Problem With Vundo and others possibly [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Problem With Vundo and others possibly [RESOLVED]

Options

m8edy View Member Profile	Jul 13 2007, 09:05 PM Post #1
Member Posts: 13 OS: Windows XP SP2	hey ive followed the list of things to do before posting and here are my logs from the whole process. AVG Spyware: i couldnt do an AVG scan in safe mode because my PC wouldnt start up in safe mode. so i did a scan after loading windows but it didnt generate a log for some reason. SUPERAntiSpyware Home Edition: SUPERAntiSpyware Scan Log Generated 07/13/2007 at 11:29 AM Application Version : 3.6.1000 Core Rules Database Version : 3190 Trace Rules Database Version: 1200 Scan type : Complete Scan Total Scan Time : 02:58:35 Memory items scanned : 495 Memory threats detected : 1 Registry items scanned : 6748 Registry threats detected : 6 File items scanned : 137742 File threats detected : 1 Adware.Vundo Variant C:\WINDOWS\SYSTEM32\MLJGD.DLL C:\WINDOWS\SYSTEM32\MLJGD.DLL HKLM\Software\Classes\CLSID\{CD5ECF32-3048-4B8B-94DA-0B473F009BD1} HKCR\CLSID\{CD5ECF32-3048-4B8B-94DA-0B473F009BD1} HKCR\CLSID\{CD5ECF32-3048-4B8B-94DA-0B473F009BD1}\InprocServer32 HKCR\CLSID\{CD5ECF32-3048-4B8B-94DA-0B473F009BD1}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD5ECF32-3048-4B8B-94DA-0B473F009BD1} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgd Panda Software active Scan: Incident Status Location Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\znl9n4pq.default\cookies.txt[.atwola.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\znl9n4pq.default\cookies.txt[.did-it.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\znl9n4pq.default\cookies.txt[.xiti.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\znl9n4pq.default\cookies.txt[systemdoctor.com/] Virus:Generic Malware Disinfected C:\Documents and Settings\Owner\My Documents\msnpolygamy-universal.zip[msn_messenger_polygamy_5.exe] Virus:Generic Malware Disinfected C:\Documents and Settings\Owner\My Documents\msnpolygamy-universalpatch(www.mess.be).zip[msn_messenger_polygamy_5.exe] Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\auspwmeo.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jxryjudy.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\psstioto.dll Adware:Adware/Lop Not disinfected M:\k drive\WarezP2P.exe[7k43.exe] Spyware:Spyware/Hyperbar Not disinfected M:\k drive\WarezP2P.exe[NavHelperInner.msi][unk_0016][HyperbarSS3.dll] Spyware:Spyware/Hyperbar Not disinfected M:\k drive\WarezP2P.exe[NavHelperInner.msi][unk_0016][Hyperbar.dll] Spyware:Spyware/New.net Not disinfected M:\k drive\WarezP2P.exe[NNWARZ3_88.exe] Adware:Adware/Lop Not disinfected M:\k drive\Download\WarezP2P.exe[7k43.exe] Spyware:Spyware/Hyperbar Not disinfected M:\k drive\Download\WarezP2P.exe[NavHelperInner.msi][unk_0016][HyperbarSS3.dll] Spyware:Spyware/Hyperbar Not disinfected M:\k drive\Download\WarezP2P.exe[NavHelperInner.msi][unk_0016][Hyperbar.dll] Spyware:Spyware/New.net Not disinfected M:\k drive\Download\WarezP2P.exe[NNWARZ3_88.exe] Virus:Generic Malware Disinfected N:\My Documents\msnpolygamy-universal.zip[msn_messenger_polygamy_5.exe] Virus:Generic Malware Disinfected N:\My Documents\msnpolygamy-universalpatch(www.mess.be).zip[msn_messenger_polygamy_5.exe] Virus:Trj/Clicker.ABJ Not disinfected N:\Microsoft.Office.Pro.2007.TimeStop.Activation.Crack[MS.Activator.nGen.DYNAM CS]\msop07_tsa.exe[post ext sp6.exe] HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 03:47:41, on 14/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.le.ac.uk/sm/le/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/itunes/download/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C5FCE753-7E3E-414C-815E-86AF82D8817A} - C:\WINDOWS\system32\cbxyyyx.dll (file missing) O2 - BHO: (no name) - {CD5ECF32-3048-4B8B-94DA-0B473F009BD1} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0A795B8E-126A-46EF-8631-73571C2E1A85}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A795B8E-126A-46EF-8631-73571C2E1A85}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0A795B8E-126A-46EF-8631-73571C2E1A85}: NameServer = 192.168.2.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: cbxyyyx - cbxyyyx.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uxljvstc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe HijackThis Uninstall Log:* Ad-Aware 2007 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Audition 2.0 Adobe Bridge 1.0 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Common File Installer Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Center 2.0 Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop CS3 Adobe Reader 6.0 Adobe Setup Adobe Setup Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AIM 6 Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 5.5 ArcSoft ShowBiz 2 ATI Control Panel ATI Display Driver AVG Anti-Spyware 7.5 AVG Free Edition Belkin 54g USB Network Adapter Belkin Bluetooth Software Canon MP Navigator 3.0 Canon MP600 Canon MP600 User Registration Canon Utilities Easy-PhotoPrint CD-LabelPrint DivX DivX Player DVD Shrink 3.2 Easy Internet Sign-up Easy-WebPrint ffdshow (remove only) Google Talk (remove only) Hijackthis 1.99.1 HijackThis 1.99.1 HP Deskjet Preloaded Printer Drivers HP Photo & Imaging 3.1 HP Photo and Imaging 2.0 - Photosmart Cameras HP PSC & OfficeJet 3.0 HP Software Update HPIZ311 Intel® Extreme Graphics Driver InterVideo WinDVD Player iPod for Windows 2006-03-23 iTunes Java 2 Runtime Environment, SE v1.4.2 KBD Magic ISO Maker v5.3 (build 0221) Memories Disc Creator 2.0 Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft ActiveSync 3.8 Microsoft AutoRoute v11.0 Microsoft Encarta Encyclopedia Standard - WE 2004 Microsoft Money Microsoft Money System Pack Microsoft Office Professional Edition 2003 Microsoft Picture It! Photo Standard 9 Microsoft Works 2004 Setup Launcher Mozilla Firefox (2.0.0.4) MSXML 4.0 SP2 (KB927978) Multimedia Card Reader Nero 7 Ultra Edition NVIDIA GART Driver Panda ActiveScan PC-Doctor for Windows PDF Settings Photosmart 140,240,7200,7600,7700,7900 Series PS2 Python 2.2 combined Win32 extensions Python 2.2.1 QuickTime RealPlayer RecordNow! SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio Samsung PC Studio 3 USB Driver Installer ScanSoft OmniPage SE 4.0 Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Shockwave Sonic Update Manager Spybot - Search & Destroy 1.4 SUPERAntiSpyware Free Edition Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB936357) ViaMichelin Navigation X-930 Viewpoint Media Player Vodafone 804SS USB driver Software Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Media Format Runtime Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver WinZip XviD MPEG-4 Video Codec Yahoo! Messenger My windows is totally up to date, and i have been running AVG antivirus for a very long time and it is regularly updated on a daily basis. I am also running Ad-Aware 2007 Pro. Please could you help me with this problem, as the problem seems to just keep coming back . Thankyou in advance and i hope to hear from you soon. m8edy

Essexboy View Member Profile	Jul 17 2007, 02:32 PM Post #2
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hi there sorry for the delay, OK lets get off to a flying start then Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Logs required are Combofix and Hijackthis

m8edy View Member Profile	Jul 17 2007, 03:17 PM Post #3
Member Posts: 13 OS: Windows XP SP2	hey ok ive done as you asked and here are the two logs you requested: Combofix log: "Owner" - 2007-07-17 21:47:28 - ComboFix 07-07-13.8 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\auspwmeo.dll C:\WINDOWS\system32\jxryjudy.dll C:\WINDOWS\system32\psstioto.dll C:\WINDOWS\system32\oemwpsua.ini C:\WINDOWS\system32\ydujyrxj.ini C:\WINDOWS\system32\otoitssp.ini C:\WINDOWS\system32\dgjlm.bak1 C:\WINDOWS\system32\dgjlm.bak2 C:\WINDOWS\system32\dgjlm.ini C:\WINDOWS\system32\dgjlm.ini2 C:\WINDOWS\system32\dgjlm.tmp C:\WINDOWS\system32\dgjlm.bak1 C:\WINDOWS\system32\dgjlm.bak2 C:\WINDOWS\system32\dgjlm.ini C:\WINDOWS\system32\dgjlm.ini2 C:\WINDOWS\system32\dgjlm.tmp * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 ))))))))))))))))))))))))))))))) 2007-07-17 21:43 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-15 10:21 <DIR> d-------- C:\Program Files\Microsoft AutoRoute 2007-07-15 10:10 <DIR> d-------- C:\Program Files\Microsoft Works 2007-07-14 00:54 8,576 --a------ C:\WINDOWS\system32\drivers\nwnrmhgthyco.sys 2007-07-14 00:46 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-07-13 08:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-07-13 08:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com 2007-07-13 08:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-07-13 05:49 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-13 05:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-07-13 05:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-07-13 05:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic 2007-07-13 05:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView 2007-07-13 05:43 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-13 02:39 <DIR> d-------- C:\Program Files\iTunes 2007-07-12 22:44 66,580 --a------ C:\WINDOWS\system32\rbxeiyjn.dll 2007-07-11 22:41 66,580 --a------ C:\WINDOWS\system32\vwsjvrrr.dll 2007-07-11 21:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-07-11 21:10 66,580 --a------ C:\WINDOWS\system32\dhiamwpr.dll 2007-07-09 05:23 <DIR> d-------- C:\Program Files\XviD 2007-07-09 05:22 <DIR> d-------- C:\Program Files\DivX 2007-07-09 05:21 <DIR> d-------- C:\Program Files\ffdshow 2007-07-08 21:35 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Motive 2007-07-04 03:47 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\acccore 2007-07-04 02:59 104,064 -ra------ C:\WINDOWS\system32\drivers\wceusbsh.sys 2007-07-04 02:04 <DIR> d-------- C:\Program Files\AvantGo Connect 2007-07-04 02:02 77,899 --a------ C:\WINDOWS\system32\rapi.dll 2007-07-04 02:02 65,615 --a------ C:\WINDOWS\system32\pmailext.dll 2007-07-04 02:02 65,613 --a------ C:\WINDOWS\system32\ppvexp.dll 2007-07-04 02:02 57,423 --a------ C:\WINDOWS\system32\MsgStRPC.dll 2007-07-04 02:02 36,942 --a------ C:\WINDOWS\system32\ppcload.dll 2007-07-04 02:02 24,653 --a------ C:\WINDOWS\system32\ceutil.dll 2007-07-04 02:02 24,652 --a------ C:\WINDOWS\system32\uicom.dll 2007-07-04 02:02 114,688 --a------ C:\WINDOWS\system32\malslib.dll 2007-07-04 00:21 <DIR> d-------- C:\Program Files\ViaMichelin 2007-07-03 23:44 1,156 --a------ C:\WINDOWS\mozver.dat 2007-07-03 22:05 <DIR> d-------- C:\DOCUME~1\Owner\Shared 2007-07-03 21:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems 2007-07-03 21:22 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-07-03 20:50 <DIR> d-------- C:\Program Files\Bonjour 2007-07-03 20:21 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-07-03 19:14 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-07-03 04:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-07-03 04:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet 2007-07-03 02:15 <DIR> d-------- C:\Program Files\DVD Shrink 2007-07-03 02:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink 2007-07-03 00:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP 2007-07-03 00:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL 2007-07-03 00:34 <DIR> d-------- C:\Program Files\Viewpoint 2007-07-03 00:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 2007-07-03 00:33 <DIR> d-------- C:\Program Files\Common Files\AOL 2007-07-03 00:32 <DIR> d-------- C:\Program Files\AIM6 2007-07-03 00:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads 2007-07-03 00:04 <DIR> d-------- C:\Program Files\Google 2007-07-03 00:01 <DIR> d-------- C:\Program Files\Yahoo! 2007-07-02 23:21 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-07-02 23:21 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-07-02 23:21 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-07-02 22:40 335 --a------ C:\WINDOWS\nsreg.dat 2007-07-02 22:13 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Samsung 2007-07-02 21:39 <DIR> d-------- C:\Program Files\Lavasoft 2007-07-02 21:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-02 21:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-02 21:09 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-07-02 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage 2007-07-02 20:27 <DIR> d---s---- C:\DOCUME~1\Owner\UserData 2007-07-02 19:43 <DIR> d-------- C:\Program Files\MagicISO 2007-07-02 19:26 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-07-02 19:25 <DIR> d-------- C:\Program Files\Real 2007-07-02 19:25 <DIR> d-------- C:\Program Files\Common Files\Real 2007-07-02 19:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Real 2007-07-02 19:22 <DIR> d-------- C:\My Downloads 2007-07-02 19:16 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR 2007-07-02 17:33 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent 2007-07-02 17:03 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead 2007-07-02 17:01 <DIR> d-------- C:\Program Files\Nero 2007-07-02 17:01 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-02 17:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero 2007-07-02 15:51 <DIR> d-------- C:\DOCUME~1\Guest\Bluetooth Software 2007-07-02 15:51 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Apple Computer 2007-07-02 15:50 1,048,576 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT 2007-07-02 15:50 <DIR> d-------- C:\DOCUME~1\Guest\WINDOWS 2007-07-02 15:50 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Symantec 2007-07-02 15:50 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Sonic 2007-07-02 15:50 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\SampleView 2007-07-02 14:17 86,016 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-07-02 14:17 853,088 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2007-07-02 14:17 81,920 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2007-07-02 14:17 620,032 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-07-02 14:17 4,595,712 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-07-02 14:17 376,832 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-07-02 14:17 374,784 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-07-02 14:17 34,816 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-07-02 14:17 28,672 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2007-07-02 14:17 249 --a------ C:\WINDOWS\system\hpsysdrv.dat 2007-07-02 14:17 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll 2007-07-02 14:17 229,376 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-07-02 14:17 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-07-02 14:17 110,592 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-07-02 14:17 1,164,032 --a------ C:\WINDOWS\system32\ati3duag.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-03 23:20:51 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-02 19:49:16 -------- d-----w C:\Program Files\Messenger 2007-07-02 07:06:13 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-07-02 06:32:16 -------- d-----w C:\Program Files\Easy Internet signup 2007-07-02 06:30:03 4,148 --sha-r C:\WINDOWS\system32\drivers\HP_DW227A-ABU t430.uk_YC_Pavi_QCZB405_E41GBheBLF3_4_IMS-6575_SMICRO-STAR INTERNATIONAL CO., LTD_V3.10_B3.06_T031016_WXH1_L409_M1280_J41_7Intel_8Celeron_92.7_110397007_N1039 900_P_Z14F12F00_K_A10397012_U10397001_G10025964_O.MRK 2007-07-02 06:27:36 -------- d-----w C:\Program Files\Common Files\InterVideo 2007-07-02 06:27:31 -------- d-----w C:\Program Files\InterVideo 2007-07-02 05:02:25 -------- d-----w C:\Program Files\Movie Maker 2007-07-02 05:00:54 -------- d-----w C:\Program Files\Windows NT 2007-06-04 14:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 14:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 14:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-05-15 08:47 50376 --a------ C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] 2006-04-18 19:04 34304 --a------ C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD5ECF32-3048-4B8B-94DA-0B473F009BD1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23] "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01] "nwiz"="nwiz.exe" [2003-08-19 03:56 C:\WINDOWS\system32\nwiz.exe] "VTTimer"="VTTimer.exe" [] "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 00:24 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-01 21:00] "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-07-02 06:36] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE] "Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-07-02 21:37] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RecordNow!"="" [] "NVIEW"="nview.dll,nViewLoadHook" [] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-07-02 08:45] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04] "Aim6"="" [] "Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe" [2003-01-01 12:06] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-14 05:38] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\DOCUME~1\Owner\Desktop\DVDTHI~1\DVDREG~1\DVDShell.dll" [2003-08-26 11:58] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL --a------ 2007-07-14 05:38 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyyyx] cbxyyyx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ Contents of the 'Scheduled Tasks' folder 2007-07-02 06:32:16 C:\WINDOWS\tasks\Easy Internet Sign-up.job ************************************************************************ catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-17 22:08:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Completion time: 2007-07-17 22:12:57 C:\ComboFix-quarantined-files.txt ... 2007-07-17 22:12 --- E O F --- HijackThis Log:** Logfile of HijackThis v1.99.1 Scan saved at 22:14:36, on 17/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\explorer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.le.ac.uk/sm/le/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/itunes/download/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {CD5ECF32-3048-4B8B-94DA-0B473F009BD1} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0A795B8E-126A-46EF-8631-73571C2E1A85}: NameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A795B8E-126A-46EF-8631-73571C2E1A85}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0A795B8E-126A-46EF-8631-73571C2E1A85}: NameServer = 192.168.2.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: cbxyyyx - cbxyyyx.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe I hope this is of use to you, thankyou for your help! m8edy

Essexboy View Member Profile	Jul 17 2007, 03:35 PM Post #4
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	And moving swiftly along as you are doing so well While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. FIRST Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {CD5ECF32-3048-4B8B-94DA-0B473F009BD1} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O20 - Winlogon Notify: cbxyyyx - cbxyyyx.dll (file missing) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. NOW to kill the files Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\drivers\nwnrmhgthyco.sys C:\WINDOWS\system32\rbxeiyjn.dll C:\WINDOWS\system32\vwsjvrrr.dll C:\WINDOWS\system32\dhiamwpr.dll Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new Hijack log. Close OTMoveIt If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. TIME to get the remnants Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop. Close ALL OTHER PROGRAMS. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Under Additional Scans click the checkboxes in front of the following items to select them: Reg - Uninstall List Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts. Logs required are OTMoveit and Winpfind

Essexboy View Member Profile	Jul 17 2007, 04:00 PM Post #6
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hi m8edy could I have the rest of the log please QUOTE after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

m8edy View Member Profile	Jul 17 2007, 04:09 PM Post #9
Member Posts: 13 OS: Windows XP SP2	Thats everything! Hope it helps m8edy

Essexboy View Member Profile	Jul 17 2007, 04:17 PM Post #10
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Error This post has been edited by Essexboy: Jul 17 2007, 04:17 PM

Essexboy View Member Profile	Jul 17 2007, 04:27 PM Post #11
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Looking better now Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. QUOTE [Files/Folders - Created Within 30 days] NY -> sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm NY -> sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm NY -> sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm NY -> sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm NY -> sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm NY -> sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm NY -> 002224_.tmp -> %SystemRoot%2224_.tmp NY -> cpmjssat.ini -> %System32%\cpmjssat.ini NY -> gqovtsmk.ini -> %System32%\gqovtsmk.ini NY -> ieencode.dll -> %System32%\ieencode.dll NY -> lbvbeqlb.ini -> %System32%\lbvbeqlb.ini NY -> lccsfghm.ini -> %System32%\lccsfghm.ini NY -> oakbigxo.ini -> %System32%\oakbigxo.ini NY -> rmyyagnu.ini -> %System32%\rmyyagnu.ini NY -> rpepjhcn.ini -> %System32%\rpepjhcn.ini NY -> sbnxlpfi.ini -> %System32%\sbnxlpfi.ini NY -> uxefnpkm.ini -> %System32%\uxefnpkm.ini NY -> yppsuolm.ini -> %System32%\yppsuolm.ini NY -> yxjbaxur.ini -> %System32%\yxjbaxur.ini [Files/Folders - Modified Within 30 days] NY -> bmpdovog.ini -> %System32%\bmpdovog.ini NY -> cpmjssat.ini -> %System32%\cpmjssat.ini NY -> gqovtsmk.ini -> %System32%\gqovtsmk.ini NY -> lbvbeqlb.ini -> %System32%\lbvbeqlb.ini NY -> lccsfghm.ini -> %System32%\lccsfghm.ini NY -> oakbigxo.ini -> %System32%\oakbigxo.ini NY -> rmyyagnu.ini -> %System32%\rmyyagnu.ini NY -> rpepjhcn.ini -> %System32%\rpepjhcn.ini NY -> sbnxlpfi.ini -> %System32%\sbnxlpfi.ini NY -> yppsuolm.ini -> %System32%\yppsuolm.ini NY -> yxjbaxur.ini -> %System32%\yxjbaxur.ini The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan. I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. Now run Superantispyware On the first page select Check for Updates On completion select SCAN YOUR COMPUTER On the next page select COMPLETE SCAN and tick ALL your drives The next stage will take a while as your entire drive(s), memory and registry are scanned When it has completed click NEXT The next screen shows the problems found click OK On the next screen place a tick against all items and select NEXT Now to get the log Go to the PREFERENCES button on the right bottom Select the STATISTICS/LOG tab Highlight the scan just completed and click VIEW LOG This will open a notepad text file copy and paste this to your next reply

m8edy View Member Profile	Jul 18 2007, 08:38 PM Post #12
Member Posts: 13 OS: Windows XP SP2	Sorry about the delay, i will explain later. Requested Logs: Winpfind 3 Fix Log: [Files/Folders - Created Within 30 days] C:\sqmdata00.sqm moved successfully. C:\sqmdata01.sqm moved successfully. C:\sqmdata02.sqm moved successfully. C:\sqmnoopt00.sqm moved successfully. C:\sqmnoopt01.sqm moved successfully. C:\sqmnoopt02.sqm moved successfully. File C:\WINDOWS2224_.tmp not found! C:\WINDOWS\SYSTEM32\cpmjssat.ini moved successfully. C:\WINDOWS\SYSTEM32\gqovtsmk.ini moved successfully. C:\WINDOWS\SYSTEM32\ieencode.dll moved successfully. C:\WINDOWS\SYSTEM32\lbvbeqlb.ini moved successfully. C:\WINDOWS\SYSTEM32\lccsfghm.ini moved successfully. C:\WINDOWS\SYSTEM32\oakbigxo.ini moved successfully. C:\WINDOWS\SYSTEM32\rmyyagnu.ini moved successfully. C:\WINDOWS\SYSTEM32\rpepjhcn.ini moved successfully. C:\WINDOWS\SYSTEM32\sbnxlpfi.ini moved successfully. C:\WINDOWS\SYSTEM32\uxefnpkm.ini moved successfully. C:\WINDOWS\SYSTEM32\yppsuolm.ini moved successfully. C:\WINDOWS\SYSTEM32\yxjbaxur.ini moved successfully. [Files/Folders - Modified Within 30 days] C:\WINDOWS\SYSTEM32\bmpdovog.ini moved successfully. File C:\WINDOWS\SYSTEM32\cpmjssat.ini not found! File C:\WINDOWS\SYSTEM32\gqovtsmk.ini not found! File C:\WINDOWS\SYSTEM32\lbvbeqlb.ini not found! File C:\WINDOWS\SYSTEM32\lccsfghm.ini not found! File C:\WINDOWS\SYSTEM32\oakbigxo.ini not found! File C:\WINDOWS\SYSTEM32\rmyyagnu.ini not found! File C:\WINDOWS\SYSTEM32\rpepjhcn.ini not found! File C:\WINDOWS\SYSTEM32\sbnxlpfi.ini not found! File C:\WINDOWS\SYSTEM32\yppsuolm.ini not found! File C:\WINDOWS\SYSTEM32\yxjbaxur.ini not found! < End of log > Created on 07/18/2007 08:48:53 This post has been edited by m8edy: Jul 18 2007, 08:40 PM

m8edy View Member Profile	Jul 18 2007, 08:49 PM Post #15
Member Posts: 13 OS: Windows XP SP2	SuperAntispyware Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/19/2007 at 03:24 AM Application Version : 3.9.1008 Core Rules Database Version : 3270 Trace Rules Database Version: 1281 Scan type : Complete Scan Total Scan Time : 16:43:22 Memory items scanned : 508 Memory threats detected : 0 Registry items scanned : 7056 Registry threats detected : 0 File items scanned : 140018 File threats detected : 15 Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt C:\Documents and Settings\Owner\Cookies\owner@ads.aol.co[2].txt C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt C:\Documents and Settings\Owner\Cookies\owner@a[1].txt C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt C:\Documents and Settings\Owner\Cookies\owner@html[1].txt C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt Adware.Vundo Variant C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AUSPWMEO.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JXRYJUDY.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PSSTIOTO.DLL.VIR i am very sorry about the delay in posting these logs, but as you can see the SUperantispyware log took a lot longer than expected. the reason being that the superantispyware scan kept finding exceptions of some kind at certain parts of the registry scan i think, at which point it would stop and ask me whether i wanted to cancel the scan, try again, or continue. this happened about 4 or 5 times i think. generally im not having any other problems with my pc. the initial problem was that i was getting annoting popups about 'debt management' and other virus software like 'winantivirus' and such like. these pop ups have now, to my knowledge, stopped. although the scans above are still finding malware on my pc from what my untrained eye can see. i shall leave this in your trusted hands. thankyou very much for all your help. m8edy

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Trojan Bagel and others possibly-RESOLVED BY USER EOM [RESOLVED]	1 / 428	11th November 2005 - 01:39 AM crybaby started - last by OwNt
Virus, Spyware and Trojan Removal Problem with Virtumonde and Win32.WinFixer [RESOLVED]	7 / 911	15th September 2007 - 10:32 AM TaterState started - last by MoNsTeReNeRgY22
Virus, Spyware and Trojan Removal Problem with Vundo and Outerinfo [CLOSED]	4 / 406	3rd January 2008 - 09:25 AM Biggee163 started - last by RatHat
Virus, Spyware and Trojan Removal Problem with Vundo and Trojan-Downloader.Delf [RESOLVED]	9 / 741	14th July 2008 - 04:28 PM NegativeZero started - last by Rorschach112