Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

Search similar:

Forums → The Site → Old Forums →

Security Cleanup → [Vundo] Vundo Removal

uniqs
1771

« [Vundo] HJT LOG Slow/popups • (topic move) Cookie theif... »

Frank H @pacbell.net	Frank H Anon 2007-Oct-6 6:04 pm [Vundo] Vundo Removal Hi! I'm having trouble with Vundo removal. The following is my vundofix.txt file: VundoFix V6.5.9 Checking Java version... Scan started at 1:35:27 PM 10/6/2007 Listing files found while scanning.... C:\WINDOWS\System32\ahgjnxpn.dll C:\windows\system32\heenoayr.ini C:\WINDOWS\system32\lqumaedx.dll C:\WINDOWS\System32\qomllkk.dll C:\windows\system32\qtutv.bak1 C:\windows\system32\qtutv.bak2 C:\windows\system32\qtutv.ini2 C:\windows\system32\qtutv.tmp C:\windows\system32\ryaoneeh.dll C:\WINDOWS\System32\vtutq.dll C:\WINDOWS\system32\xdeamuql.ini Beginning removal... Attempting to delete C:\windows\system32\heenoayr.ini C:\windows\system32\heenoayr.ini Has been deleted! Attempting to delete C:\windows\system32\qtutv.bak1 C:\windows\system32\qtutv.bak1 Has been deleted! Attempting to delete C:\windows\system32\qtutv.bak2 C:\windows\system32\qtutv.bak2 Has been deleted! Attempting to delete C:\windows\system32\qtutv.ini2 C:\windows\system32\qtutv.ini2 Has been deleted! Attempting to delete C:\windows\system32\qtutv.tmp C:\windows\system32\qtutv.tmp Has been deleted! Attempting to delete C:\windows\system32\ryaoneeh.dll C:\windows\system32\ryaoneeh.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\vtutq.dll C:\WINDOWS\System32\vtutq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\xdeamuql.ini C:\WINDOWS\system32\xdeamuql.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\qtutv.ini2 C:\windows\system32\qtutv.ini2 Has been deleted! Attempting to delete C:\windows\system32\qtutv.tmp C:\windows\system32\qtutv.tmp Has been deleted! Attempting to delete C:\WINDOWS\System32\vtutq.dll C:\WINDOWS\System32\vtutq.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Scan started at 1:56:09 PM 10/6/2007 Listing files found while scanning.... C:\windows\system32\qtutv.bak1 C:\WINDOWS\System32\qtutv.tmp C:\WINDOWS\System32\vtutq.dll Beginning removal... Attempting to delete C:\windows\system32\qtutv.bak1 C:\windows\system32\qtutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\qtutv.tmp C:\WINDOWS\System32\qtutv.tmp Has been deleted! Attempting to delete C:\WINDOWS\System32\vtutq.dll C:\WINDOWS\System32\vtutq.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\System32\qtutv.tmp C:\WINDOWS\System32\qtutv.tmp Has been deleted! Attempting to delete C:\WINDOWS\System32\vtutq.dll C:\WINDOWS\System32\vtutq.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.5.9 Checking Java version... Scan started at 2:10:58 PM 10/6/2007 Listing files found while scanning.... C:\windows\system32\qtutv.bak1 C:\WINDOWS\System32\qtutv.tmp C:\WINDOWS\System32\vtutq.dll Beginning removal... Attempting to delete C:\windows\system32\qtutv.bak1 C:\windows\system32\qtutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\qtutv.tmp C:\WINDOWS\System32\qtutv.tmp Has been deleted! Attempting to delete C:\WINDOWS\System32\vtutq.dll C:\WINDOWS\System32\vtutq.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... The following is my hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:56:06 PM, on 10/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\hphmon03.exe C:\Program Files\Caere\OmniPagePro90\opware32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe C:\Documents and Settings\Franean\My Documents\My Downloaded Files\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [SalesMonitor] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - file://C:\Program Files\Roxio\VideoWaveMC\Skins\VWMC_Tutorial.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7AEEE054-65CD-4494-943A-D16774B2E919}: NameServer = 206.13.31.12,206.13.28.12 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\progycaq.html -- End of file - 7826 bytes I'd appreciate any help I can get. Thanks a lot! Frank
	actions · 2007-Oct-6 6:04 pm · (locked)

CajunTek Insane Cajun Premium Member join:2003-08-08 Arlington, TX 1 recommendation	CajunTek Premium Member 2007-Oct-6 11:55 pm Hello Frank H, Let's use another utility and check a little further. Download combofix from one of these two locations http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall!!
	actions · 2007-Oct-6 11:55 pm · (locked)
Frank H @pacbell.net	Frank H to Frank H Anon 2007-Oct-7 2:42 pm to Frank H Hey, CajunTek. I really appreciate your replying to my post. I did what you instructed. Here are the results from ComboFix: ComboFix 07-10-07.2 - Franean 2007-10-07 10:09:16.1 - NTFSx86 Script execution time was exceeded on script "C:\ComboFix\osid.vbs". Script execution was terminated. Running from: C:\Documents and Settings\Franean\My Documents\My Downloaded Files\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Franean\err.log C:\Documents and Settings\Franean\ResErrors.log C:\Documents and Settings\Michael\err.log C:\Documents and Settings\Michael\ResErrors.log C:\Program Files\Common Files\companion wizard C:\Program Files\Common Files\Companion Wizard\WapCHK.dll C:\Program Files\Common Files\companion wizard\WapCHK.dll C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe C:\Program Files\Windows Media Player\progycaq.html C:\Program Files\WindowsUpdate\holet4444.dll C:\temp\0b9 C:\temp\0b9\tmpTF.log C:\Temp\aZ001.exe C:\temp\iee C:\temp\iee\tmpZTF.log C:\temp\tn3 C:\UWA7P C:\WINDOWS\acdt-pid67n.exe C:\WINDOWS\Casino.ico C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe C:\WINDOWS\Free Online Dating.ico C:\WINDOWS\icroso~1.net C:\WINDOWS\icroso~1.net\??erinit.exe C:\WINDOWS\Spyware Remover.ico C:\WINDOWS\system32\alnnpobw.exe C:\WINDOWS\system32\cbgcylfi.exe C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\gdskrpra.dll C:\WINDOWS\system32\ibwwadhv.exe C:\WINDOWS\system32\jlrefhcx.exe C:\WINDOWS\system32\lwcvewip.exe C:\WINDOWS\system32\mwihwwwt.exe C:\WINDOWS\system32\nvmlnuov.exe C:\WINDOWS\system32\o02PrEz C:\WINDOWS\system32\qnasteey.exe C:\WINDOWS\system32\qtutv.bak1 C:\WINDOWS\system32\qtutv.ini C:\WINDOWS\system32\qtutv.tmp C:\WINDOWS\system32\rbrnlbhi.exe C:\WINDOWS\system32\stera.job C:\WINDOWS\system32\stera.log C:\WINDOWS\system32\tjadmpio.exe C:\WINDOWS\system32\uddclhom.exe C:\WINDOWS\system32\uhhvvbks.exe C:\WINDOWS\system32\uunxrvad.exe C:\WINDOWS\system32\vtutq.dll C:\WINDOWS\system32\wgrcnaes.dll C:\WINDOWS\system32\win C:\WINDOWS\system32\winnb58.dll C:\WINDOWS\system32\wmexwunj.exe C:\WINDOWS\system32\wtsisvcc.exe C:\WINDOWS\system32\X2 C:\WINDOWS\system32\X3 C:\WINDOWS\system32\X4 C:\WINDOWS\system32\X9 C:\WINDOWS\system32\xtcvjuwk.exe C:\WINDOWS\system32\ypywtrhf.dll C:\WINDOWS\TTC-4444.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\core -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 ))))))))))))))))))))))))))))))) . 2007-10-07 10:03 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-06 13:35 d-------- C:\VundoFix Backups 2007-10-06 13:04 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys 2007-10-06 13:04 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys 2007-10-06 12:45 4,445 --------- C:\WINDOWS\hpomdl08.dat 2007-10-06 12:45 103,168 --a------ C:\WINDOWS\hpoins08.dat 2007-10-06 11:19 1,156 --a------ C:\WINDOWS\mozver.dat 2007-10-06 10:23 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-06 10:23 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-06 10:23 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-06 10:23 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-06 10:23 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-10-06 10:23 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-06 10:23 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-10-06 10:23 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-06 10:11 1,097,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-10-06 10:05 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat 2007-10-06 10:05 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-10-06 10:04 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-10-06 10:02 d-------- C:\Program Files\Yahoo! 2007-10-06 09:57 d-------- C:\WINDOWS\Internet Logs 2007-10-06 09:04 d-------- C:\Documents and Settings\Franean\Application Data\Talkback 2007-10-05 22:07 d-------- C:\Program Files\Lavasoft 2007-10-05 22:07 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-05 22:06 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-05 21:50 d-------- C:\Program Files\MSXML 4.0 2007-10-05 21:33 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-10-05 21:33 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-10-05 21:33 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-10-05 21:33 d-------- C:\Documents and Settings\Franean\Application Data\GetRightToGo 2007-10-05 21:27 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-10-05 20:49 342 --a------ C:\WINDOWS\tsitra.exe.bin 2007-10-05 19:49 d-------- C:\WINDOWS\provisioning 2007-10-05 19:49 d-------- C:\WINDOWS\peernet 2007-10-05 19:46 d-------- C:\WINDOWS\ServicePackFiles 2007-10-05 19:37 d-------- C:\WINDOWS\EHome . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-07 10:32 13916 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-10-06 13:04 --------- d-------- C:\Documents and Settings\All Users\Application Data\HP 2007-10-05 22:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com 2007-10-05 21:30 44288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-09-06 16:14 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-08-13 18:54 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2007-08-13 18:54 156160 --a------ C:\WINDOWS\system32\msls31.dll 2007-08-13 18:45 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2007-08-13 18:44 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2007-08-13 18:39 71680 --a------ C:\WINDOWS\system32\admparse.dll 2007-08-13 18:39 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2007-08-13 18:36 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2007-08-13 18:32 45568 --a------ C:\WINDOWS\system32\mshta.exe 2007-08-13 18:01 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2006-12-02 18:05 2522 --a------ C:\Program Files\func.js 2006-11-25 00:57 482 --a------ C:\Program Files\Del.js 2005-12-15 12:03 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221B03BF-B4A0-4275-A902-3FC0709D063F}] C:\Program Files\WindowsUpdate\holet83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7FCB8A-A4C5-4E61-4F81-D837A4BF52F6}] C:\Program Files\Windows Media Player\lawunew835.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{673A1F8C-A21F-D398-4960-8C8DB923D3EF}] 2007-06-20 07:49 60928 --a------ C:\WINDOWS\System32\joqwdlp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-01-30 19:01] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-15 12:54] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-10-15 12:42] "IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2002-05-03 16:10] "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-06-02 19:18] "USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2002-08-29 05:00] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-12-09 23:33] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 15:55] "HPHmon03"="C:\WINDOWS\System32\hphmon03.exe" [2001-10-25 15:55] "OmniPage"="C:\Program Files\Caere\OmniPagePro90\opware32.exe" [1998-10-12 18:13] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-04 20:09] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-06 00:32] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomllkk] qomllkk.dll R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys R1 pwd_2K;pwd_2K;C:\WINDOWS\system32\drivers\pwd_2K.sys R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys R2 iSMBIOS;iSMBIOS;\??\C:\WINDOWS\System32\drivers\iSMBIOS.SYS R2 SIODRV;SIODRV;\??\C:\WINDOWS\System32\drivers\SIODRV.SYS R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys R3 smbusp;Intel(R) SMBus 2.0 Driver;C:\WINDOWS\system32\DRIVERS\smb.sys R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys S3 Dot4 HPH09;Dot4 HPH09;C:\WINDOWS\system32\DRIVERS\hphid409.sys S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;C:\WINDOWS\system32\DRIVERS\hphipr09.sys S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);C:\WINDOWS\system32\Drivers\hphs2k09.sys S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys S3 dump_wmimmc;dump_wmimmc;\??\C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys S3 iscFlash;iscFlash;\??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys . Contents of the 'Scheduled Tasks' folder "2002-12-23 15:48:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-07 10:43:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-07 10:47:41 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-07 10:47 . --- E O F --- Here's hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:51 AM, on 10/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\hphmon03.exe C:\Program Files\Caere\OmniPagePro90\opware32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Franean\My Documents\My Downloaded Files\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {221B03BF-B4A0-4275-A902-3FC0709D063F} - C:\Program Files\WindowsUpdate\holet83122.dll (file missing) O2 - BHO: 0 - {4E7FCB8A-A4C5-4E61-4F81-D837A4BF52F6} - C:\Program Files\Windows Media Player\lawunew835.dll (file missing) O2 - BHO: (no name) - {673A1F8C-A21F-D398-4960-8C8DB923D3EF} - C:\WINDOWS\System32\joqwdlp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - file://C:\Program Files\Roxio\VideoWaveMC\Skins\VWMC_Tutorial.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7AEEE054-65CD-4494-943A-D16774B2E919}: NameServer = 206.13.31.12,206.13.28.12 O20 - Winlogon Notify: qomllkk - qomllkk.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8135 bytes I can already see the difference!!! Frank
	actions · 2007-Oct-7 2:42 pm · (locked)
CajunTek Insane Cajun Premium Member join:2003-08-08 Arlington, TX	CajunTek Premium Member 2007-Oct-8 1:01 pm Run Hijackthis again, and select scan only, place a check next to each of these lines, close all browser windows and click on fix. O2 - BHO: (no name) - {221B03BF-B4A0-4275-A902-3FC0709D063F} - C:\Program Files\WindowsUpdate\holet83122.dll (file missing) O2 - BHO: 0 - {4E7FCB8A-A4C5-4E61-4F81-D837A4BF52F6} - C:\Program Files\Windows Media Player\lawunew835.dll (file missing) O2 - BHO: (no name) - {673A1F8C-A21F-D398-4960-8C8DB923D3EF} - C:\WINDOWS\System32\joqwdlp.dll O20 - Winlogon Notify: qomllkk - qomllkk.dll (file missing) Navigate to C:\WINDOWS\System32\ and delete joqwdlp.dll only.. reboot and post one more log..
	actions · 2007-Oct-8 1:01 pm · (locked)
Frank H @pacbell.net	Frank H to Frank H Anon 2007-Oct-9 8:58 pm to Frank H Hi, CajunTek Here's my recent hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:52:43 PM, on 10/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\hphmon03.exe C:\Program Files\Caere\OmniPagePro90\opware32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\SYSTEM32\USRshutA.exe C:\WINDOWS\SYSTEM32\USRmlnkA.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Franean\My Documents\My Downloaded Files\HiJackThis.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [IMONTRAY] "C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [USRpdA] "C:\WINDOWS\SYSTEM32\USRmlnkA.exe" RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe O4 - HKLM\..\Run: [OmniPage] "C:\Program Files\Caere\OmniPagePro90\opware32.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - file://C:\Program Files\Roxio\VideoWaveMC\Skins\VWMC_Tutorial.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191780674125 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7AEEE054-65CD-4494-943A-D16774B2E919}: NameServer = 206.13.31.12,206.13.28.12 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 8269 bytes I want to thank you again for all your help. I greatly appreciate it! Is there anything that I can do to prevent this from happening again (or minimize my exposure)? Thanks, Frank
	actions · 2007-Oct-9 8:58 pm · (locked)
CajunTek Insane Cajun Premium Member join:2003-08-08 Arlington, TX 2 recommendations	CajunTek Premium Member 2007-Oct-9 9:34 pm That looks much better!!! Oh and since you asked about prevention... well: Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and Internet Explorer. This includes SP1 and SP2 if you use Windows XP. The first defense against infection is a properly patched Operating System. Windows Update: Windows Update If you have Word, Excel, Outlook or other Office programs installed. Consider using Microsoft Update instead of Windows Update. See the FAQ page here for more information: Microsoft Update Also, download and install Microsoft Baseline Analyzer.(Note that MBSA is only for Win 2000 SP3 or later and Office XP or later) When run, it will check system for security exposures, including missing updates. I suggest running it weekly. You can obtain more information here: MS Baseline Analyzer Adjust your security settings for ActiveX: Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options) Press 'default level', then OK Now press "Custom Level." In the ActiveX controls and plug-ins section set these options: 'Download signed ActiveX controls' - Prompt 'Download unsigned ActiveX controls' - Disable 'Initialize and script ActiveX controls not maked as safe'- Disable All other options accept the default For Windows XP2 SP2 users, check this link for additional steps you can take to secure Internet Explorer: Securing IE in Windows XP SP 2 Also,for Sp2 SP2 and IE users, in IE, Tools -> Manage Add-ons will give you a list of all BHO's, Extensions, and ActiveX modules installed on your computer. You can update, enable or disable them. Download and install the following free programs SpywareBlaster IESpyad and while you are getting IEspyad you should look at Enough is Enough as well Install Spyware Detection and Removal Programs: You may also want to consider installing one (or all) of the following: Windows Defender NOTE: Windows Defender only runs on Windows 2000, XP, and 2003. Spybot S&D BOClean Use these programs to regularly scan your system for and remove many forms of spyware/malware. I recommend a combination of Windows Defender and BOClean from Comodo. Install 'Spoofstick" Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox. Reset System Restore If you are using Windows ME or Windows XP, please reset your System Restore. See Windows help for information.You should do this now Clean Temporary Files and Folders Download and install the disk cleanup utility called Cleanup! Cleanup! will get rid of any malware which may be hiding in your temp folders (a common hiding place). You may also regain a massive amount of disk space. Here is a tutorial which describes its usage: Run the disk cleanup utility called Cleanup! that you have already downloaded and installed Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin. Then reboot into normal mode to let it clean out the remaining files, I also like Ccleaner for the same purposes. If you use, or plan on using, additional spyware/malware detection and/or removal programs, please check the following two Items. Rogue/Suspect Anti-Spyware Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Anti-Spyware Programs Compared Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Alternate Browser Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser another excellent choice is Opera. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update. For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out This faq at DSLreports "In the end It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned." This is especially true of the rogue or suspect ones.. Sometimes these Eulas will even admit the badware is going to be installed.. You really should read these carefully. Good luck, and thanks for coming to our forums for help with your security and malware issues.
	actions · 2007-Oct-9 9:34 pm · (locked)
Frank H @eastbaytire.com	Frank H to Frank H Anon 2007-Oct-10 11:51 am to Frank H I appreciate your prevention tips, CajunTek! Warm regards, Frank
	actions · 2007-Oct-10 11:51 am · (locked)

Forums → The Site → Old Forums → Security Cleanup	« [Vundo] HJT LOG Slow/popups • (topic move) Cookie theif... »