My HiJackThis Log and Uninstall List [RESOLVED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

My HiJackThis Log and Uninstall List [RESOLVED]

Options

dwag182 View Member Profile	Jun 26 2007, 08:37 PM Post #1
New Member Posts: 4 OS: Windows XP SP2	Hello, I went through the malware removal steps that I was given. I believe I am still infected, as my Panda ActiveScan results told me. I have my HiJackThis log, the uninstall list, the SuperAntiSpyware scan log, and the Panda ActiveScan log all listed and indicated below. Thanks to whoever can help me out. Hopefully it's not too horrible. . .thanks a bunch in advance. HiJackThis LOG: Logfile of HijackThis v1.99.1 Scan saved at 10:27:57 PM, on 6/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Helper Class - {33161E98-0A6C-4d3c-BD62-3A7D56137F52} - C:\WINDOWS\System32\mac.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {A57135A5-BABF-4DA6-8C6C-738694B87339} - C:\WINDOWS\System32\awvtt.dll (file missing) O2 - BHO: (no name) - {D197AF0D-E422-49B5-9404-4B2A97DCBAFe} - C:\WINDOWS\System32\tiuqsfxa.dll (file missing) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182388994484 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182388984593 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: nnnoppp - nnnoppp.dll (file missing) O20 - Winlogon Notify: ssttu - C:\WINDOWS\System32\ssttu.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\krhvjgyy.exe (file missing) O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Uninstall List: Adobe Flash Player 9 ActiveX Adobe Photoshop Album Starter Edition Adobe Reader 7.0 AOL Instant Messenger AVG 7.5 AVG Anti-Spyware 7.5 Hijackthis 1.99.1 HijackThis 1.99.1 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) hp deskjet 3600 HP Deskjet Preloaded Printer Drivers HP Product Detection Intel® Extreme Graphics Driver InterVideo WinDVD Player J2SE Runtime Environment 5.0 Update 8 Java 2 Runtime Environment, SE v1.4.1_02 Java Web Start LiveUpdate 1.80 (Symantec Corporation) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft Works 7.0 NVIDIA Ethernet Driver NVIDIA Gart Driver NVIDIA Windows 2000/XP Display Drivers Panda ActiveScan Realtek AC'97 Audio RecordNow! Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Sonic Update Manager Spybot - Search & Destroy 1.4 SUPERAntiSpyware Free Edition Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 SuperAntiSpyware Scan Log: SUPERAntiSpyware Scan Log Generated 06/26/2007 at 08:23 PM Application Version : 3.6.1000 Core Rules Database Version : 3261 Trace Rules Database Version: 1272 Scan type : Complete Scan Total Scan Time : 00:54:32 Memory items scanned : 331 Memory threats detected : 1 Registry items scanned : 4974 Registry threats detected : 59 File items scanned : 51570 File threats detected : 76 Trojan.WinFixer C:\WINDOWS\SYSTEM32\AWVTT.DLL C:\WINDOWS\SYSTEM32\AWVTT.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awvtt Adware.Vundo Variant HKLM\Software\Classes\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32 HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\CSBQWDNT.DLL HKLM\Software\Classes\CLSID\{1ED7200E-DCCE-4A07-992A-4A3EC3F9F50E} HKCR\CLSID\{1ED7200E-DCCE-4A07-992A-4A3EC3F9F50E} HKCR\CLSID\{1ED7200E-DCCE-4A07-992A-4A3EC3F9F50E}\InprocServer32 HKCR\CLSID\{1ED7200E-DCCE-4A07-992A-4A3EC3F9F50E}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\SSTTU.DLL HKLM\Software\Classes\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619} HKCR\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619} HKCR\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619}\InprocServer32 HKCR\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\KSSRDIDW.DLL HKLM\Software\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32 HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\MRBKOSUM.DLL HKLM\Software\Classes\CLSID\{B9697716-61E6-4FBC-89FD-EAC504D9EFE3} HKCR\CLSID\{B9697716-61E6-4FBC-89FD-EAC504D9EFE3} HKCR\CLSID\{B9697716-61E6-4FBC-89FD-EAC504D9EFE3}\InprocServer32 HKCR\CLSID\{B9697716-61E6-4FBC-89FD-EAC504D9EFE3}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\NNNOPPP.DLL HKLM\Software\Classes\CLSID\{D651AFF4-9590-424d-BD1E-8E33E090DFB3} HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3} HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32 HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\JNOHLJBL.DLL HKLM\Software\Classes\CLSID\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A} HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A} HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32 HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\WSTBQGWT.DLL HKLM\Software\Classes\CLSID\{FD88D976-DF97-4BF0-B59E-08DC080546BC} HKCR\CLSID\{FD88D976-DF97-4BF0-B59E-08DC080546BC} HKCR\CLSID\{FD88D976-DF97-4BF0-B59E-08DC080546BC}\InprocServer32 HKCR\CLSID\{FD88D976-DF97-4BF0-B59E-08DC080546BC}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\SSQPP.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED7200E-DCCE-4A07-992A-4A3EC3F9F50E} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9697716-61E6-4FBC-89FD-EAC504D9EFE3} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{B9697716-61E6-4FBC-89FD-EAC504D9EFE3} HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{4B646AFB-9341-4330-8FD1-C32485AEE619} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} HKCR\CLSID\{B9697716-61E6-4FBC-89FD-EAC504D9EFE3} HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3} HKCR\CLSID\{E2EE5C44-C66D-499D-BEAE-A2A79189A63A} Trojan.Downloader-VR HKLM\Software\Classes\CLSID\{16946E6F-C8B7-4D66-B97D-785B7D6BF083} HKCR\CLSID\{16946E6F-C8B7-4D66-B97D-785B7D6BF083} HKCR\CLSID\{16946E6F-C8B7-4D66-B97D-785B7D6BF083}\InProcServer32 HKCR\CLSID\{16946E6F-C8B7-4D66-B97D-785B7D6BF083}\InProcServer32#ThreadingModel C:\WINDOWS\SYSTEM\BRWPTR32.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16946E6F-C8B7-4D66-B97D-785B7D6BF083} Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0} HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32 HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\FNWUTRXL.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0} C:\PROGRAM FILES\COMMON FILES\IWKK\IWKKP.EXE Trojan.GKJ HKU\S-1-5-21-3169555573-3225479264-3590867652-1003\Software\Classes\CLSID\{3E898EEA-FEFA-451b-ACF2-7561F94B1191} HKCR\CLSID\{3E898EEA-FEFA-451B-ACF2-7561F94B1191} HKCR\CLSID\{3E898EEA-FEFA-451B-ACF2-7561F94B1191}\InProcServer32 HKCR\CLSID\{3E898EEA-FEFA-451B-ACF2-7561F94B1191}\InProcServer32#ThreadingModel C:\WINDOWS\SYSTEM32\ERT.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{3E898EEA-FEFA-451b-ACF2-7561F94B1191} HKCR\CLSID\{3E898EEA-FEFA-451B-ACF2-7561F94B1191} Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt C:\Documents and Settings\Owner\Cookies\owner@counter8.sextracker[1].txt C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt C:\Documents and Settings\Owner\Cookies\owner@mtr.splash.sexsearch[1].txt C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt C:\Documents and Settings\Owner\Cookies\owner@www.dailynewmedia[2].txt C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[2].txt C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt C:\Documents and Settings\Owner\Cookies\owner@adultadworld[2].txt C:\Documents and Settings\Owner\Cookies\owner@clicksor[1].txt C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@ehg-hollywood.hitbox[1].txt C:\Documents and Settings\Owner\Cookies\owner@dailynewmedia[1].txt C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@sextracker[1].txt C:\Documents and Settings\Owner\Cookies\owner@ad.iconadserver[2].txt C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[1].txt C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt C:\Documents and Settings\Owner\Cookies\owner@wt.sexsearch[1].txt C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt C:\Documents and Settings\Owner\Cookies\owner@www.drivecleaner[1].txt C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@ehg-hollywoodmedia.hitbox[1].txt C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt Malware.DriveCleaner C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\DRVCLEANER.EXE Malware.SystemDoctor C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\SYSDOCTOR.EXE Trojan.WinAntiSpyware/WinAntiVirus 2006 C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\WINANTIVIRUSPRO2007FREEINSTALL[1].EXE Adware.Unknown Origin C:\PROGRAM FILES\COMMON FILES\IWKK\IWKKD\CLASS-BARREL C:\PROGRAM FILES\COMMON FILES\IWKK\IWKKD\VOCABULARY C:\WINDOWS\RDT.INI Trojan.Downloader-UniBBB C:\SYSTEM VOLUME INFORMATION\_RESTORE{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP292\A0392014.DLL Adware.180solutions/ZangoSearch C:\TEMP\180SAINSTALLER.EXE C:\TEMP\180SAINSTALLER2.EXE Adware.180solutions/Search Assistant C:\TEMP\SALM.EXE Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\AFFETMAM.EXE C:\WINDOWS\SYSTEM32\GQMAAAAA.EXE C:\WINDOWS\SYSTEM32\GWFOGJAG.EXE C:\WINDOWS\SYSTEM32\JBLQAAAA.EXE C:\WINDOWS\SYSTEM32\MFPFDOFJ.EXE C:\WINDOWS\SYSTEM32\SHRCHFBF.EXE Trojan.Downloader-Gen/MultiBot C:\WINDOWS\SYSTEM32\SFUDXOAE.EXE Panda ActiveScan Log: Incident Status Location Adware:adware/winprotect Not disinfected c:\windows\help\SPAlert.chm Dialer:dialer.b Not disinfected c:\windows\tmlpcert2005 Adware:adware/searchrelevancy Not disinfected c:\program files\SearchRelevant Adware:adware/cws.searchmeup Not disinfected C:\Documents and Settings\Owner\Favorites\Gambling Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\jrl.jar-186d2810-6b883168.zip[NewSecurityClassLoader.class] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fgcrnwni.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\nbtckipf.dll Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\iwkk\iwkkd\iwkkc.dll Adware:Adware/SearchRelevancy Not disinfected C:\Program Files\SearchRelevant\SearchRelevant5.dll Adware:Adware/Relevance Not disinfected C:\Program Files\SearchRelevant\uninstall.exe Adware:Adware/SearchRelevancy Not disinfected C:\temp\SearchRelevancy.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\dyddmrvd.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\eiifhclu.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\evbvdyxv.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fvnvoccu.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fwidufak.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jgvtkbvf.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jqifagon.dll Virus:Trj/Cimuz.BP Disinfected C:\WINDOWS\system32\mdhbkaaa.exe Virus:Trj/Downloader.PCQ Disinfected C:\WINDOWS\system32\mloxhtka.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mwevcqfx.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\osjmqryh.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\oyjpntiv.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rvaicrem.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\spiasjfu.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\thiwskun.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tofwnonh.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ugvwpwyb.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vtsqo.dll_tobedeleted_old_tobedeleted_old Virus:Trj/Cimuz.BP Disinfected C:\WINDOWS\system32\vxjrvppt.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xcxntekh.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xqkvicrg.dll

MoNsTeReNeRgY22 View Member Profile	Jun 26 2007, 11:13 PM Post #2
Member Posts: 2,264 From: Classified, CA OS: Windows XP Media Center Editon SP2	Hello and Welcome to Geeks to Go. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please give me some time to analyze your log, and I will post back with instructions ASAP.

MoNsTeReNeRgY22 View Member Profile	Jun 27 2007, 07:40 AM Post #3
Member Posts: 2,264 From: Classified, CA OS: Windows XP Media Center Editon SP2	Hello dwag182, 1)Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. 2)Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm 3)Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo** button" when VundoFix appears upon rebooting. Please post the following in your next reply Smitfraud Log vundofix.txt Fresh HJT Log

dwag182 View Member Profile	Jun 27 2007, 05:12 PM Post #4
New Member Posts: 4 OS: Windows XP SP2	Hey MonsterEnergy, I went through and did the three things you suggested. My logs are below. I also am having trouble getting my sound to work. I have checked cable connections, checked to see that it was not muted/volume levels, updated drivers, but that's about it. If you see anything that might be wrong in this area I'd appreciate it. Just do whatever you can though. Thanks a lot. Smitfraud Log: SmitFraudFix v2.197 Scan done at 18:57:57.42, Wed 06/27/2007 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode �� Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe �� hosts �� C:\ �� C:\WINDOWS �� C:\WINDOWS\system �� C:\WINDOWS\Web �� C:\WINDOWS\system32 �� C:\WINDOWS\system32\LogFiles �� C:\Documents and Settings\Owner �� C:\Documents and Settings\Owner\Application Data �� Start Menu �� C:\DOCUME~1\Owner\FAVORI~1 �� Desktop �� C:\Program Files �� Corrupted keys �� Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" �� Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll �� AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" �� Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" �� Rustock �� DNS Description: NVIDIA nForce MCP Networking Controller - Packet Scheduler Miniport DNS Server Search Order: 65.24.7.3 DNS Server Search Order: 65.24.7.6 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CF525B01-F62E-4535-ADD0-D41DC3B4AFF2}: DhcpNameServer=65.24.7.3 65.24.7.6 HKLM\SYSTEM\CS1\Services\Tcpip\..\{CF525B01-F62E-4535-ADD0-D41DC3B4AFF2}: DhcpNameServer=65.24.7.3 65.24.7.6 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CF525B01-F62E-4535-ADD0-D41DC3B4AFF2}: DhcpNameServer=65.24.7.3 65.24.7.6 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6 �� Scanning for wininet.dll infection �� End VundoFix Log: VundoFix V6.5.1 Checking Java version... Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Scan started at 6:59:34 PM 6/27/2007 Listing files found while scanning.... C:\windows\system32\dyddmrvd.dll C:\windows\system32\eiifhclu.dll C:\windows\system32\evbvdyxv.dll C:\windows\system32\fvbktvgj.ini C:\windows\system32\fvnvoccu.dll C:\windows\system32\fwidufak.dll C:\windows\system32\grcivkqx.ini C:\windows\system32\hyrqmjso.ini C:\windows\system32\jgvtkbvf.dll C:\windows\system32\jqifagon.dll C:\windows\system32\merciavr.ini C:\windows\system32\mwevcqfx.dll C:\windows\system32\nogafiqj.ini C:\windows\system32\osjmqryh.dll C:\windows\system32\oyjpntiv.dll C:\windows\system32\rvaicrem.dll C:\windows\system32\spiasjfu.dll C:\windows\system32\thiwskun.dll C:\windows\system32\tofwnonh.dll C:\windows\system32\ugvwpwyb.dll C:\windows\system32\ulchfiie.ini C:\windows\system32\vitnpjyo.ini C:\windows\system32\xcxntekh.dll C:\windows\system32\xqkvicrg.dll Beginning removal... Attempting to delete C:\windows\system32\dyddmrvd.dll C:\windows\system32\dyddmrvd.dll Has been deleted! Attempting to delete C:\windows\system32\eiifhclu.dll C:\windows\system32\eiifhclu.dll Has been deleted! Attempting to delete C:\windows\system32\evbvdyxv.dll C:\windows\system32\evbvdyxv.dll Has been deleted! Attempting to delete C:\windows\system32\fvbktvgj.ini C:\windows\system32\fvbktvgj.ini Has been deleted! Attempting to delete C:\windows\system32\fvnvoccu.dll C:\windows\system32\fvnvoccu.dll Has been deleted! Attempting to delete C:\windows\system32\fwidufak.dll C:\windows\system32\fwidufak.dll Has been deleted! Attempting to delete C:\windows\system32\grcivkqx.ini C:\windows\system32\grcivkqx.ini Has been deleted! Attempting to delete C:\windows\system32\hyrqmjso.ini C:\windows\system32\hyrqmjso.ini Has been deleted! Attempting to delete C:\windows\system32\jgvtkbvf.dll C:\windows\system32\jgvtkbvf.dll Has been deleted! Attempting to delete C:\windows\system32\jqifagon.dll C:\windows\system32\jqifagon.dll Has been deleted! Attempting to delete C:\windows\system32\merciavr.ini C:\windows\system32\merciavr.ini Has been deleted! Attempting to delete C:\windows\system32\mwevcqfx.dll C:\windows\system32\mwevcqfx.dll Has been deleted! Attempting to delete C:\windows\system32\nogafiqj.ini C:\windows\system32\nogafiqj.ini Has been deleted! Attempting to delete C:\windows\system32\osjmqryh.dll C:\windows\system32\osjmqryh.dll Has been deleted! Attempting to delete C:\windows\system32\oyjpntiv.dll C:\windows\system32\oyjpntiv.dll Has been deleted! Attempting to delete C:\windows\system32\rvaicrem.dll C:\windows\system32\rvaicrem.dll Has been deleted! Attempting to delete C:\windows\system32\spiasjfu.dll C:\windows\system32\spiasjfu.dll Has been deleted! Attempting to delete C:\windows\system32\thiwskun.dll C:\windows\system32\thiwskun.dll Has been deleted! Attempting to delete C:\windows\system32\tofwnonh.dll C:\windows\system32\tofwnonh.dll Has been deleted! Attempting to delete C:\windows\system32\ugvwpwyb.dll C:\windows\system32\ugvwpwyb.dll Has been deleted! Attempting to delete C:\windows\system32\ulchfiie.ini C:\windows\system32\ulchfiie.ini Has been deleted! Attempting to delete C:\windows\system32\vitnpjyo.ini C:\windows\system32\vitnpjyo.ini Has been deleted! Attempting to delete C:\windows\system32\xcxntekh.dll C:\windows\system32\xcxntekh.dll Has been deleted! Attempting to delete C:\windows\system32\xqkvicrg.dll C:\windows\system32\xqkvicrg.dll Has been deleted! Performing Repairs to the registry. Done! HiJackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 7:11:23 PM, on 6/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Helper Class - {33161E98-0A6C-4d3c-BD62-3A7D56137F52} - C:\WINDOWS\System32\mac.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {A57135A5-BABF-4DA6-8C6C-738694B87339} - C:\WINDOWS\System32\awvtt.dll (file missing) O2 - BHO: (no name) - {D197AF0D-E422-49B5-9404-4B2A97DCBAFe} - C:\WINDOWS\System32\tiuqsfxa.dll (file missing) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182388994484 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182388984593 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: nnnoppp - nnnoppp.dll (file missing) O20 - Winlogon Notify: ssttu - C:\WINDOWS\System32\ssttu.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\krhvjgyy.exe (file missing) O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks again.

MoNsTeReNeRgY22 View Member Profile	Jun 28 2007, 12:14 PM Post #5
Member Posts: 2,264 From: Classified, CA OS: Windows XP Media Center Editon SP2	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. 1)Please re-open HiJackThis and scan. Check the boxes next to all the entrie