    2007-05-10 18:11 <DIR> d-------- C:\Temp
    2007-05-10 18:11 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 922
    2007-05-10 18:02 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2007-05-10 18:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-05-08 13:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-05-08 13:34 <DIR> d-------- C:\Program Files\DivX
    2007-05-07 23:26 <DIR> d-------- C:\Program Files\Veoh Networks
    2007-05-02 14:04 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2007-05-02 14:04 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-05-02 14:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2007-05-02 14:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2007-05-02 14:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
    2007-05-02 14:02 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
    2007-05-02 14:02 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
    2007-05-02 14:02 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
    2007-05-02 14:02 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
    2007-05-02 14:02 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
    2007-05-02 14:02 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
    2007-05-02 14:02 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
    2007-05-02 14:01 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-02 14:01 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2007-05-02 14:01 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2007-05-02 14:01 740,442 --a------ C:\WINDOWS\system32\DivX.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-02 20:20:21 -------- d-----w C:\Program Files\Windows Plus
    2007-05-30 06:37:39 -------- d-----w C:\DOCUME~1\RAMONC~1\APPLIC~1\Yahoo!
    2007-05-08 03:26:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-02 18:04:15 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-05-02 18:04:14 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-05-02 18:04:14 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-05-02 02:33:57 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-05-02 02:33:56 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-12 19:24:17 -------- d-----w C:\Program Files\World of Warcraft
    2007-04-12 19:09:50 -------- d-----w C:\Program Files\DellConnect
    2007-04-06 19:27:01 139,264 ----a-w C:\TTC.dll
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 13:53]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
    {1F390603-CC09-4FDD-886A-DE6BD30D50A2}=C:\WINDOWS\system32\awtqp.dll []
    {44823AEC-73B1-42C8-917C-69A262CD02E7}=\ [2007-06-02 16:21]
    {52706EF7-D7A2-49AD-A615-E903858CF284}=C:\Program Files\Juno\qsacc\X1IEBHO.dll []
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:33]
    {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
    {BD00559B-62D3-4054-50AF-1B27933EA8C5}=C:\Program Files\Windows Plus\lavu.dll []
    {CA6319C0-31B7-401E-A518-A07C3DB8F777}=C:\Program Files\BAE\BAE.dll [2006-06-14 16:17]
    {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 17:07]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Salestart"="C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe" []
    "rtasks"="C:\Program Files\WinAntiVirus Pro 2007\rtasks.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-10-30 18:05]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
    "@"="" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    C:\Program Files\Windows Plus\profsy.html

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
    backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
    C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
    "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
    "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    Logi_MwX.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
    "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
    C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
    "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
    C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "dvpapi"=2 (0x2)
    "WinDefend"=2 (0x2)

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    AutoRun\command- E:\setup.exe


    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-02 16:22:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-06-02 16:23:38 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-02 16:23

    --- E O F ---
  8. 2007-06-02, 22:37 #8
    fay23
    fay23 is offline
    Junior Member
    Join Date
    May 2007
    Posts
    18

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 4:30:02 PM, on 6/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\highjackthis\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F390603-CC09-4FDD-886A-DE6BD30D50A2} - C:\WINDOWS\system32\awtqp.dll (file missing)
    O2 - BHO: (no name) - {44823AEC-73B1-42C8-917C-69A262CD02E7} - \
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: 0 - {BD00559B-62D3-4054-50AF-1B27933EA8C5} - C:\Program Files\Windows Plus\lavu.dll (file missing)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2007\rtasks.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174705128591
    O16 - DPF: {76D68CA1-DD9D-41C4-B2CC-AA9C9A5CF220} - http://www.junkscanner.com/jsetup.exe
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  9. 2007-06-03, 11:02 #9
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Open HijackThis, click do a system scan only and checkmark these:


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    O2 - BHO: (no name) - {1F390603-CC09-4FDD-886A-DE6BD30D50A2} - C:\WINDOWS\system32\awtqp.dll (file missing)
    O2 - BHO: (no name) - {44823AEC-73B1-42C8-917C-69A262CD02E7} - \
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll (file missing)
    O2 - BHO: 0 - {BD00559B-62D3-4054-50AF-1B27933EA8C5} - C:\Program Files\Windows Plus\lavu.dll (file missing)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (file missing)
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2007\rtasks.exe

    Close all windows including browser and press fix checked.

    First we'll need to backup registry:

    Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

    Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

    It should look like this ->

    Doubleclick fix.reg, press Yes and ok.

    (In case you are unsure how to create a reg file, take a look here with screenshots.)

    Reboot.

    Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\WINDOWS\system32\momhnmoo.exe
    C:\WINDOWS\system32\eepoeiej.dll
    C:\WINDOWS\qdafwupA.exe

    Folder::
    C:\UWA7P
    C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007
    C:\Program Files\Common Files\WinAntiVirus Pro 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
    C:\WINDOWS\system32\TQ0
    C:\WINDOWS\system32\T6
    C:\WINDOWS\system32\T4
    C:\WINDOWS\system32\T3
    C:\WINDOWS\system32\T1QaSQ
    C:\WINDOWS\system32\pog
    C:\Temp\0b9
    Save this as ComboFix-Do.txt

    Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.



    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
    Last edited by Shaba; 2007-06-03 at 11:26.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  10. 2007-06-04, 06:45 #10
    fay23
    fay23 is offline
    Junior Member
    Join Date
    May 2007
    Posts
    18

    Default

    Ok hope i followed all the directions exactly.



    "Ramon Cruz" - 2007-06-04 0:39:31 Service Pack 2
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Ramon Cruz\"
    Command switches used :: "C:\ComboFix-Do.txt"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat"
    "C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007\history.db"
    "C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat"
    "C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log"
    "C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log"
    "C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log"
    "C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr"
    "C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode"
    "C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode"
    "C:\WINDOWS\system32\TQ0\dl52.exe"
    "C:\WINDOWS\system32\T6\dlwr.exe"
    "C:\WINDOWS\system32\T3\dlltk67.exe"
    "C:\WINDOWS\system32\T1QaSQ\T1QaSQ1065.exe"
    "C:\Temp\0b9\tmpTF.log"
    "C:\WINDOWS\system32\momhnmoo.exe"
    "C:\WINDOWS\system32\eepoeiej.dll"
    "C:\WINDOWS\qdafwupA.exe"
    "C:\UWA7P"
    "C:\DOCUME~1\RAMONC~1\APPLIC~1\WinAntiVirus Pro 2007"
    "C:\Program Files\Common Files\WinAntiVirus Pro 2007"
    "C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007"
    "C:\WINDOWS\system32\TQ0"
    "C:\WINDOWS\system32\T6"
    "C:\WINDOWS\system32\T4"
    "C:\WINDOWS\system32\T3"
    "C:\WINDOWS\system32\T1QaSQ"
    "C:\WINDOWS\system32\pog"
    "C:\Temp\0b9"


    ((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 ))))))))))))))))))))))))))))))))))


    2007-06-02 16:23 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-02 16:16 1,088,077 --a------ C:\ComboFix.exe
    2007-05-30 04:18 <DIR> d-------- C:\Documents and Settings\RAMONC~1\.housecall6.6
    2007-05-30 04:18 <DIR> d-------- C:\DOCUME~1\RAMONC~1\.housecall6.6
    2007-05-30 03:46 <DIR> d-------- C:\highjackthis
    2007-05-30 02:46 <DIR> d-------- C:\VundoFix Backups
    2007-05-30 01:36 1,310,720 --ah----- C:\DOCUME~1\odin\NTUSER.DAT
    2007-05-30 01:36 <DIR> d-------- C:\DOCUME~1\odin\APPLIC~1\Gtek
    2007-05-30 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-05-29 23:43 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
    2007-05-29 14:17 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-05-17 19:26 <DIR> d-------- C:\Program Files\CDisplay
    2007-05-10 18:11 983,101 --a------ C:\WINDOWS\system32\dlbtgf.dll
    2007-05-10 18:11 69,632 --a------ C:\WINDOWS\system32\dlbtcu.dll
    2007-05-10 18:11 557,056 --a------ C:\WINDOWS\system32\dlbtjswr.dll
    2007-05-10 18:11 520,192 --a------ C:\WINDOWS\system32\dlbtcomc.dll
    2007-05-10 18:11 495,616 --a------ C:\WINDOWS\system32\dlbthbn1.dll
    2007-05-10 18:11 471,040 --a------ C:\WINDOWS\system32\dlbtpmui.dll
    2007-05-10 18:11 450,560 --a------ C:\WINDOWS\system32\dlbtlmpm.dll
    2007-05-10 18:11 421,888 --a------ C:\WINDOWS\system32\dlbtcoms.exe
    2007-05-10 18:11 401,408 --a------ C:\WINDOWS\system32\dlbtutil.dll
    2007-05-10 18:11 40,960 --a------ C:\WINDOWS\system32\dlbtvs.dll
    2007-05-10 18:11 385,024 --a------ C:\WINDOWS\system32\dlbtcomm.dll
    2007-05-10 18:11 344,064 --a------ C:\WINDOWS\system32\dlbtcfg.exe
    2007-05-10 18:11 294,912 --a------ C:\WINDOWS\system32\dlbtih.exe
    2007-05-10 18:11 126,976 --a------ C:\WINDOWS\system32\dlbtprox.dll
    2007-05-10 18:11 114,688 --a------ C:\WINDOWS\system32\dlbtpplc.dll
    2007-05-10 18:11 114,688 --a------ C:\WINDOWS\system32\dlbtcur.dll
    2007-05-10 18:11 1,048,576 --a------ C:\WINDOWS\system32\dlbtserv.dll
    2007-05-10 18:11 1,040,384 --a------ C:\WINDOWS\system32\dlbtusb1.dll
    2007-05-10 18:11 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
    2007-05-10 18:11 <DIR> d-------- C:\Temp
    2007-05-10 18:11 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 922
    2007-05-10 18:02 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2007-05-10 18:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-05-08 13:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-05-08 13:34 <DIR> d-------- C:\Program Files\DivX
    2007-05-07 23:26 <DIR> d-------- C:\Program Files\Veoh Networks


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-02 20:20:21 -------- d-----w C:\Program Files\Windows Plus
    2007-05-30 06:37:39 -------- d-----w C:\DOCUME~1\RAMONC~1\APPLIC~1\Yahoo!
    2007-05-08 03:26:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-02 18:04:23 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-02 18:04:19 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-05-02 18:04:15 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-05-02 18:04:14 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-05-02 18:04:14 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-05-02 18:04:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-05-02 18:04:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-05-02 18:02:06 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-05-02 18:02:06 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-05-02 18:02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-05-02 18:02:02 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-05-02 18:02:02 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-05-02 18:02:02 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-05-02 18:02:02 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-05-02 18:02:02 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-05-02 18:01:56 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-02 18:01:56 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-02 18:01:56 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-02 18:01:56 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-05-02 02:33:57 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-05-02 02:33:56 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-12 19:24:17 -------- d-----w C:\Program Files\World of Warcraft
    2007-04-12 19:09:50 -------- d-----w C:\Program Files\DellConnect
    2007-04-06 19:27:01 139,264 ----a-w C:\TTC.dll
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 13:53]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:33]
    {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
    {CA6319C0-31B7-401E-A518-A07C3DB8F777}=C:\Program Files\BAE\BAE.dll [2006-06-14 16:17]
    {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 17:07]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-10-30 18:05]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
    "@"="" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
    backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
    C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
    "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
    "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    Logi_MwX.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    stsystra.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
    "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
    C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
    "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
    C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "dvpapi"=2 (0x2)
    "WinDefend"=2 (0x2)

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    AutoRun\command- E:\setup.exe


    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-04 00:41:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-06-04 0:42:17
    C:\ComboFix-Do.txt ... 2007-06-04 00:38
    C:\ComboFix-quarantined-files.txt ... 2007-06-04 00:42
    C:\ComboFix2.txt ... 2007-06-02 16:23

    --- E O F ---
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules