Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: lots of problems! please help! smit vundo 888 winanti???

  1. 2006-12-03, 07:06 #1
    Joeldj
    Joeldj is offline
    Junior Member
    Join Date
    Dec 2006
    Posts
    7

    Default lots of problems! please help! smit vundo 888 winanti???

    here's my hijacklog
    Logfile of HijackThis v1.99.1
    Scan saved at 12:53:07 AM, on 12/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Common Files\AOL\1104208762\ee\AOLSoftware.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Venturi2\Configurator\ventcfg.exe
    C:\Program Files\RF Wireless Mouse\cm20.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Common Files\AOL\1104208762\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Venturi2\Client\ventc.exe
    C:\Program Files\Napster\napster.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\tunebite\tunebite.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    c:\program files\common files\aol\1104208762\ee\aolssc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ScanSpyware v3.8.0.4\Scanner.exe
    C:\Documents and Settings\CompUSA\My Documents\desktop items 11-28\freddy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: Shell=
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\tlviyeot.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6682E5BA-9BC3-48FF-AF78-A196D93370FD} - (no file)
    O2 - BHO: (no name) - {6B98CB7E-C2D2-4AE8-8A45-2BE1BBB72CA6} - (no file)
    O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
    O2 - BHO: (no name) - {A54D308F-7BB5-44CD-B6A6-47B9FE0D460F} - (no file)
    O2 - BHO: (no name) - {D1CFC1DF-1571-4B01-8357-77EAE69A4962} - C:\WINDOWS\system32\qopmj.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104208762\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Venturi2\Configurator\ventcfg.exe
    O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1104208762\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1104208762\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
    O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Free NaturalReader.lnk = C:\Program Files\NaturalReader\FreeVersion\FreeReader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\Natural Voice Reader Standard\read.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\Natural Voice Reader Standard\read.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resour...s.10.1.0.0.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DD559791-CE31-436B-B953-CA2718F96505}: NameServer = 216.165.129.157,134.215.200.126
    O20 - Winlogon Notify: qopmj - C:\WINDOWS\system32\qopmj.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
    O20 - Winlogon Notify: winzbr32 - winzbr32.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Venturi2 Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi2\Client\ventc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    spybot results on next post
  2. 2006-12-03, 07:07 #2
    Joeldj
    Joeldj is offline
    Junior Member
    Join Date
    Dec 2006
    Posts
    7

    Default spybot results

    and my spybot info
    ScanSpyware: Settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-4164752122-2748621491-2261539383-1007\Software\ScanSpyware

    ScanSpyware: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{01667638-ABC1-4753-81FE-5E89FEA93EB6}

    ScanSpyware: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{C6A5ED20-49A5-4B92-8131-D6D8C8F107EC}

    ScanSpyware: Type library (Registry key, nothing done)
    HKEY_CLASSES_ROOT\TypeLib\{CBE2E6C4-5D09-4B13-9FBA-DCAC57B62417}

    ScanSpyware: Uninstall settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanSpyware_is1

    ScanSpyware: Program directory (Directory, nothing done)
    C:\Documents and Settings\All Users\Start Menu\Programs\ScanSpyware v3.8.0.4\

    ScanSpyware: Program directory (Directory, nothing done)
    C:\Program Files\ScanSpyware v3.8.0.4\

    ScanSpyware: Library (File, nothing done)
    C:\Program Files\ScanSpyware v3.8.0.4\baBackupRestore.dll

    ScanSpyware: Executable (File, nothing done)
    C:\Program Files\ScanSpyware v3.8.0.4\Scanner.exe

    ScanSpyware: Web page (File, nothing done)
    C:\Program Files\ScanSpyware v3.8.0.4\ScanSpyware.url

    Smitfraud-C.Toolbar888: User settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-4164752122-2748621491-2261539383-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}

    Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan

    VirtuMonde: User settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-4164752122-2748621491-2261539383-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}

    Smitfraud-C.Toolbar888: User settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-4164752122-2748621491-2261539383-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}

    BlueStreak: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    Win32.Small.ddx: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    HitBox: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    VirtuMonde: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    Avenue A, Inc.: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    TagASaurus: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    Advertising.com: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    Win32.Small.ddx: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    Win32.Small.ddx: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    HitBox: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    Zedo: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)


    FastClick: Tracking cookie (Internet Explorer: CompUSA) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-11-27 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-12-01 Includes\Cookies.sbi (*)
    2006-10-13 Includes\Dialer.sbi (*)
    2006-12-01 Includes\DialerC.sbi (*)
    2006-11-24 Includes\Hijackers.sbi (*)
    2006-12-01 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2006-12-01 Includes\KeyloggersC.sbi (*)
    2006-10-13 Includes\Malware.sbi (*)
    2006-12-01 Includes\MalwareC.sbi (*)
    2006-10-20 Includes\PUPS.sbi (*)
    2006-12-01 Includes\PUPSC.sbi (*)
    2006-12-01 Includes\Revision.sbi (*)
    2006-10-13 Includes\Security.sbi (*)
    2006-12-01 Includes\SecurityC.sbi (*)
    2006-10-13 Includes\Spybots.sbi (*)
    2006-12-01 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-12-01 Includes\Trojans.sbi (*)
    2006-12-01 Includes\TrojansC.sbi (*)


    any help will be appreciated
  3. 2006-12-03, 13:15 #3
    Mr_JAk3
    Mr_JAk3 is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi Joeldj and welcome to Safer Networking Forums

    You got infections there...

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006
  4. 2006-12-04, 05:23 #4
    Joeldj
    Joeldj is offline
    Junior Member
    Join Date
    Dec 2006
    Posts
    7

    Default

    thanks mr jak
    here's an updated hijack log, vundo is scanning right now so i'll post it shortly. i really appreciate the help

    Logfile of HijackThis v1.99.1
    Scan saved at 11:12:59 PM, on 12/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Venturi2\Client\ventc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Common Files\AOL\1104208762\ee\AOLSoftware.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    C:\Program Files\Venturi2\Configurator\ventcfg.exe
    C:\Program Files\RF Wireless Mouse\cm20.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\AOL\1104208762\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\Program Files\Napster\napster.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Program Files\tunebite\tunebite.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    c:\program files\common files\aol\1104208762\ee\aolssc.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Documents and Settings\CompUSA\Desktop\VundoFix.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Documents and Settings\CompUSA\My Documents\desktop items 11-28\freddy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: Shell=
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\tlviyeot.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C4F4336-C0AB-48F6-9534-BA53B3541232} - C:\WINDOWS\system32\qopmj.dll (file missing)
    O2 - BHO: (no name) - {6682E5BA-9BC3-48FF-AF78-A196D93370FD} - (no file)
    O2 - BHO: (no name) - {6B98CB7E-C2D2-4AE8-8A45-2BE1BBB72CA6} - (no file)
    O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
    O2 - BHO: (no name) - {A54D308F-7BB5-44CD-B6A6-47B9FE0D460F} - (no file)
    O2 - BHO: (no name) - {D1CFC1DF-1571-4B01-8357-77EAE69A4962} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104208762\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Venturi2\Configurator\ventcfg.exe
    O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1104208762\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1104208762\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
    O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Free NaturalReader.lnk = C:\Program Files\NaturalReader\FreeVersion\FreeReader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\Natural Voice Reader Standard\read.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\Natural Voice Reader Standard\read.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resour...s.10.1.0.0.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DD559791-CE31-436B-B953-CA2718F96505}: NameServer = 216.165.129.157,134.215.200.126
    O20 - Winlogon Notify: qopmj - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
    O20 - Winlogon Notify: winzbr32 - winzbr32.dll (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Venturi2 Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi2\Client\ventc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  5. 2006-12-04, 10:36 #5
    Joeldj
    Joeldj is offline
    Junior Member
    Join Date
    Dec 2006
    Posts
    7

    Default vundo log

    and now the vundo log...

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.4.2.6

    Java version is 1.5.0.6

    Scan started at 11:58:53 PM 11/27/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\vtsrp.dll
    C:\WINDOWS\system32\prstv.ini
    C:\WINDOWS\system32\prstv.bak1

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\vtsrp.dll
    C:\WINDOWS\system32\vtsrp.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\prstv.ini
    C:\WINDOWS\system32\prstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\prstv.bak1
    C:\WINDOWS\system32\prstv.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\vtsrp.dll
    C:\WINDOWS\system32\vtsrp.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.4.2.6

    Java version is 1.5.0.6

    Scan started at 11:36:50 AM 11/28/2006

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.4.2.6

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 5:49:37 PM 12/3/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\qopmj.dll
    C:\WINDOWS\system32\jmpoq.ini
    C:\WINDOWS\system32\jmpoq.bak1
    C:\WINDOWS\system32\jmpoq.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\qopmj.dll
    C:\WINDOWS\system32\qopmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmpoq.ini
    C:\WINDOWS\system32\jmpoq.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmpoq.bak1
    C:\WINDOWS\system32\jmpoq.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jmpoq.bak2
    C:\WINDOWS\system32\jmpoq.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.4.2.6

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 7:50:26 PM 12/3/2006

    Listing files found while scanning....


    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.4.2.6

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 11:14:13 PM 12/3/2006

    Listing files found while scanning....

    No infected files were found.
  6. 2006-12-04, 16:06 #6
    Mr_JAk3
    Mr_JAk3 is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi again, we'll continue

    You should print these instructions or save these to a text file. Follow these instructions carefully.

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Download ATF Cleaner by Atribune to your desktop.
    Do NOT run yet.

    Create a new folder for HijackThis and move HijackThis.exe into it.

    Make your hidden files visible:
    • Go to My Computer
    • Select the Tools menu and click Folder Options
    • Click the View tab.
    • Checkmark the "Display the contents of system folders"
    • Under the Hidden files and folders select "Show hidden files and folders"
    • Uncheck "Hide protected operating system files"
    • Click Apply and then the OK and close My Computer.

    Disable Spybot S&D Teatimer.
    • Run Spybot-S&D in Advanced Mode
    • If it is not already set to do this, go to the Mode menu select "Advanced Mode"
    • On the left hand side, click on Tools
    • Then click on the Resident icon in the list
    • Uncheck "Resident TeaTimer" and OK any prompts.
    • Restart your computer


    ==================

    Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

    F2 - REG:system.ini: Shell=
    O2 - BHO: (no name) - {11F0EE13-5947-2942-F631-09BEB2706006} - C:\WINDOWS\system32\wirvufc.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\tlviyeot.dll
    O2 - BHO: (no name) - {5C4F4336-C0AB-48F6-9534-BA53B3541232} - C:\WINDOWS\system32\qopmj.dll (file missing)
    O2 - BHO: (no name) - {6682E5BA-9BC3-48FF-AF78-A196D93370FD} - (no file)
    O2 - BHO: (no name) - {6B98CB7E-C2D2-4AE8-8A45-2BE1BBB72CA6} - (no file)
    O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
    O2 - BHO: (no name) - {A54D308F-7BB5-44CD-B6A6-47B9FE0D460F} - (no file)
    O2 - BHO: (no name) - {D1CFC1DF-1571-4B01-8357-77EAE69A4962} - (no file)
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O20 - Winlogon Notify: qopmj - C:\WINDOWS\
    O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
    O20 - Winlogon Notify: winzbr32 - winzbr32.dll (file missing)

    Restart your computer to the safe mode:
    • Restart your computer
    • Start tapping the F8 key when the computer restarts.
    • When the start menu opens, choose Safe mode
    • Press Enter. The computer then begins to start in Safe mode.


    Go to the My Computer and delete the following files (if present):
    C:\WINDOWS\system32\wirvufc.dll
    C:\WINDOWS\system32\tlviyeot.dll

    Run ATF Cleaner
    • Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.

    ================

    When you're ready, please post the following logs to here:
    - AVG's report
    - a fresh HijackThis log
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006
  7. 2006-12-05, 04:00 #7
    Joeldj
    Joeldj is offline
    Junior Member
    Join Date
    Dec 2006
    Posts
    7

    Default new hijack post

    Logfile of HijackThis v1.99.1
    Scan saved at 5:28:38 PM, on 12/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\Program Files\Common Files\AOL\1104208762\ee\AOLSoftware.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Venturi2\Configurator\ventcfg.exe
    C:\Program Files\Venturi2\Client\ventc.exe
    C:\Program Files\RF Wireless Mouse\cm20.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\AOL\1104208762\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\Program Files\Napster\napster.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Program Files\tunebite\tunebite.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    c:\program files\common files\aol\1104208762\ee\aolssc.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Documents and Settings\CompUSA\Desktop\freddy2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104208762\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Venturi2\Configurator\ventcfg.exe
    O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1104208762\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1104208762\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
    O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Free NaturalReader.lnk = C:\Program Files\NaturalReader\FreeVersion\FreeReader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\Natural Voice Reader Standard\read.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\Natural Voice Reader Standard\read.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resour...s.10.1.0.0.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DD559791-CE31-436B-B953-CA2718F96505}: NameServer = 216.165.129.157,134.215.200.126
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Venturi2 Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi2\Client\ventc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  8. 2006-12-05, 04:01 #8
    Joeldj
    Joeldj is offline
    Junior Member
    Join Date
    Dec 2006
    Posts
    7

    Default AVG log

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:11:53 PM 12/4/2006

    + Scan result:



    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116143.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116144.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116145.exe -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116147.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116148.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116149.dll -> Adware.Altnet : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\gtdownls_95.ocx -> Adware.Gdown : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116162.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP645\A0116248.dll -> Adware.IESearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116129.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP643\A0116161.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP659\A0117443.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\byxutuu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP656\A0117126.exe -> Downloader.Zlob.bbe : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP656\A0117127.exe -> Downloader.Zlob.bbe : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{2E9DCF39-6F73-409D-8C36-24193BEF49E3}\RP656\A0117128.exe -> Downloader.Zlob.bbf : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\UERS_0001_N91M2007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).


    ::Report end
  9. 2006-12-05, 13:48 #9
    Mr_JAk3
    Mr_JAk3 is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi again, it is looking clean now
    The computer is running fine ?

    Now you can clean AVG's Quarantine:
    • Open AVG Anti-Spyware
    • Click Infections
    • Click Quarantine tab
    • Click Select all
    • Click Remove finally
    • Close the program

    You can remove the tools we used.

    Then you should update your Java to the latest version (5.0 update 10)
    • Start
    • Control Panel
    • Add/Remove Programs
    • Delete the old Java, Java 2 Runtime Environment, SE v1.4.2_06
      Java 2 Runtime Environment, SE v1.4.2_03
      J2SE Runtime Environment 5.0 Update 6
      J2SE Runtime Environment 5.0 Update 9
    • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement."
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Install it

    Now you can make your hidden files hidden again.
    • Go to My Computer
    • Select the Tools menu and click Folder Options
    • Click the View tab.
    • Checkmark the "Display the contents of system folders"
    • Under the Hidden files and folders select "Show hidden files and folders"
    • Check "Hide protected operating system files"
    • Click Apply and then the OK and close My Computer.


    =============

    Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
    • Clear your system restore
      This will clear the system restore folders from possible malware that was left behind during the cleaning process.
    • Use ATF Cleaner
      Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
    • Use Ad-Aware
      Download and install Ad-Aware. Update it and scan your computer regularly with it.
    • Use AVG Anti-Spyware
      Update it and scan your computer regularly with it.
    • Use Spybot S&D
      Download and install Spybot S&D. Update it and scan your computer regularly with it.
    • Install SpywareBlaster
      SpywareBlaster will prevent spyware from being installed.
    • Install MVPS Hosts file
      This prevents your computer from connecting to harmful sites.
    • Use Firefox browser
      Firefox is faster, safer and better browser than Internet Explorer.
    • Keep your systen up-to-date
      Visit Windows Update regularly.
    • Keep your antivirus and firewall up-to-date
      Scan your computer regularly with your antivirus.
    • Read this article by TonyKlein
      So how did I get infected in the first place?
    • Stand Up and Be Counted !
      The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


    Stay clean and be safe
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006
  10. 2006-12-05, 18:33 #10
    Joeldj
    Joeldj is offline
    Junior Member
    Join Date
    Dec 2006
    Posts
    7

    Default thanks for the help

    everything's working great now, thanks for all the help!!!!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules