Please help me i have a virus! [RESOLVED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

2 Pages

1 2 >

Please help me i have a virus! [RESOLVED], jkhfd.dll

Options

ludeen View Member Profile	Sep 29 2007, 03:17 AM Post #1
Member Posts: 23 From: London OS: XP	Hi, everytime I log on for the first time that day it makes my internet cookie settings to accept all and i got popups advertising things every few minutes this has happened before tooand at first it was like this then it got worse. I'm using Windows xp home edition. It all started when something self download into my temporary internet files. I couldn't delete it to i used vundo fix. it deletes everything it finds when i boot again there is loads of stuff again. I have something on my coputer called jkhfd.dll. I looked in my schedual tasks and its empty. Please help i really need to fix this.

MoNsTeReNeRgY22 View Member Profile	Sep 29 2007, 10:52 AM Post #2
Member Posts: 2,264 From: Classified, CA OS: Windows XP Media Center Editon SP2	Hello and Welcome to Geeks to Go. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Click here to download HJTInstall.exe Save HJTInstall.exe to your desktop. Double click on the HJTInstall.exe icon on your desktop. A window will pop up, and simply click Install. By default it will install to C:\Program Files\Trend Micro\HijackThis. When it is completed installing HijackThis, it will automatically launch and you will be presented with the License Agreement. Click on the I Accept button. Now please close the HJT window. I need you to rename Hijackthis because I suspect that you may have the Vundo infection that can hide some entries in your log. Please go to the folder where you saved Hijackthis.exe: < C:\Program Files\Trend Micro\HijackThis > Right-click on it, then select Rename. Please rename it to energy.exe Then double-click energy.exe to scan and then post the new logfile. This post has been edited by MoNsTeReNeRgY22: Sep 29 2007, 10:57 AM

ludeen View Member Profile	Sep 29 2007, 10:58 AM Post #3
Member Posts: 23 From: London OS: XP	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57, on 2007-09-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ntl\ntl Netguard\fws.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\ntl\ntl Netguard\RPS.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\MSN Messenger\livecall.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe O4 - HKLM\..\Run: [RDDV Agent] C:\WINDOWS\system32\28463\RDDV.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\ntl\ntl Netguard\IdxClnR.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\ntl\ntl Netguard\IdxClnR.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8295 bytes

ludeen View Member Profile	Sep 29 2007, 11:03 AM Post #4
Member Posts: 23 From: London OS: XP	Thanks for replying ive ust done another one and have renamed the thing to energy.exe Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02, on 2007-09-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ntl\ntl Netguard\fws.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\ntl\ntl Netguard\RPS.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\MSN Messenger\livecall.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\energy.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {22AE85DD-6D8A-4E87-A547-2AE4EB110EC7} - C:\WINDOWS\SYSTEM32\JKKLM.DLL O2 - BHO: (no name) - {3D409759-543B-4A30-82D9-FBD9F8E1E6A2} - C:\WINDOWS\system32\jkklm.dll O2 - BHO: (no name) - {495A4538-D754-4E9D-9FE7-92E007076CDB} - C:\WINDOWS\SYSTEM32\JKKLM.DLL O2 - BHO: (no name) - {609057A7-D37D-42B7-BD21-19743B14BE93} - (no file) O2 - BHO: (no name) - {74E03BEE-C635-42E6-B1B7-5E38BC4C4137} - (no file) O2 - BHO: (no name) - {7AEA7079-CB16-4530-9805-4476E7D17256} - (no file) O2 - BHO: (no name) - {839AA837-00F0-4F71-BDE5-1FA48CAC6861} - (no file) O2 - BHO: (no name) - {C886AD00-B008-4614-8417-B0A4F3B0D269} - (no file) O2 - BHO: (no name) - {FA2E4D00-10B9-4E5D-869C-2B7A295AB4C7} - (no file) O3 - Toolbar: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe O4 - HKLM\..\Run: [RDDV Agent] C:\WINDOWS\system32\28463\RDDV.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\ntl\ntl Netguard\IdxClnR.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\ntl\ntl Netguard\IdxClnR.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: nnnlihf - C:\WINDOWS\SYSTEM32\nnnlihf.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 9054 bytes

MoNsTeReNeRgY22 View Member Profile	Sep 29 2007, 11:08 AM Post #5
Member Posts: 2,264 From: Classified, CA OS: Windows XP Media Center Editon SP2	Hi ludeen, Step 1 Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\WINDOWS\system32\28463\RDDV.exe Click on the submit button Please post the results of the scan in your next reply. If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/ Step 2 Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

ludeen View Member Profile	Sep 29 2007, 11:21 AM Post #6
Member Posts: 23 From: London OS: XP	hi again On jotti it said: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file On the other one it said file path doesnt exist. On vundofix i found: in system 32 jkklm.dll -after reboot mlkkj.bak1 - deleted straight away mlkkj.ini -after reboot

ludeen View Member Profile	Sep 29 2007, 11:23 AM Post #7
Member Posts: 23 From: London OS: XP	VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Scan started at 11:04:16 2007-09-29 Listing files found while scanning.... C:\WINDOWS\system32\qagstsky.ini C:\WINDOWS\system32\ykstsgaq.dll VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Scan started at 11:10:14 2007-09-29 Listing files found while scanning.... C:\WINDOWS\system32\qagstsky.ini C:\WINDOWS\system32\ykstsgaq.dll VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Scan started at 11:26:27 2007-09-29 Listing files found while scanning.... C:\WINDOWS\system32\qagstsky.ini C:\WINDOWS\system32\ykstsgaq.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\qagstsky.ini C:\WINDOWS\system32\qagstsky.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ykstsgaq.dll C:\WINDOWS\system32\ykstsgaq.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ykstsgaq.dll C:\WINDOWS\system32\ykstsgaq.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Scan started at 17:24:37 2007-09-29 Listing files found while scanning.... No infected files were found. VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Scan started at 17:35:26 2007-09-29 Listing files found while scanning.... No infected files were found. VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.5 Old versions of java are exploitable and should be removed. Scan started at 18:05:20 2007-09-29 Listing files found while scanning.... C:\windows\system32\jkklm.dll C:\windows\system32\mlkkj.bak1 C:\windows\system32\mlkkj.ini Beginning removal... Attempting to delete C:\windows\system32\jkklm.dll C:\windows\system32\jkklm.dll Could not be deleted. Attempting to delete C:\windows\system32\mlkkj.bak1 C:\windows\system32\mlkkj.bak1 Has been deleted! Attempting to delete C:\windows\system32\mlkkj.ini C:\windows\system32\mlkkj.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\jkklm.dll C:\windows\system32\jkklm.dll Has been deleted! Attempting to delete C:\windows\system32\mlkkj.ini C:\windows\system32\mlkkj.ini Has been deleted! Performing Repairs to the registry. Done!

MoNsTeReNeRgY22 View Member Profile	Sep 29 2007, 11:39 AM Post #8
Member Posts: 2,264 From: Classified, CA OS: Windows XP Media Center Editon SP2	Hello, Download Deckard's System Scanner (DSS) to your Desktop. Close all applications and windows. Double-click on DSS.exe to run it, and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus) ================================================================ Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 2 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2...allows end-users to run Java applications". Click the "Download" button to the right. Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version. This post has been edited by MoNsTeReNeRgY22: Sep 29 2007, 11:40 AM

ludeen View Member Profile	Sep 29 2007, 11:45 AM Post #9
Member Posts: 23 From: London OS: XP	This is the main Deckard's System Scanner v20070905.67 Run by obedullah on 2007-09-29 18:41:24 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2007-09-29 17:41:29 UTC - RP14 - Deckard's System Scanner Restore Point 1: 2007-09-29 16:56:24 UTC - RP13 - Removed SUPERAntiSpyware Professional Backed up registry hives. Performed disk cleanup. -- HijackThis (run as obedullah.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:41, on 2007-09-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ntl\ntl Netguard\fws.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\ntl\ntl Netguard\RPS.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\MSN Messenger\livecall.exe C:\Documents and Settings\obedullah\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\obedullah.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {22AE85DD-6D8A-4E87-A547-2AE4EB110EC7} - (no file) O2 - BHO: (no name) - {495A4538-D754-4E9D-9FE7-92E007076CDB} - (no file) O2 - BHO: (no name) - {609057A7-D37D-42B7-BD21-19743B14BE93} - (no file) O2 - BHO: (no name) - {74E03BEE-C635-42E6-B1B7-5E38BC4C4137} - (no file) O2 - BHO: (no name) - {7AEA7079-CB16-4530-9805-4476E7D17256} - (no file) O2 - BHO: (no name) - {839AA837-00F0-4F71-BDE5-1FA48CAC6861} - (no file) O2 - BHO: (no name) - {C886AD00-B008-4614-8417-B0A4F3B0D269} - (no file) O2 - BHO: (no name) - {FA2E4D00-10B9-4E5D-869C-2B7A295AB4C7} - (no file) O3 - Toolbar: PBUKV2 - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe O4 - HKLM\..\Run: [RDDV Agent] C:\WINDOWS\system32\28463\RDDV.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\ntl\ntl Netguard\IdxClnR.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\ntl\ntl Netguard\IdxClnR.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: nnnlihf - C:\WINDOWS\SYSTEM32\nnnlihf.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 8927 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 FreeTdi (Radialpoint Filter) - c:\windows\system32\drivers\freetdi.sys <Not Verified; Radialpoint Inc.; Radialpoint> S3 BTCAMDRV (Mobiola Web Camera driver) - c:\windows\system32\drivers\btcamdrv.sys (file missing) S3 catchme - c:\docume~1\obedul~1\locals~1\temp\catchme.sys (file missing) S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module> R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module> R2 CyberLink Media Library Service - "c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server> R2 FWS (Radialpoint Service) - c:\program files\ntl\ntl netguard\fws.exe <Not Verified; Radialpoint Inc.; Radialpoint Security Services 5.2.0> R2 GenericHidService (Generic Service for HID Keyboard Input Collections) - c:\apps\hidservice\hidservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2007-08-29 and 2007-09-29 ----------------------------- 2007-09-29 17:56:53 0 d-------- C:\Program Files\Trend Micro 2007-09-29 17:43:12 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-09-29 17:43:12 0 d-------- C:\Documents and Settings\obedullah\Application Data\SUPERAntiSpyware.com 2007-09-29 11:21:51 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-09-29 11:04:16 0 d-------- C:\VundoFix Backups 2007-09-29 09:55:39 2923 --a------ C:\WINDOWS\system32\fpjeocrl.dll 2007-09-29 09:54:51 6496 ---hs---- C:\WINDOWS\system32\dfhkj.ini2 2007-09-29 09:39:21 84032 --a------ C:\WINDOWS\system32\dsmfpjja.dll 2007-09-28 17:54:20 25088 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-09-28 17:37:35 85056 --a------ C:\WINDOWS\system32\tdvbjbud.dll 2007-09-28 17:30:21 6454 ---hs---- C:\WINDOWS\system32\bccdd.bak1 2007-09-28 17:05:00 0 dr-h----- C:\Documents and Settings\obedullah\Recent 2007-09-27 18:25:35 0 d-------- C:\Program Files\Common Files\Java 2007-09-27 17:22:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions 2007-09-27 16:43:23 7365 ---hs---- C:\WINDOWS\system32\vycdd.ini2 2007-09-27 08:50:32 6454 ---hs---- C:\WINDOWS\system32\vycdd.bak1 2007-09-27 08:50:23 0 d-------- C:\Documents and Settings\hayatullah\Application Data\AdobeUM 2007-09-27 08:48:17 0 d-------- C:\Documents and Settings\hayatullah\Application Data\Adobe 2007-09-26 20:42:45 6414 ---hs---- C:\WINDOWS\system32\hgjlm.bak1 2007-09-26 19:56:30 84032 --a------ C:\WINDOWS\system32\cbgpbniq.dll 2007-09-26 19:41:22 6414 ---hs---- C:\WINDOWS\system32\hhkmp.bak1 2007-09-26 18:23:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-09-26 18:05:24 3526 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-26 18:05:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-09-26 18:05:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-09-26 18:05:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-26 17:42:52 6414 ---hs---- C:\WINDOWS\system32\vyadd.bak1 2007-09-26 17:37:20 35328 --a------ C:\WINDOWS\system32\nnnlihf.dll 2007-09-24 21:19:34 0 d---s---- C:\Documents and Settings\saida\UserData 2007-09-24 20:45:04 0 d-------- C:\Documents and Settings\saida\Application Data\Help 2007-09-24 20:42:39 0 d-------- C:\Documents and Settings\saida\Application Data\Template 2007-09-23 19:36:57 0 d--h----- C:\WINDOWS\PIF 2007-09-23 11:15:14 0 d-------- C:\Documents and Settings\lida\Application Data\Sonic 2007-09-23 11:13:30 0 d-------- C:\Documents and Settings\lida\Application Data\Leadertech 2007-09-23 11:06:34 0 d-------- C:\Documents and Settings\lida\Incomplete 2007-09-23 11:06:24 0 d-------- C:\Documents and Settings\lida\Application Data\LimeWire 2007-09-16 12:04:34 0 d-------- C:\Documents and Settings\hayatullah\Shared 2007-09-16 12:04:33 0 d-------- C:\Documents and Settings\hayatullah\Incomplete 2007-09-16 12:04:26 0 d-------- C:\Documents and Settings\hayatullah\Application Data\LimeWire 2007-09-16 11:44:38 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat 2007-09-04 09:53:49 0 d-------- C:\.jagex_cache_32 -- Find3M Report --------------------------------------------------------------- 2007-09-29 17:56:47 0 d-------- C:\Program Files\Common Files 2007-09-29 17:38:11 0 d-------- C:\Program Files\Common Files\Command Software 2007-09-28 21:00:54 0 d-------- C:\Program Files\MSN Messenger 2007-09-28 20:54:35 0 d-------- C:\Program Files\DivX 2007-09-27 18:27:26 0 d-------- C:\Program Files\Java 2007-09-26 17:36:42 0 d-------- C:\Program Files\Common Files\PestPatrol 2007-09-23 19:39:16 0 d-------- C:\Program Files\Common Files\Adobe 2007-09-23 19:18:12 0 dr-h----- C:\Documents and Settings\obedullah\Application Data\yahoo! 2007-09-22 09:49:27 0 d-------- C:\Documents and Settings\obedullah\Application Data\Adobe 2007-09-21 17:01:38 104028 --a------ C:\WINDOWS\hpoins04.dat 2007-09-13 18:15:22 0 d-------- C:\Documents and Settings\obedullah\Application Data\LimeWire 2007-08-23 12:06:49 0 d-------- C:\Documents and Settings\obedullah\Application Data\AVS4YOU 2007-08-23 11:55:11 0 d-------- C:\Documents and Settings\obedullah\Application Data\GetRightToGo 2007-08-23 11:55:06 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2007-08-13 17:48:37 0 d-------- C:\Program Files\HP 2007-08-11 13:39:37 0 d-------- C:\Program Files\Yahoo! 2007-08-10 11:31:16 0 d-------- C:\Program Files\AOL 9.0 2007-07-29 13:27:35 0 d-------- C:\Documents and Settings\obedullah\Application Data\Viewpoint 2007-07-25 14:35:53 1024 --a------ C:\WINDOWS\system32\vcache.dat 2007-07-13 13:36:20 8414900 --a------ C:\back_up.reg -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22AE85DD-6D8A-4E87-A547-2AE4EB110EC7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{495A4538-D754-4E9D-9FE7-92E007076CDB}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{609057A7-D37D-42B7-BD21-19743B14BE93}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74E03BEE-C635-42E6-B1B7-5E38BC4C4137}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AEA7079-CB16-4530-9805-4476E7D17256}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{839AA837-00F0-4F71-BDE5-1FA48CAC6861}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C886AD00-B008-4614-8417-B0A4F3B0D269}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA2E4D00-10B9-4E5D-869C-2B7A295AB4C7}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}"= C:\WINDOWS\system32\pbukv2.dll [2004-03-17 12:32 820736] [-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}] [HKEY_CLASSES_ROOT\pbukv2.PBUKV2] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 C:\WINDOWS\SOUNDMAN.EXE] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 11:10] "ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [2005-07-05 15:31] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "ClickMe"="C:\apps\ClickMe\ClickMe.exe" [2004-02-23 17:58] "RDDV Agent"="C:\WINDOWS\system32\28463\RDDV.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-07 06:05] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-07 06:10] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-07-13 15:41] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 16:17] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-07-21 20:20] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "IndexCleaner"="C:\Program Files\ntl\ntl Netguard\IdxClnR.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "IndexCleaner"="C:\Program Files\ntl\ntl Netguard\IdxClnR.exe" C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-13 16:17:36] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-13 15:41:28] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{8CEFE835-8EBF-420F-AFA2-807008E32917}"= C:\WINDOWS\SYSTEM32\NNNLIHF.DLL [2007-09-26 17:37 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlihf] nnnlihf.dll 2007-09-26 17:37 35328 C:\WINDOWS\system32\nnnlihf.dll -- End of Deckard's System Scanner: finished at 2007-09-29 18:43:51 ------------ And this is the extra

ludeen

Sep 29 2007, 11:46 AM

Post #10

Member

Posts: 23
From: London
OS: XP

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3400+
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 959.36 MiB / 564.98 MiB
Pagefile Memory (total/avail): 2312.41 MiB / 2003.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 180.29 GiB total, 170.96 GiB free.
D: is Fixed (FAT) - 0.01 GiB total, 0.01 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3200826A - 186.31 GiB - 3 partitions
\PARTITION0 - Unknown - 6.01 GiB
\PARTITION1 (bootable) - Installable File System - 180.29 GiB - C:
\PARTITION2 - Win95 w/Extended Int 13 - 7.84 MiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: ntl Netguard Firewall v5.2.0 (Ntl)
FW: Norton Internet Security v2005 (Symantec Corporation)
AV: ntl Netguard Anti-virus v5.2.0 (Ntl)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\obedullah\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=048359620127
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\obedullah
LOGONSERVER=\48359620127
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OBEDUL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\OBEDUL~1\LOCALS~1\Temp
USERDOMAIN=048359620127
USERNAME=obedullah
USERPROFILE=C:\Documents and Settings\obedullah
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

hayatullah (admin)
saida
obedullah (admin)
Hamida
lida (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
--> c:\apps\skype\phone\unins000.exe
--> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
--> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
--> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
--> C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Learn2.com\StRunner\stuninst.exe
--> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
--> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
--> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0