Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
2 Pages V   1 2 >  
 Closed TopicStart new topic
Windows blank screen. No display at all. [RESOLVED], Earlier scans indicated system affected by Trojan.Vundo.DNZ and traces
ManishKR
post Feb 29 2008, 04:14 AM
Post #1


Member
**
Posts: 18
OS: Windows XP Professional SP2
Hi,


About a week back, my system's McAfee Virus-Scan kept displaying a message every 10 seconds saying that Trojan Vundo had been detected. I downloaded and installed BitDefender Trial version and ran it. It told me that my system affected by Virtumonde (mostly registry entries) and cleared them off. But then when my system restarted, it became very slow. I then downloaded and installed Spybot Search & Destroy 1.5.2 and ran that. It found 3 instances of Trojan.Vundo.DZN and cleared them (or so it showed). But the system was still running slow. Atleast now the Virus Scan did not pop up with the Vundo warning. So I downloaded VundoFix and ran that. It again found 3 files and then i selected Remove Vundo. And then I got the biggest shock till now. My system now starts up and gets onto the log on page and then i put in my username and password and then all i see is a blue screen with the pointer in the middle of the screen but NOTHING ELSE!! And my system starts up fine in Safe Mode and i've run VundoFix in Safe Mode to check whether Trojan Vundo is still there or not but it comes clean. Spybot also comes clean in Safe Mode. But I cannot start my system in normal boot up. Can you please help me get my desktop back at least?? I'm really really worried now that I might have to reinstall the OS. BTW, i've downloaded and kept HiJackThis and ComboFix ready in my USB Memory Drive for use whenever you suggest.

Please suggest what to do now. sad.gif

Warm Regards,
Manish.



Edited at 7:49 P.M. 29/02/08


I ran ComboFix and HiJackThis after that and the logs are posted below. Hope this gives you a better idea of what i'm dealing with here and suggest steps to fix the problem.


ComboFix

ComboFix 08-02-25.3 - jll2 2008-02-29 19:35:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.330 [GMT 5.5:30]
Running from: C:\Documents and Settings\jll2\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bbrpijie.ini
C:\WINDOWS\system32\cjlpgrin.dll
C:\WINDOWS\system32\Config.ini
C:\WINDOWS\system32\hoyrsnvi.ini
C:\WINDOWS\system32\kmqhwcie.ini
C:\WINDOWS\system32\nirgpljc.ini
C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-28 15:39 . 2008-02-29 11:41 <DIR> d-------- C:\VundoFix Backups
2008-02-25 12:45 . 2008-02-29 11:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-25 12:45 . 2008-02-29 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 17:04 . 2008-02-29 13:13 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-23 15:43 . 2008-02-23 15:43 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\BitDefender
2008-02-23 15:35 . 2008-02-23 15:39 <DIR> d-------- C:\Program Files\BitDefender
2008-02-23 15:35 . 2008-02-23 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-23 15:30 . 2008-02-23 15:39 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-21 21:45 . 2008-02-21 21:51 <DIR> d-------- C:\Temp
2008-02-21 21:44 . 2008-02-21 21:44 <DIR> d-------- C:\Program Files\Xilisoft
2008-02-21 11:07 . 2008-02-21 11:07 <DIR> d-------- C:\WINDOWS\system32\%%DATA_DIR%%
2008-02-20 15:42 . 2008-02-20 15:42 <DIR> d-------- C:\Program Files\Unity
2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\Program Files\SamsonSoft
2008-02-19 22:38 . 2008-02-19 22:39 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-19 22:33 . 2008-02-19 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zabersoft
2008-02-19 20:33 . 2008-02-19 20:33 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Media Player Classic
2008-02-19 20:26 . 2008-02-19 20:28 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-19 19:37 . 2008-02-22 13:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-19 19:37 . 2008-02-19 19:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-19 19:11 . 2008-02-19 19:11 1,212 --a------ C:\WINDOWS\ST6UNST.000
2008-02-19 18:54 . 2008-02-19 18:54 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2008-02-19 18:11 . 2008-02-19 18:11 <DIR> d-------- C:\Program Files\StumbleUpon
2008-02-19 18:11 . 2008-02-28 12:06 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\StumbleUpon
2008-02-19 15:03 . 2007-12-07 07:51 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-19 15:03 . 2007-07-01 09:01 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-19 15:03 . 2007-07-01 09:06 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-19 15:03 . 2007-12-07 07:51 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-19 15:03 . 2007-12-07 07:51 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-19 15:03 . 2007-12-07 07:51 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-19 15:03 . 2007-12-07 07:51 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-19 15:03 . 2007-12-07 07:51 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-19 15:03 . 2007-12-06 16:30 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-19 14:52 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-19 14:07 . 2008-02-19 14:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-19 13:50 . 2006-08-21 14:44 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-19 13:50 . 2006-08-21 14:44 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-19 13:50 . 2006-08-21 17:51 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-19 11:30 . 2007-07-09 18:39 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-19 11:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-19 11:00 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-18 12:47 . 2004-08-04 13:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-18 12:46 . 2008-02-18 12:46 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-18 12:46 . 2008-02-18 12:46 <DIR> d-------- C:\WINDOWS\peernet
2008-02-18 12:42 . 2008-02-18 12:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-18 12:31 . 2008-02-18 12:31 <DIR> d-------- C:\WINDOWS\EHome
2008-02-16 15:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-02-16 15:32 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-02-16 15:32 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-02-16 15:32 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-02-13 11:23 . 2005-10-21 03:50 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-02-13 10:00 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-13 09:35 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-13 09:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-13 09:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-13 09:35 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-09 19:31 . 2008-02-19 10:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-02-09 19:28 . 2008-02-09 19:31 <DIR> d-------- C:\Program Files\Winamp
2008-02-09 19:28 . 2008-02-09 19:34 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Winamp
2008-02-08 19:39 . 2007-04-24 11:33 100,488 -ra------ C:\WINDOWS\system32\drivers\s125mgmt.sys
2008-02-08 19:39 . 2007-04-24 11:33 98,696 -ra------ C:\WINDOWS\system32\drivers\s125obex.sys
2008-02-08 19:38 . 2008-02-08 19:39 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Teleca
2008-02-08 19:38 . 2007-04-24 11:33 108,680 -ra------ C:\WINDOWS\system32\drivers\s125mdm.sys
2008-02-08 19:38 . 2007-04-24 11:33 83,336 -ra------ C:\WINDOWS\system32\drivers\s125bus.sys
2008-02-08 19:38 . 2007-04-24 11:33 15,112 -ra------ C:\WINDOWS\system32\drivers\s125mdfl.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125whnt.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125wh.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cmnt.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cm.sys
2008-02-08 19:36 . 2008-02-08 19:37 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-02-08 19:35 . 2008-02-08 19:36 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Sony Ericsson
2008-02-08 19:34 . 2008-02-08 19:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-08 19:33 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-08 19:33 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-07 18:24 . 2008-02-07 18:24 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-02-07 11:29 . 2008-02-15 13:43 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\AdobeUM
2008-02-02 11:36 . 2008-02-22 11:50 <DIR> d--hs---- C:\Documents and Settings\jll2\UserData
2008-02-02 10:40 . 2008-02-02 10:40 125 --a------ C:\WINDOWS\IEPatchUninstall.BAK
2008-02-02 10:33 . 2008-02-02 10:33 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 13:46 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-19 13:46 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-19 08:43 --------- d-----w C:\Program Files\Microsoft Works
2008-02-07 12:54 --------- d-----w C:\Program Files\Dell
2008-02-02 06:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-01-28 04:31 --------- d-----w C:\Documents and Settings\jll2\Application Data\Yahoo!
2008-01-25 10:19 --------- d-----w C:\Program Files\FriendFinder
2008-01-25 10:10 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-01-24 05:58 --------- d-----w C:\Documents and Settings\jll1\Application Data\ICAClient
2008-01-22 07:25 --------- d-----w C:\Documents and Settings\jll1\Application Data\AdobeUM
2008-01-09 11:53 --------- d-----w C:\Documents and Settings\jll1\Application Data\Yahoo!
2008-01-09 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-09 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-07 12:11 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-01-03 03:46 --------- d-----w C:\Program Files\NETWORK ASSOCIATES
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b72f00b-45fc-4645-9e9f-e0b8eb578d7c}]
C:\WINDOWS\system32\ibhcxxto.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85429961-D537-4B19-8FDA-F284548CC281}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{5093EB4C-3E93-40AB-9266-B607BA87BDC8}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-02-13 07:55 1587512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-04-05 18:52 94208]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-04-05 18:49 77824]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 17:30 94208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 12:12 1404928]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-25 12:10 360448]
"QuickTime Task"="C:\Program Files\Apple\QuickTime\qttask.exe" [2004-04-30 09:37 98304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 04:24 37376]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2007-03-22 19:17 98656]
"Persistence"="C:\WINDOWS\System32\igfxpers.exe" [2005-04-05 18:53 114688]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 17:09 59392]
"McAfeeUpdaterUI"="C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" [2005-08-31 16:50 139320]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2007-04-02 21:42 17248]
"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2007-04-19 14:00 125792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 11:01 208952]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 14:00 25440]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2007-03-22 19:17 66400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-01-25 15:40]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:26]
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 17:41]
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-16 14:12]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d640950b-d621-11dc-a36d-00142237fd9f}]
\Shell\Auto\command - E:\tomskype.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tomskype.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 19:30:30 C:\WINDOWS\Tasks\Defrag (Desktop) .....job"
- C:\WINDOWS\system32\defrag.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 19:39:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-02-29 19:41:58 - machine was rebooted [jll2]
ComboFix-quarantined-files.txt 2008-02-29 14:11:55
.
2008-02-22 07:26:38 --- E O F ---



HijackThis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:26 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://delphi.ap.joneslanglasalle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.4.69:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*.ap.jllnet.com;*.ap.joneslanglasalle.com;ipmpwt.joneslanglasalle.com;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c7d875be-8b0e-f9e9-5464-cf54b00f27b0} - {0b72f00b-45fc-4645-9e9f-e0b8eb578d7c} - C:\WINDOWS\system32\ibhcxxto.dll (file missing)
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - C:\WINDOWS\system32\ddayx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BGInfo.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office11\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://delphi.ap.joneslanglasalle.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) - http://ausyd077.ap.jllnet.com/WebsiteViewe...bsiteViewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://delphi.ap.joneslanglasalle.com/Dashboard/msddsc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203315985171
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://webdesk.ap.joneslanglasalle.com/web...en/CSGProxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82E01BD-02A1-4161-BE6A-289E4F4D1D94}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8702 bytes

Thats about it. Can anyone please tell me what I need to do so that my system starts working on normal startup and I get something apart from the blue screen with the pointer in the middle once i login? Am currently working in Safe Mode and it works fine, but thats not what i want! sad.gif



Edited at 2:49 P.M. 01/03/08

smile.gif PROGRESS AT LAST smile.gif

After posting the above yesterday, I ran the Recovery Console and ran a repair. Once the repair was complete I restarted the system in normal mode and was happy to note that I was able to see my normal desktop and today morning again the system logged onto the normal desktop but the system is still very slow. Opening IE takes an enternity, and everything else is very slow. I've downloaded the below softwares and have got them ready on my USB Memory Drive in case I need to use them to fix my system completely. Please help me get my system back to normal.

dss.exe
registryboosteraff.exe
SDFix.exe
SUPERAntiSpyware.exe
OTMoveIt2.exe
SmitfraudFix.exe
ATF-Cleaner.exe

Thank you,
Warm Regards,
Manish.


This post has been edited by ManishKR: Mar 1 2008, 03:27 AM
Go to the top of the page
 
+Quote Post
Rorschach112
post Mar 3 2008, 10:32 AM
Post #2


GeekU Teacher
Group Icon
Posts: 21,845
From: Dublin
OS: XP
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to the top of the page
 
+Quote Post
ManishKR
post Mar 4 2008, 01:11 AM
Post #3


Member
**
Posts: 18
OS: Windows XP Professional SP2
Hi Rorschach112,

Thank you for taking out some of your valuable time to help me out. Apologies for being impatient. I had run DSS before your suggestion and have got the resultant files attached. Also run SDFix and then Sophos Antivirus and have also got its log file attached. I've also run VirtumundoBeGone and the resultant file is attached as well.

Sorry if i've run ahead of you and done something wrong. confused1.gif Please do let me know how to proceed. My system is still quite slow. Have done a defrag of the HDD and its got 48% free space. helpsmilie.gif

Thank you,
Warm Regards,
Manish.

This post has been edited by ManishKR: Mar 4 2008, 01:17 AM
Attached File(s)
Attached File  main.txt ( 23.63K ) Number of downloads: 3
Attached File  moved.txt ( 2.34K ) Number of downloads: 3
Attached File  extra.txt ( 13.37K ) Number of downloads: 7
Attached File  SophosReport.txt ( 5.74K ) Number of downloads: 9
Attached File  VBG.TXT ( 1.59K ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
Rorschach112
post Mar 4 2008, 06:44 AM
Post #4


GeekU Teacher
Group Icon
Posts: 21,845
From: Dublin
OS: XP
Can you post the DSS logs and not attach them

Also post the SDFix report if you have it
Go to the top of the page
 
+Quote Post
ManishKR
post Mar 4 2008, 08:17 AM
Post #5


Member
**
Posts: 18
OS: Windows XP Professional SP2
Hi ,


Please find the logs below.

Main.txt

Deckard's System Scanner v20071014.68
Run by jll2 on 2008-03-03 20:05:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-03-03 14:35:45 UTC - RP387 - Deckard's System Scanner Restore Point
79: 2008-03-03 14:16:48 UTC - RP386 - Uniblue RegistryBooster
78: 2008-03-02 14:00:47 UTC - RP385 - System Checkpoint
77: 2008-03-01 12:26:23 UTC - RP384 - Installed SUPERAntiSpyware Free Edition
76: 2008-03-01 06:05:42 UTC - RP383 - System Checkpoint


-- First Restore Point --
1: 2008-02-21 16:03:55 UTC - RP308 - Installed Windows XP KB896428.


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 85% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as jll2.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:54 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\DOCUME~1\jll2\LOCALS~1\Temp\Rar$EX03.109\Uniblue_Registry_Booster_v2.0.1114.3657\Crack\register.exe
C:\Documents and Settings\jll2\Desktop\dss.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jll2.exe
C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\McScript_InUse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://delphi.ap.joneslanglasalle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.4.69:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*.ap.jllnet.com;*.ap.joneslanglasalle.com;ipmpwt.joneslanglasalle.com;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c7d875be-8b0e-f9e9-5464-cf54b00f27b0} - {0b72f00b-45fc-4645-9e9f-e0b8eb578d7c} - C:\WINDOWS\system32\ibhcxxto.dll (file missing)
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: BGInfo.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office11\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://delphi.ap.joneslanglasalle.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) - http://ausyd077.ap.jllnet.com/WebsiteViewe...bsiteViewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://delphi.ap.joneslanglasalle.com/Dashboard/msddsc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203315985171
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://webdesk.ap.joneslanglasalle.com/web...en/CSGProxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82E01BD-02A1-4161-BE6A-289E4F4D1D94}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CS4\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxxwxv - C:\WINDOWS\
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10886 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080229-194651-190 O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - C:\WINDOWS\system32\ddayx.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R4 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-27 01:00:30 278 --a------ C:\WINDOWS\Tasks\Defrag (Desktop) .....job


-- Files created between 2008-02-03 and 2008-03-03 -----------------------------

2008-03-03 19:22:22 0 d-------- C:\Documents and Settings\jll2\Application Data\Uniblue
2008-03-03 19:04:39 0 d-------- C:\Program Files\Uniblue
2008-03-03 15:09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 15:09:32 0 d-------- C:\Documents and Settings\jll2\Application Data\Mozilla
2008-03-03 14:05:06 3503 --a------ C:\Start_.cmd
2008-03-03 14:01:46 0 d-------- C:\327882R2FWJFW
2008-03-01 17:59:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-01 17:56:54 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-01 17:56:54 0 d-------- C:\Documents and Settings\jll2\Application Data\SUPERAntiSpyware.com
2008-02-29 19:45:02 0 d-------- C:\Program Files\Trend Micro
2008-02-29 17:15:58 0 d-------- C:\cmdcons
2008-02-29 17:14:38 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-29 17:14:38 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-29 17:14:38 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-29 17:14:38 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-28 15:39:37 0 d-------- C:\VundoFix Backups
2008-02-25 12:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 15:43:10 0 d-------- C:\Documents and Settings\jll2\Application Data\BitDefender
2008-02-23 15:35:51 0 d-------- C:\Program Files\BitDefender
2008-02-23 15:35:51