Results 1 to 9 of 9

Thread: Internet explorer Pop ups

  1. 2008-02-20, 03:49 #1
    jonlf
    jonlf is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default Internet explorer Pop ups

    A friend gave me a virus. She told me to come here for help.

    I followed all the the directions under the "Before You Post" sticky.

    She had been instructed to download SDfix, Combo fix and Vundo fix.

    Following are my K'scan, HJT Scan, my SDfix log, another HJT Scan, combofix log,another HJT Scan, my vundo fix log and my last HJT log.

    My AV still telling me I have still have viruses.

    I'm thankful for all help.

    Jonif
  2. 2008-02-20, 03:58 #2
    jonlf
    jonlf is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default

    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, February 20, 2008 7:17:19 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 19/02/2008
    Kaspersky Anti-Virus database records: 573314


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\

    Scan Statistics
    Total number of scanned objects 59221
    Number of viruses found 41
    Number of infected objects 1549
    Number of suspicious objects 16
    Duration of the scan process 02:06:52

    very long report would have taken 5 page to post all!!!
  3. 2008-02-20, 03:59 #3
    jonlf
    jonlf is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:19:41 PM, on 2/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safer-networking.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [68ee47b9] rundll32.exe "C:\WINDOWS\system32\yibdjuww.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bkh
    O17 - HKLM\Software\..\Telephony: DomainName = bkh
    O17 - HKLM\System\CCS\Services\Tcpip\..\{43638816-16A5-4568-BD8E-8392F864BE8E}: NameServer = 209.55.5.10,209.55.5.11
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bkh
    O17 - HKLM\System\CS1\Services\Tcpip\..\{43638816-16A5-4568-BD8E-8392F864BE8E}: NameServer = 209.55.5.10,209.55.5.11
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 6808 bytes
  4. 2008-02-20, 04:00 #4
    jonlf
    jonlf is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default

    b]SDFix: Version 1.143[/b]

    Run by MFRECEP on Wed 02/20/2008 at 07:32 PM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\DOCUME~1\MFRECEP\Desktop\SDFix

    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Checking Files:

    No Trojan Files Found






    Removing Temp Files...

    ADS Check:



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 19:40:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:



    Files with Hidden Attributes:

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sun 13 Apr 2003 31 ...H. --- "C:\ProWin02\Common\34LUC4RE.SYS"
    Sun 13 Apr 2003 371 ...H. --- "C:\ProWin02\Common\4DSBE74D.SYS"
    Tue 25 Sep 2007 6,480 A.SH. --- "C:\WINDOWS\SYSTEM32\accdd.bak1"
    Thu 27 Sep 2007 6,440 A.SH. --- "C:\WINDOWS\SYSTEM32\dccdd.bak1"
    Tue 2 Oct 2007 7,170 A.SH. --- "C:\WINDOWS\SYSTEM32\hjjlm.bak1"
    Tue 2 Oct 2007 7,170 A.SH. --- "C:\WINDOWS\SYSTEM32\hjjlm.bak2"
    Wed 26 Sep 2007 6,480 A.SH. --- "C:\WINDOWS\SYSTEM32\utstv.bak1"
    Wed 3 Oct 2007 13,952 A.SH. --- "C:\WINDOWS\SYSTEM32\utstv.bak2"
    Fri 28 Sep 2007 6,480 A.SH. --- "C:\WINDOWS\SYSTEM32\wyadd.bak1"
    Wed 17 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Mon 22 Sep 2003 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
    Thu 5 Dec 2002 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
    Thu 5 Dec 2002 216,284 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
    Mon 22 Sep 2003 302,832 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
    Mon 22 Sep 2003 157,264 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM.reg"
    Thu 5 Dec 2002 157,264 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM_old.reg"
    Wed 27 Jul 2005 33,280 ...H. --- "C:\Documents and Settings\Brad Hatfield\Application Data\Microsoft\Word\~WRL0004.tmp"
    Fri 5 May 2006 34,816 ...H. --- "C:\Documents and Settings\Brad Hatfield\Application Data\Microsoft\Word\~WRL1390.tmp"
    Thu 10 Feb 2005 32,768 ...H. --- "C:\Documents and Settings\Brad Hatfield\Application Data\Microsoft\Word\~WRL3561.tmp"
    Tue 4 Oct 2005 0 ...H. --- "C:\Documents and Settings\Brad Hatfield\Application Data\Microsoft\Word\~WRL3941.tmp"

    Finished!
  5. 2008-02-20, 04:01 #5
    jonlf
    jonlf is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:01:18 PM, on 2/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\hp\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safer-networking.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [68ee47b9] rundll32.exe "C:\WINDOWS\system32\vysvjemv.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bkh
    O17 - HKLM\Software\..\Telephony: DomainName = bkh
    O17 - HKLM\System\CCS\Services\Tcpip\..\{43638816-16A5-4568-BD8E-8392F864BE8E}: NameServer = 209.55.5.10,209.55.5.11
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bkh
    O17 - HKLM\System\CS1\Services\Tcpip\..\{43638816-16A5-4568-BD8E-8392F864BE8E}: NameServer = 209.55.5.10,209.55.5.11
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 6829 bytes
  6. 2008-02-20, 04:01 #6
    jonlf
    jonlf is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default

    ComboFix 08-02-20.2 - MFRECEP 2008-02-20 19:50:11.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.209 [GMT -6:00]
    Running from: C:\Documents and Settings\MFRECEP\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\SYSTEM32\jjkmp.ini
    C:\WINDOWS\SYSTEM32\jjkmp.ini2
    C:\WINDOWS\SYSTEM32\wwujdbiy.ini
    C:\WINDOWS\system32\yibdjuww.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
    .

    2008-02-20 19:54 . 2008-02-20 19:55 396 --ahs---- C:\WINDOWS\SYSTEM32\jjkmp.ini
    2008-02-20 19:29 . 2008-02-20 19:29 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-02-20 16:18 . 2008-02-20 16:22 <DIR> d-------- C:\Documents and Settings\MFRECEP\.housecall6.6
    2008-02-20 15:50 . 2008-02-20 15:50 <DIR> d-------- C:\Program Files\Trend Micro
    2008-02-19 15:31 . 2008-02-17 00:05 <DIR> d-------- C:\SDFix
    2008-02-18 23:19 . 2008-02-18 23:19 248,928 --a------ C:\WINDOWS\SYSTEM32\pmkjj.dll
    2008-02-18 22:19 . 2008-02-18 22:19 232,868 --a------ C:\WINDOWS\SYSTEM32\vturo.dll
    2008-02-18 13:59 . 2008-02-18 13:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
    2008-02-18 13:59 . 2008-02-18 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-02-18 13:08 . 2008-02-18 13:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-18 13:08 . 2008-02-18 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-18 12:06 . 2008-02-18 12:49 1,238,313 --ahs---- C:\WINDOWS\SYSTEM32\9B5900c__.ini
    2008-02-10 09:25 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-19 20:35 --------- d-----w C:\Program Files\AWS
    2008-02-19 20:30 --------- d-----w C:\Program Files\Microsoft Money
    2008-02-19 20:27 --------- d-----w C:\Program Files\Microsoft Money 2005
    2008-02-19 20:11 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-19 20:09 --------- d--h--w C:\Program Files\Zero G Registry
    2008-02-19 19:52 --------- d-----w C:\Program Files\Google
    2008-02-10 15:24 --------- d-----w C:\Program Files\Java
    2008-02-09 20:27 --------- d-----w C:\Program Files\hp
    2008-01-17 22:41 98 ---h--w C:\Documents and Settings\MFRECEP\Application Data\srfvdo.dat
    2005-10-06 16:08 143,184 ----a-w C:\Documents and Settings\Brad Hatfield\Application Data\GDIPFONTCACHEV1.DAT
    2004-09-21 17:19 212 ---h--w C:\Documents and Settings\Brad Hatfield\Application Data\srfvdo.dat
    2007-09-25 16:09 6,480 --sha-w C:\WINDOWS\SYSTEM32\accdd.bak1
    2007-09-27 14:10 6,440 --sha-w C:\WINDOWS\SYSTEM32\dccdd.bak1
    2007-10-02 14:59 7,170 --sha-w C:\WINDOWS\SYSTEM32\hjjlm.bak1
    2007-10-02 14:59 7,170 --sha-w C:\WINDOWS\SYSTEM32\hjjlm.bak2
    2007-09-26 14:14 6,480 --sha-w C:\WINDOWS\SYSTEM32\utstv.bak1
    2007-10-03 21:21 13,952 --sha-w C:\WINDOWS\SYSTEM32\utstv.bak2
    2007-09-28 14:19 6,480 --sha-w C:\WINDOWS\SYSTEM32\wyadd.bak1
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{455F0698-FD9E-4859-BD28-B886A70517A1}]
    C:\WINDOWS\system32\gebyw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72E8415E-9C68-4122-B762-2D790573B691}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBEC39B-BAAC-4694-A340-665C73A5257D}]
    2008-02-18 23:19 248928 --a------ C:\WINDOWS\system32\pmkjj.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c19b0128-5aff-408e-b38a-55b6a8107fd2}]
    C:\WINDOWS\system32\vvrdvhlx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59 126976]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 15:44 679936]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
    "PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2003-02-27 02:12 57393]
    "IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2003-02-27 02:40 40960]
    "siService.exe"="C:\Program Files\Sunbelt Software\iHateSpam\siService.exe" [2004-01-26 10:57 204800]
    "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35 77824]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe" [ ]
    "SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [2004-04-30 17:02 91256]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
    HP Digital Imaging Monitor.lnk - C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38 241664]
    HP Image Zone Fast Start.lnk - C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22:06:36 53248]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw]
    C:\WINDOWS\system32\ddayw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcca]
    C:\WINDOWS\system32\ddcca.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccd]
    C:\WINDOWS\system32\ddccd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdecy]
    efcdecy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh]
    C:\WINDOWS\system32\mljjh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstu]
    C:\WINDOWS\system32\vtstu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0067748]
    C:\WINDOWS\system32\__c0067748.dat

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau C:\WINDOWS\system32\pmkjj.dll

    R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2002-05-08 08:51]
    R2 NetAlrt;NetAlrt;C:\WINDOWS\System32\drivers\NetAlrt.sys [2002-05-07 15:05]
    R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
    R2 PlatAlrt;PlatAlrt;C:\WINDOWS\System32\drivers\PlatAlrt.sys [2002-05-07 15:06]
    S2 hppecp00;hppecp00;C:\WINDOWS\system32\drivers\hppecp00.sys []
    S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;C:\WINDOWS\system32\drivers\A302.sys [2002-04-24 16:56]
    S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 10:22]
    S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 09:50]
    S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-02-27 08:57]
    S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-02-27 08:57]
    S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 12:52]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 19:55:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\NavLogon.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\WINDOWS\system32\pmkjj.dll
    -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\system32\pmkjj.dll
    -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
    C:\Program Files\hp\Digital Imaging\bin\hpqgalry.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-20 19:58:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-21 01:57:55
    ComboFix2.txt 2008-02-20 21:48:02
    .
    2008-02-13 23:09:11 --- E O F ---
  7. 2008-02-20, 04:02 #7
    jonlf
    jonlf is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:25:55 PM, on 2/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\hp\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safer-networking.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\Sunbelt Software\iHateSpam\siService.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 3015_3020_3030_3380\SetConfig.exe -c Direct -p DOT4_001 -pn "" -n 1 -l 1033 -sl 120000
    O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
    O4 - HKLM\..\Run: [68ee47b9] rundll32.exe "C:\WINDOWS\system32\vysvjemv.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bkh
    O17 - HKLM\Software\..\Telephony: DomainName = bkh
    O17 - HKLM\System\CCS\Services\Tcpip\..\{43638816-16A5-4568-BD8E-8392F864BE8E}: NameServer = 209.55.5.10,209.55.5.11
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bkh
    O17 - HKLM\System\CS1\Services\Tcpip\..\{43638816-16A5-4568-BD8E-8392F864BE8E}: NameServer = 209.55.5.10,209.55.5.11
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 6829 bytes
  8. 2008-02-20, 04:03 #8
    jonlf
    jonlf is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    8

    Default

    VundoFix V6.7.8

    Checking Java version...

    Scan started at 8:04:23 PM 2/20/2008

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...
  9. 2008-02-28, 18:30 #9
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello.

    Because of the volume of posts to your own topic, it may have appeared you were already being assisted.

    For people waiting who have not resolved their problem, we have a sticky topic:
    The Waiting Room: Post here if waiting for help longer than four days
    However if members waiting for assistance do not post to flag a helper, their topic will be be archived as said in the sticky.

    Copy and paste that information into your next post if the AV content will fit into one post only.
    If the results of the anti virus scan itself will take more than one post to contain, it is best not to post it. Just make a note for our volunteers so they are aware, as it would be best to start off with no more than two posts (total) in your topic before a helper responds.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Another sticky topic:
    NOTE:We do NOT ask Users to run fixes before helpers have analyzed HJT/KAV scans

    If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules